On Thu, Mar 19, 2020 at 1:02 AM Matt Palmer via dev-security-policy < [email protected]> wrote:
> Since I started requesting revocation for certificates with > known-compromised private keys, I've noticed a rather disturbing pattern > emerging in a few cases: > > 1. I find a private key on the Internet. > > 2. I request revocation from the CA on the basis that the private key is > compromised, and provide suitable evidence thereof. > > 3. The certificate is revoked. > > 4. Some time later, I discover that a new certificate, using the same > private key, has been issued by the same CA. (Mad props to CT!) > > 5. "Da wah?!?" I say, and scurry off to the BRs and Mozilla Root Store > Policy, only to find that there doesn't appear to be anything explicitly > covering this rather disconcerting situation. > > So, I'm asking the combined wisdom of this esteemed community the following > questions: > > 1. *Are* there explicit prohibitions on issuing a certificate for a private > key which has been previously submitted *to that CA* as compromised > (assuming, of course, that the prior submission was valid), and I'm just > not good at finding said prohibitions? No. We bandied about changes during the revisions to 4.9.1.1, using the exact scenario you described, but given that some negligent and irresponsible CAs kept agitating to reduce revocation requirements than protect users, the ballot was kept simple. 2. If there are not explicit prohibitions already in place, *should* there > be? If so, should it be a BR thing, or a Policy thing? > https://github.com/cabforum/documents/issues/171 is filed to explicitly track this. That said, I worry the same set of negligent and irresponsible CAs will try to advocate for more CA discretion when revocation, such as allowing the CA to avoid revoking when they’ve mislead the community as to what they do (CP/CPS violations) or demonstrated gross incompetence (such as easily detected spelling issues in jurisdiction information). I would hope no CA would be so irresponsible as to try to bring that up during such a discussion. > 3. Can a CA be deemed to have "obtained evidence" of key compromise prior > to > the issuance of a certificate, via a previously-submitted key compromise > problem report for the same private key? If so, it would seem that, > even > if the issuance of the certificate is OK, it is a failure-to-revoke > incident if the cert doesn't get revoked within 24 hours... Correct, that was indeed the previous conclusion around this. The CA can issue, but then are obligated to revoke within 24 hours. There’s not a statute of limitation on “obtains evidence” here, precisely because it could allow a host of shenanigans, such as CAs arguing the require per-cert evidence rather than systemic demonstrations. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
