Re: I found some SHA-1 certificates issued by Symantec
On 24/01/17 15:48, Gervase Markham wrote: > That's because it chains up to the following two roots: > > 1) OU=Class 3 Public Primary Certification Authority > https://crt.sh/?caid=25 This root had its SSL bits disabled around June 2014: https://bugzilla.mozilla.org/show_bug.cgi?id=986005 https://bugzilla.mozilla.org/show_bug.cgi?id=1021967 > 2) OU=Class 3 Public Primary Certification Authority - G2 > https://crt.sh/?caid=963 This root had its SSL bits disabled in Firefox 36, released in Feb 2015: https://bugzilla.mozilla.org/show_bug.cgi?id=986014 So there is no problem from Mozilla's perspective with SHA-1 certificates issued from "Symantec Private SSL SHA1 CA". Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
RE: I found some SHA-1 certificates issued by Symantec
I disagree. If the CA has requested removal of the root and added it to OneCRL, then I don't see how there is an obligation to continue operating the root under the Mozilla policy. If the browser doesn't update the root store/revocation list to remove the root, then the browser is accepting the CA as non-compliant. If Mozilla wanted to have the root remain compliant after the attempted removal, there'd have to be some sort of agreement with the CA for a transition period. Afterall, a root store operator can always add/remove a root to its program unilaterally, regardless of the root certificate status. Jeremy -Original Message- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Richard Barnes Sent: Tuesday, January 24, 2017 9:11 AM To: Peter Bowen <pzbo...@gmail.com> Cc: mozilla-dev-security-pol...@lists.mozilla.org; Rob Stradling <rob.stradl...@comodo.com>; Gervase Markham <g...@mozilla.org>; w...@gmail.com Subject: Re: I found some SHA-1 certificates issued by Symantec On Tue, Jan 24, 2017 at 11:08 AM, Peter Bowen <pzbo...@gmail.com> wrote: > On Tue, Jan 24, 2017 at 8:00 AM, Richard Barnes <rbar...@mozilla.com> > wrote: > > On Tue, Jan 24, 2017 at 10:48 AM, Gervase Markham <g...@mozilla.org> > wrote: > >> > >> This helpful spreadsheet shows that they were removed in Firefox 47 > >> and > >> 51 respectively: > >> https://mozillacaprogram.secure.force.com/CA/RemovedCACertificateRe > >> port Although Firefox 51 was only released yesterday, so that's a > >> bit concerning. > >> > > > > Indeed, if they issued these before yesterday, this seems like a problem. > > I'm a little surprised to read this. This SHA-1 "private" hierarchy > is not new news and has been discussed in various forums over the year > or 18 months. At least one other CA operator has a similar hierarchy > that is chained back to a root formerly in the Mozilla trust store. > > I was under the impression Mozilla knew about this from the SHA-1 > exceptions discussions, as one of the topics there has been "why can't > they use the SHA-1 certs from the pulled roots?" > If the root was removed in Firefox 51, and they were issuing SHA-1 off of it before 51 shipped, then they were issuing SHA-1 certificates under a root trusted by Firefox. You can use SHA-1 under a pulled root, but it has to actually be pulled first. --Richard > > Thanks, > Peter > ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy smime.p7s Description: S/MIME cryptographic signature ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: I found some SHA-1 certificates issued by Symantec
On 24/01/17 16:19, Rob Stradling wrote: On 24/01/17 16:11, Richard Barnes wrote: If the root was removed in Firefox 51, and they were issuing SHA-1 off of it before 51 shipped, then they were issuing SHA-1 certificates under a root trusted by Firefox. You can use SHA-1 under a pulled root, but it has to actually be pulled first. I think the "Class 3 Public Primary Certification Authority" (https://crt.sh/?id=162) was already "pulled". It may only have been removed completely in FF51, but it looks like it had the Websites trust bit disabled some time ago: https://bugzilla.mozilla.org/show_bug.cgi?id=936105 Yeah, https://crt.sh/?id=162 lost the Websites trust bit in NSS 3.16.3, the release of which was announced to m.d.s.crypto on 3rd July 2014. https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes "The Trust Bits were changed for the following CA certificates ... OU = Class 3 Public Primary Certification Authority SHA1 Fingerprint: 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2 Turned off websites and code signing trust bits (1024-bit root)" -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: I found some SHA-1 certificates issued by Symantec
On 24/01/17 16:08, Peter Bowen wrote: >> Indeed, if they issued these before yesterday, this seems like a problem. > > I'm a little surprised to read this. This SHA-1 "private" hierarchy > is not new news and has been discussed in various forums over the year > or 18 months. At least one other CA operator has a similar hierarchy > that is chained back to a root formerly in the Mozilla trust store. > > I was under the impression Mozilla knew about this from the SHA-1 > exceptions discussions, as one of the topics there has been "why can't > they use the SHA-1 certs from the pulled roots?" We pulled a bunch of roots in December 2015, including some from Symantec. This is the Firefox 42 - 44 timeframe (44 was January, but I can accept perhaps we took some time to get the job done). So of the Symantec roots, that would be: VeriSign Class 4 Public Primary Certification Authority - G3 UTN-USERFirst-Network Applications There's also, of course Thawte Server CA and Thawte Premium Server CA, pulled in Firefox 36, and some TC TrustCenter roots as well. I had assumed that when people talked about "pulled roots", they were talking about roots which actually had been pulled. I did not expect to see a SHA-1 hierarchy cross-signed by a root still trusted by Firefox until yesterday. Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: I found some SHA-1 certificates issued by Symantec
On 24/01/17 16:11, Richard Barnes wrote: If the root was removed in Firefox 51, and they were issuing SHA-1 off of it before 51 shipped, then they were issuing SHA-1 certificates under a root trusted by Firefox. You can use SHA-1 under a pulled root, but it has to actually be pulled first. I think the "Class 3 Public Primary Certification Authority" (https://crt.sh/?id=162) was already "pulled". It may only have been removed completely in FF51, but it looks like it had the Websites trust bit disabled some time ago: https://bugzilla.mozilla.org/show_bug.cgi?id=936105 -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: I found some SHA-1 certificates issued by Symantec
On Tue, Jan 24, 2017 at 11:08 AM, Peter Bowenwrote: > On Tue, Jan 24, 2017 at 8:00 AM, Richard Barnes > wrote: > > On Tue, Jan 24, 2017 at 10:48 AM, Gervase Markham > wrote: > >> > >> This helpful spreadsheet shows that they were removed in Firefox 47 and > >> 51 respectively: > >> https://mozillacaprogram.secure.force.com/CA/RemovedCACertificateReport > >> Although Firefox 51 was only released yesterday, so that's a bit > >> concerning. > >> > > > > Indeed, if they issued these before yesterday, this seems like a problem. > > I'm a little surprised to read this. This SHA-1 "private" hierarchy > is not new news and has been discussed in various forums over the year > or 18 months. At least one other CA operator has a similar hierarchy > that is chained back to a root formerly in the Mozilla trust store. > > I was under the impression Mozilla knew about this from the SHA-1 > exceptions discussions, as one of the topics there has been "why can't > they use the SHA-1 certs from the pulled roots?" > If the root was removed in Firefox 51, and they were issuing SHA-1 off of it before 51 shipped, then they were issuing SHA-1 certificates under a root trusted by Firefox. You can use SHA-1 under a pulled root, but it has to actually be pulled first. --Richard > > Thanks, > Peter > ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: I found some SHA-1 certificates issued by Symantec
On Tue, Jan 24, 2017 at 8:00 AM, Richard Barneswrote: > On Tue, Jan 24, 2017 at 10:48 AM, Gervase Markham wrote: >> >> This helpful spreadsheet shows that they were removed in Firefox 47 and >> 51 respectively: >> https://mozillacaprogram.secure.force.com/CA/RemovedCACertificateReport >> Although Firefox 51 was only released yesterday, so that's a bit >> concerning. >> > > Indeed, if they issued these before yesterday, this seems like a problem. I'm a little surprised to read this. This SHA-1 "private" hierarchy is not new news and has been discussed in various forums over the year or 18 months. At least one other CA operator has a similar hierarchy that is chained back to a root formerly in the Mozilla trust store. I was under the impression Mozilla knew about this from the SHA-1 exceptions discussions, as one of the topics there has been "why can't they use the SHA-1 certs from the pulled roots?" Thanks, Peter ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: I found some SHA-1 certificates issued by Symantec
On 24/01/17 16:00, Richard Barnes wrote: > Except of course the non-zero slice of users that haven't updated yet. True, although I think it's unreasonable to give CAs a dependency on the quality of our automatic update infrastructure. We can have a discussion about whether "checked into master" or "shipped in Firefox" is the right point to allow them to say a root is no longer trusted and act accordingly, but pushing it out past the ship date seems unreasonable to me. (Not sure we have a policy on this...) Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: I found some SHA-1 certificates issued by Symantec
On Tue, Jan 24, 2017 at 10:48 AM, Gervase Markhamwrote: > On 24/01/17 14:11, w...@gmail.com wrote: > > I was searching on crt.sh and I found something confusing by accident. > > View this page : https://crt.sh/?Identity=%25=7198 > > I can see many SHA-1 certificates issued in 2016 and one is issued in > 2017. > > Your list is a list of certificates issued by "C=US, O=Symantec > Corporation, CN=Symantec Private SSL SHA1 CA". If you view the page > about that CA, you will see that it is not trusted by Mozilla: > https://crt.sh/?caid=7198 > > That's because it chains up to the following two roots: > > 1) OU=Class 3 Public Primary Certification Authority > https://crt.sh/?caid=25 > > 2) OU=Class 3 Public Primary Certification Authority - G2 > https://crt.sh/?caid=963 > > This helpful spreadsheet shows that they were removed in Firefox 47 and > 51 respectively: > https://mozillacaprogram.secure.force.com/CA/RemovedCACertificateReport > Although Firefox 51 was only released yesterday, so that's a bit > concerning. > Indeed, if they issued these before yesterday, this seems like a problem. > > Rob: is the "Trusted by Mozilla" stuff based on the root store on > Mozilla's master branch? > > Symantec representatives: was this "Private" SHA-1-issuing CA supposed > to chain up to roots trusted by Mozilla until very recently? > > > I think it was banned before so someone could tell me why they can issue > these SHA-1 certificates? > > SHA-1 certificate issued in 2017 : https://crt.sh/?id=71625342 > > What makes you think that certificate was issued in 2017? > > Validity > Not Before: Jul 7 00:00:00 2016 GMT > Not After : Dec 31 23:59:59 2017 GMT > > However, I do see this one issued in 2017: > https://crt.sh/?id=7847 > > Symantec reps? Is the idea that this is OK because no browser trusts > this part of your PKI any more? > Except of course the non-zero slice of users that haven't updated yet. --Richard > > Gerv > ___ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: I found some SHA-1 certificates issued by Symantec
On 24/01/17 15:48, Gervase Markham wrote: Rob: is the "Trusted by Mozilla" stuff based on the root store on Mozilla's master branch? Hi Gerv. Yes, I aim to keep crt.sh's view of "Trusted by Mozilla" in sync with mozilla-central [1]. [1] was last updated a few days ago, and I pushed the changes to crt.sh yesterday. [1] https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: I found some SHA-1 certificates issued by Symantec
On 24/01/17 14:11, w...@gmail.com wrote: > I was searching on crt.sh and I found something confusing by accident. > View this page : https://crt.sh/?Identity=%25=7198 > I can see many SHA-1 certificates issued in 2016 and one is issued in 2017. Your list is a list of certificates issued by "C=US, O=Symantec Corporation, CN=Symantec Private SSL SHA1 CA". If you view the page about that CA, you will see that it is not trusted by Mozilla: https://crt.sh/?caid=7198 That's because it chains up to the following two roots: 1) OU=Class 3 Public Primary Certification Authority https://crt.sh/?caid=25 2) OU=Class 3 Public Primary Certification Authority - G2 https://crt.sh/?caid=963 This helpful spreadsheet shows that they were removed in Firefox 47 and 51 respectively: https://mozillacaprogram.secure.force.com/CA/RemovedCACertificateReport Although Firefox 51 was only released yesterday, so that's a bit concerning. Rob: is the "Trusted by Mozilla" stuff based on the root store on Mozilla's master branch? Symantec representatives: was this "Private" SHA-1-issuing CA supposed to chain up to roots trusted by Mozilla until very recently? > I think it was banned before so someone could tell me why they can issue > these SHA-1 certificates? > SHA-1 certificate issued in 2017 : https://crt.sh/?id=71625342 What makes you think that certificate was issued in 2017? Validity Not Before: Jul 7 00:00:00 2016 GMT Not After : Dec 31 23:59:59 2017 GMT However, I do see this one issued in 2017: https://crt.sh/?id=7847 Symantec reps? Is the idea that this is OK because no browser trusts this part of your PKI any more? Gerv ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
I found some SHA-1 certificates issued by Symantec
I was searching on crt.sh and I found something confusing by accident. View this page : https://crt.sh/?Identity=%25=7198 I can see many SHA-1 certificates issued in 2016 and one is issued in 2017. I think it was banned before so someone could tell me why they can issue these SHA-1 certificates? SHA-1 certificate issued in 2017 : https://crt.sh/?id=71625342 Hopefully Liu ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: I found some SHA-1 certificates issued by Symantec
On 24/01/17 14:11, w...@gmail.com wrote: I was searching on crt.sh and I found something confusing by accident. View this page : https://crt.sh/?Identity=%25=7198 I can see many SHA-1 certificates issued in 2016 and one is issued in 2017. I think it was banned before so someone could tell me why they can issue these SHA-1 certificates? SHA-1 certificate issued in 2017 : https://crt.sh/?id=71625342 Hi Liu. The "Symantec Private SSL SHA1 CA" intermediate CA chains only to roots that are no longer trusted by Mozilla. (However, those roots are still trusted by Microsoft, Apple and (for EV) Chrome). See the "Trust" matrix on https://crt.sh/?caid=7198 -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy