Re: Revoking Trust in one ANSSI Certificate
From the information we have to date, I think the CAs that try hard to run a conformant operation can be justifiably upset that this behaviour is tolerated. All the best. Tim. On Dec 9, 2013, at 4:19 PM, Eddy Nigg eddy_n...@startcom.org wrote: On 12/09/2013 11:12 PM, From Ryan Sleevi: According to https://wiki.mozilla.org/CA:Communications#January_10.2C_2013 (see the Responses section), this CA has indicated that they do not expect to begin operating in full compliance to the Baseline Requirements and to Mozilla's 2.1 Inclusion Policy until Dec 2015/January 2016. Thanks Ryan - then we probably should understand what Mozilla does or intends to do in such cases. Maybe this shows that something must be done (when we are assuming that by today every CA is compliant already and this should not be possible according to BR AND Mozilla's requirements). -- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP:start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Revoking Trust in one ANSSI Certificate
Let's start with the basics: what is the cert subject, serial number, date info? None of the four browser notices provided any of that. Surely there is no reason to keep it secret, is there?From: Jan SchejbalSent: Monday, December 9, 2013 1:19 PMTo: mozilla-dev-security-pol...@lists.mozilla.orgReply To: jan.schejbal_n...@gmx.deSubject: Re: Revoking Trust in one ANSSI CertificateHi,could we please have the certificates/chains involved in this, and couldthe corresponding bug (I assume there is one) maybe be made public?Especially of interest would be the dates when the certificates wereissued, when they were first used for MitM, when this was reported tothe CA by Google, and when the CA revoked the certificate.From what I understood, the hierarchy was as follows:ANSSI+-Treasury Sub-CA +-MitM-CA (installed on MitM device)+-Fake endpoint certificatesIs this assumption correct? If so:Was the "Treasury Sub-CA" revoked, or only the "MitM-CA"?Which of these certs are the ones blacklisted by Mozilla?The publicly available information about this is currently quitelimited. Having a meaningful debate on that basis is difficult.We already had a similar case once - Trustwave. The differences are thatthey admitted it before getting caught, and that since that incident,everyone remotely involved in PKI management should know that this issomething you don't do.I would really love to see the explanation how someone accidentallyissues and deploys a MitM Sub-CA...Kind regards,Jan___dev-security-policy mailing listdev-security-policy@lists.mozilla.orghttps://lists.mozilla.org/listinfo/dev-security-policy ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Revoking Trust in one ANSSI Certificate
Brian,I was thinking it would be beneficial if ANSSI would provide a host:port that would have the bad chain installed. This allows for anyone to check if their browser has been updated to un-trust the intermediate.I make this suggestion in addition to the points you raise below, and I think it's fair to ask this of any CA that behaves badly. From: Brian SmithSent: Monday, December 9, 2013 4:15 PMTo: Eddy NiggCc: mozilla-dev-security-pol...@lists.mozilla.orgSubject: Re: Revoking Trust in one ANSSI CertificateOne thing that would really help would be an attempt to document whichpublicly-accessible websites are using certificates that chain (only)to the ANSSI root. I heard the claim that most French publicgovernment websites actually use certificates that chain to adifferent CA. That has led me to wonder how much the ANSSI root isactually used by public websites. Having a list of domains that usecerts that chain to ANSSI root is likely to have some significantbearing on the decisions about what to do. But, it will be a whilebefore I would have time to compile such a list.I think it would also help to document in this thread the ways we knowthat ANSSI is not complying with our CA program. Lack of OCSP AIA URIin the certificates is one example. Are there other ways that ANSSI isnon-compliant?Cheers,BrianOn Mon, Dec 9, 2013 at 1:18 PM, Eddy Nigg eddy_n...@startcom.org wrote: On 12/09/2013 11:12 PM, From Ryan Sleevi: According to https://wiki.mozilla.org/CA:Communications#January_10.2C_2013 (see the Responses section), this CA has indicated that they do not expect to begin operating in full compliance to the Baseline Requirements and to Mozilla's 2.1 Inclusion Policy until Dec 2015/January 2016. Thanks Ryan - then we probably should understand what Mozilla does or intends to do in such cases. Maybe this shows that something must be done (when we are assuming that by today every CA is compliant already and this should not be possible according to BR AND Mozilla's requirements). -- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP:start...@startcom.org Blog:http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy-- Mozilla Networking/Crypto/Security (Necko/NSS/PSM)___dev-security-policy mailing listdev-security-policy@lists.mozilla.orghttps://lists.mozilla.org/listinfo/dev-security-policy ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
