Thank you for the clarification. This would appear to introduce a new requirement for clients verifying SCTs from CT2: a get-proof-by-hash call to the log server (or a mirror) is now required to know if a SCT from before May 2 is valid. Do CT-enforcing clients do this in practice today? (I suspect the answer is "no" but don't know off the top of my head)
Alex On Sun, May 3, 2020 at 6:27 PM Jeremy Rowley <jeremy.row...@digicert.com> wrote: > They would already appear in a previous tree where the head was signed by > us. > > > > *From:* Alex Cohn <a...@alexcohn.com> > *Sent:* Sunday, May 3, 2020 5:22 PM > *To:* Jeremy Rowley <jeremy.row...@digicert.com> > *Cc:* Mozilla <mozilla-dev-security-pol...@lists.mozilla.org> > *Subject:* Re: CT2 log signing key compromise > > > > The timestamp on a SCT is fully controlled by the signer, so why should > SCTs bearing a timestamp before May 2 still be considered trusted? > > > > Alex > > > > On Sun, May 3, 2020 at 6:19 PM Jeremy Rowley via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > Hey all, > > The key used to sign SCTs for the CT2 log was compromised yesterday at 7pm > through the Salt root bug. The remaining logs remain uncompromised and run > on separate infrastructure. We discovered the compromise today and are > working to turn that log into read only mode so that no new SCTs are > issued. We doubt the key was used to sign anything as you'd need to know > the CT build to do so. However, as a precaution, we ask that you consider > all SCTs invalid if the SCT was issued from CT2 after 7pm MST on May 2nd . > Please let me know what questions you have. > > Jeremy > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy