Hi Oscar! I checked ~10 certificates issued by TWCA at crt.sh and the serial numbers all do have the same onset (“47:e5:00:00:00:04”) but these are followed by 64 random bits. Therefore, I would say, this is not a mis-issuance.
/Rufus From: [email protected] <[email protected]> On Behalf Of Oscar Koeroo Sent: Monday, 1 November 2021 22:28 To: Ben Wilson <[email protected]> Cc: Ryan Sleevi <[email protected]>; [email protected] Subject: Re: Policy unclear for CA "TWCA Secure SSL Certification Authority" Hello Ben, I've filled the bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1738778<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid%3D1738778&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406778258%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=pbmlqa2mdizkp2Zi4vPBlTVb8%2BAD3Pm2caVxeAc6Yig%3D&reserved=0> While filling in the forum I noticed the first numbers in the serial being very much overlapping. As far as I understand the policy on serial numbers, these must be have sufficient entropy. This does not show this feature: 95559031384477521445258106110945506283 95559031384477517871019103745820225456 --- kkday.com --- Subject: CN=*.kkday.com,OU=IT Dept.,O=KKDAY.COM INTERNATIONAL COMPANY LIMITED (TAIWAN),L=Taipei,ST=Taiwan,C=TW Issuer: CN=TWCA Secure SSL Certification Authority,OU=Secure SSL Sub-CA,O=TAIWAN-CA,C=TW Serial number: 95559031384477521445258106110945506283 OID 1.3.6.1.4.1.40869.1.1.25 not found in db No OID found for DV, OV, EV, IV, QWAC --- ettoday.net --- Subject: CN=*.ettoday.net,OU=RD,O=ET New Media Holding Co.\, Ltd.,L=Taipei,ST=Taiwan,C=TW Issuer: CN=TWCA Secure SSL Certification Authority,OU=Secure SSL Sub-CA,O=TAIWAN-CA,C=TW Serial number: 95559031384477517871019103745820225456 OID 1.3.6.1.4.1.40869.1.1.25 not found in db No OID found for DV, OV, EV, IV, QWAC Would this qualify as another issue to report? kind regards, Oscar Koeroo On 01/11/2021 21:33, Ben Wilson wrote: Hi Oscar, It would be very helpful if you filed a Bugzilla bug here - https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA+Certificate+Compliance<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.mozilla.org%2Fenter_bug.cgi%3Fproduct%3DNSS%26component%3DCA%2BCertificate%2BCompliance&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406788215%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rvf5CO4TD1RazKgLTcZU84nvgsu79N3VE1a3Hz1C60Q%3D&reserved=0>. In the Summary field, start the subject with "TWCA: [a brief title for the violation]" Then, in the Description/Comment field, explain your findings. Alternatively, you can post your findings here, and I will open the Bug in Bugzilla for you. Thanks, Ben Wilson On Mon, Nov 1, 2021 at 2:15 PM Oscar Koeroo <[email protected]<mailto:[email protected]>> wrote: Ryan and Ben, Thank you for your thorough analyses in your replies. How do I best proceed into filing a complaint on the found and confirmed non-compliance to the baseline requirements? On 01/11/2021 18:21, Ryan Sleevi wrote: Oscar: The likely reason for your scans is the result of CA/Browser Forum Ballot SC31, https://cabforum.org/2020/07/16/ballot-sc31-browser-alignment/<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2F2020%2F07%2F16%2Fballot-sc31-browser-alignment%2F&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406788215%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rW5fiqGePKJ%2FIswz4QwUd2vc4V7yLXeKnYxzWuYyGEw%3D&reserved=0> , which was adopted as part of BRs v1.7.1. Effective 2020-09-30, all Subscriber certificates MUST include a CA/Browser Forum Reserved Policy OID (see Section 1.2.2 for the effective dates, referencing Section 7.1.6.4). Given that the majority of certificates have been issued since then, this would likely explain your scan. Prior to this, in BRs 1.7.0, Section 7.1.6.4 permitted CAs to use EITHER a CA/Browser Forum reserved OID OR a CA-specified OID in their CP/CPS. Understandably, this makes it difficult-to-impossible for relying parties to have interoperable confidence, hence the changes in 1.7.1 that aligned with existing browser requirements. In particular, prior to BRs 1.7.1, Microsoft had this as a requirement in their root program, at https://aka.ms/rootcert. Thus, to answer your question regarding https://crt.sh/?id=2884243786<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fid%3D2884243786&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406798172%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=vzyf2fu3pgrMD2zujn0rYpZ9rNi2lzT188Sszn1R7oc%3D&reserved=0> 1. If before 2020-09-30, and it contains id-kp-serverAuth and lacks a CA/BF OID a. It was in violation of Microsoft's root program requirements. b. If you cannot discover in the CP/CPS in effect at the time of issuance that the CA affirmatively states this OID complies to the BRs or EVGs, then it was in violation of the Baseline Requirements 2. If on-or-after 2020-09-30, and it contains id-kp-serverAuth and lacks a CA/BF OID, it is in violation of the Baseline Requirements Hope that helps clarify. The CP/CPS disclosed in CCADB is https://www.twca.com.tw/picture/file/05271722-TWCAGLOBALCPSV13EN.pdf<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.twca.com.tw%2Fpicture%2Ffile%2F05271722-TWCAGLOBALCPSV13EN.pdf&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406798172%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=j%2FcsPjWpl6lk7fFHhTMQn52h5MFVTQ%2BP67e%2F09NkzyA%3D&reserved=0> , which would appear out of compliance with Mozilla's Root Store Policy (Specifically, Policy 3.3(4) ). It's unclear if Mozilla relies on CCADB disclosures to achieve that requirement, although https://www.twca.com.tw/repository<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.twca.com.tw%2Frepository&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406798172%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=DzY1Re41YUVc2Q4h1F4OF1Vrt4%2FiZ0pshBLcqis%2Frgw%3D&reserved=0> links to 11061501-TWCAGLOBALCPSV13EN.pdf as their most recent CPS (which would also be out of compliance, as best I can tell). I double checked the CCADB disclosures for the Root, https://crt.sh/?id=8559119<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fid%3D8559119&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406808126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=COelHUtpKhbKmxUc2auCFjR1DWdCeShwfxmeBOiF6Js%3D&reserved=0> , and while they _also_ list different versions and URLs compared to https://www.twca.com.tw/repository<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.twca.com.tw%2Frepository&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406808126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2FliKUy%2BWVVPh18ugBv4xEEOMqmnMSpsg6QY9RNrFMkg%3D&reserved=0>, they also appear to be out of compliance. Ignoring this failure to update issue for a second, as Ben has highlighted, 1.3.6.1.4.1.40869.1.1.25 is disclosed as a "Device Certificate". It's unclear if TWCA is asserting this policy OID complies with the Baseline Requirements, given they also list AATL-related certificates ( 1.3.6.1.4.1.40869.1.1.26 ), and presumably the latter do not comply to the Baseline Requirements. Thus, it's entirely possible that this certificate is misissued. Hopefully the above steps allow you to reproduce the investigation and reach your own determination, based on the available facts. On Mon, Nov 1, 2021 at 10:56 AM Ben Wilson <[email protected]<mailto:[email protected]>> wrote: One of their CPSes says that Policy OID is for a "Device Certificate" (Assurance Level 2), which is separate than a TLS server certificate with an OID of 1.3.6.1.4.1.40869.1.1.21 (Assurance Level 3), both are very similar, but I don't know what the distinction is between the two types. On Mon, Nov 1, 2021 at 7:39 AM Oscar Koeroo <[email protected]<mailto:[email protected]>> wrote: Hello, I've been doing some scanning on a few million pages and consistently see the policy OIDs for DV, IV, OV, QWAC in the scopes of ETSI, CA/B or others. The certificate found on the site "https://ettoday.net<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fettoday.net%2F&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406818084%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=YKl0%2FZqAUsfeDYV%2BLDTXrnS0Jwam%2FlFBTGXb%2FdPytU8%3D&reserved=0>" I can't determine the assurance policy. Example certificate: Subject: CN=*.ettoday.net<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fettoday.net%2F&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406818084%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=U0OvzN4Z5Rgm3Ls0xbkvH2hhCcYgMISzTxGNC7vkiUg%3D&reserved=0>,OU=RD,O=ET New Media Holding Co.\, Ltd.,L=Taipei,ST=Taiwan,C=TW Issuer: CN=TWCA Secure SSL Certification Authority,OU=Secure SSL Sub-CA,O=TAIWAN-CA,C=TW Serial number: 95559031384477517871019103745820225456 The only policy OID set is: 1.3.6.1.4.1.40869.1.1.25 ['www.twca.com.tw<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.twca.com.tw%2F&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406818084%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=UK8xNvHHYrv5hOECvPP8SLUC%2FTrWHjbVyDkXe3J0H68%3D&reserved=0>'] How should I qualify this certificate? Or is this a misissuance? A clarification would be great on how to determine this. The OID is also not part of this quite complete list of policy OIDs https://github.com/zmap/constants<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fzmap%2Fconstants&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406828042%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=imB1nGK2oin7UyrcUSWz6pnEVCPpB4P03RiFprtKiMo%3D&reserved=0> Your guidance would be appreciated. Kind regards, Oscar Koeroo -- You received this message because you are subscribed to the Google Groups "[email protected]<mailto:[email protected]>" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f79c9a95-b07a-4f04-8a23-e228cd8f43ean%40mozilla.org<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fmozilla.org%2Fd%2Fmsgid%2Fdev-security-policy%2Ff79c9a95-b07a-4f04-8a23-e228cd8f43ean%2540mozilla.org%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406828042%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=izKoFkf2CRwbitLwlRKw4Ia%2Bx7eruYwG8E55uUFT4B0%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "[email protected]<mailto:[email protected]>" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZ_izKoqWjxEQ6k22eDw5e14PL-0Zmoz5oJn%2BgwsFBFTg%40mail.gmail.com<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fmozilla.org%2Fd%2Fmsgid%2Fdev-security-policy%2FCA%252B1gtaZ_izKoqWjxEQ6k22eDw5e14PL-0Zmoz5oJn%252BgwsFBFTg%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406837995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=bp2xei3KRMEfhdhWMXywCUZ49Jpstwd9NJnF2EXSJgE%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "[email protected]<mailto:[email protected]>" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/9dca72c0-2a1e-511f-9ee7-1d36f7d87998%40gmail.com<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fmozilla.org%2Fd%2Fmsgid%2Fdev-security-policy%2F9dca72c0-2a1e-511f-9ee7-1d36f7d87998%2540gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Crufus.buschart%40siemens.com%7Ce0eb70835c9a4c06707908d99d7e8942%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637713990406837995%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9FfkZrTEfei4g8igr9NTFjpnHzciS9TPXWtk246V%2FzY%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/AM8PR10MB430555DFEED7B4C0182A1D4A9E8B9%40AM8PR10MB4305.EURPRD10.PROD.OUTLOOK.COM.
