We thank you for bringing this to our attention and are looking into this issue. In the meantime:
- We have completed the update of our zlint to v3.4.0. Since pre-issuance linting is being used, this prevents similar issuances. Note that per our standard change management processes, this update was caught by our monitoring tools and was originally planned to be deployed in production in early November. - We have completed testing of our entire database of existing certificates (retrospection) using the new version of zlint and confirmed no other certificates are affected by this issue. - In an abundance of caution, we are planning to replace the certificate in coordination with the subscriber. - A CA/B Forum ballot we proposed, intended to provide guidance to CAs for handling Debian weak keys and similar vulnerabilities, includes (at the suggestion of Martijn Katerbarg) language addressing the Fermat attack issue. Chris Kemmerer SSL.com On Monday, October 31, 2022 at 10:43:25 AM UTC-5 [email protected] wrote: > Zlint also has a check for this > <https://github.com/zmap/zlint/blob/master/v3/lints/community/lint_rsa_fermat_factorization.go> > > in version 3.4.0 (released this month), and on master since July. > > On Sat, Oct 29, 2022 at 12:45 PM Hanno Böck <[email protected]> wrote: > >> Hi, >> >> https://crt.sh/?id=7581884753&opt=ocsp >> is a certificate with a private key that can be broken with fermat >> factorization [1] as the two RSA primes are close to each other. It has >> been issued in September and is currently unrevoked. >> >> I am not sure if there's currently an expectation to check for this >> type of vulnerability (though I've been CCed on a few mails back in >> July where there was a proposal to have more clarity on what weak keys >> to check in the cabforum rules, and this was one of the things in it, >> but I don't know what the current status there is). But I would >> recommend that all CAs implement this check. There have been a few such >> certificates in the wild and the check is easy to do (see [2] for the >> badkeys code doing the check). >> >> >> [1] https://fermatattack.secvuln.info/ >> [2] >> https://github.com/badkeys/badkeys/blob/main/badkeys/rsakeys/fermat.py >> >> -- >> Hanno Böck >> https://hboeck.de/ >> >> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20221029214539.182e35be%40computer >> . >> > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/366d7413-3a24-44db-818a-68ff3e6caf59n%40mozilla.org.
