Re: I found some SHA-1 certificates issued by Symantec

2017-01-25 Thread Gervase Markham 
On 24/01/17 15:48, Gervase Markham wrote:
> That's because it chains up to the following two roots:
> 
> 1) OU=Class 3 Public Primary Certification Authority
> https://crt.sh/?caid=25

This root had its SSL bits disabled around June 2014:
https://bugzilla.mozilla.org/show_bug.cgi?id=986005
https://bugzilla.mozilla.org/show_bug.cgi?id=1021967

> 2) OU=Class 3 Public Primary Certification Authority - G2
> https://crt.sh/?caid=963

This root had its SSL bits disabled in Firefox 36, released in Feb 2015:
https://bugzilla.mozilla.org/show_bug.cgi?id=986014

So there is no problem from Mozilla's perspective with SHA-1
certificates issued from "Symantec Private SSL SHA1 CA".

Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

RE: I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread Jeremy Rowley 
I disagree. If the CA has requested removal of the root and added it to
OneCRL, then I don't see how there is an obligation to continue operating
the root under the Mozilla policy.  If the browser doesn't update the root
store/revocation list to remove the root, then the browser is accepting the
CA as non-compliant.  If Mozilla wanted to have the root remain compliant
after the attempted removal, there'd have to be some sort of agreement with
the CA for a transition period. Afterall, a root store operator can always
add/remove a root to its program unilaterally, regardless of the root
certificate status.

Jeremy

-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla
.org] On Behalf Of Richard Barnes
Sent: Tuesday, January 24, 2017 9:11 AM
To: Peter Bowen <pzbo...@gmail.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org; Rob Stradling
<rob.stradl...@comodo.com>; Gervase Markham <g...@mozilla.org>;
w...@gmail.com
Subject: Re: I found some SHA-1 certificates issued by Symantec

On Tue, Jan 24, 2017 at 11:08 AM, Peter Bowen <pzbo...@gmail.com> wrote:

> On Tue, Jan 24, 2017 at 8:00 AM, Richard Barnes <rbar...@mozilla.com>
> wrote:
> > On Tue, Jan 24, 2017 at 10:48 AM, Gervase Markham <g...@mozilla.org>
> wrote:
> >>
> >> This helpful spreadsheet shows that they were removed in Firefox 47 
> >> and
> >> 51 respectively:
> >> https://mozillacaprogram.secure.force.com/CA/RemovedCACertificateRe
> >> port Although Firefox 51 was only released yesterday, so that's a 
> >> bit concerning.
> >>
> >
> > Indeed, if they issued these before yesterday, this seems like a
problem.
>
> I'm a little surprised to read this.  This SHA-1 "private" hierarchy 
> is not new news and has been discussed in various forums over the year 
> or 18 months. At least one other CA operator has a similar hierarchy 
> that is chained back to a root formerly in the Mozilla trust store.
>
> I was under the impression Mozilla knew about this from the SHA-1 
> exceptions discussions, as one of the topics there has been "why can't 
> they use the SHA-1 certs from the pulled roots?"
>

If the root was removed in Firefox 51, and they were issuing SHA-1 off of it
before 51 shipped, then they were issuing SHA-1 certificates under a root
trusted by Firefox.

You can use SHA-1 under a pulled root, but it has to actually be pulled
first.

--Richard


>
> Thanks,
> Peter
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy


smime.p7s
Description: S/MIME cryptographic signature
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread Rob Stradling 

On 24/01/17 16:19, Rob Stradling wrote:

On 24/01/17 16:11, Richard Barnes wrote:


If the root was removed in Firefox 51, and they were issuing SHA-1 off
of it before 51 shipped, then they were issuing SHA-1 certificates under
a root trusted by Firefox.

You can use SHA-1 under a pulled root, but it has to actually be pulled
first.


I think the "Class 3 Public Primary Certification Authority"
(https://crt.sh/?id=162) was already "pulled".

It may only have been removed completely in FF51, but it looks like it
had the Websites trust bit disabled some time ago:

https://bugzilla.mozilla.org/show_bug.cgi?id=936105


Yeah, https://crt.sh/?id=162 lost the Websites trust bit in NSS 3.16.3, 
the release of which was announced to m.d.s.crypto on 3rd July 2014.


https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes
"The Trust Bits were changed for the following CA certificates
...
OU = Class 3 Public Primary Certification Authority
SHA1 Fingerprint: 
74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2

Turned off websites and code signing trust bits (1024-bit root)"

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread Gervase Markham 
On 24/01/17 16:08, Peter Bowen wrote:
>> Indeed, if they issued these before yesterday, this seems like a problem.
> 
> I'm a little surprised to read this.  This SHA-1 "private" hierarchy
> is not new news and has been discussed in various forums over the year
> or 18 months. At least one other CA operator has a similar hierarchy
> that is chained back to a root formerly in the Mozilla trust store.
> 
> I was under the impression Mozilla knew about this from the SHA-1
> exceptions discussions, as one of the topics there has been "why can't
> they use the SHA-1 certs from the pulled roots?"

We pulled a bunch of roots in December 2015, including some from
Symantec. This is the Firefox 42 - 44 timeframe (44 was January, but I
can accept perhaps we took some time to get the job done). So of the
Symantec roots, that would be:

VeriSign Class 4 Public Primary Certification Authority - G3
UTN-USERFirst-Network Applications

There's also, of course Thawte Server CA and Thawte Premium Server CA,
pulled in Firefox 36, and some TC TrustCenter roots as well. I had
assumed that when people talked about "pulled roots", they were talking
about roots which actually had been pulled. I did not expect to see a
SHA-1 hierarchy cross-signed by a root still trusted by Firefox until
yesterday.

Gerv

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread Rob Stradling 

On 24/01/17 16:11, Richard Barnes wrote:


If the root was removed in Firefox 51, and they were issuing SHA-1 off
of it before 51 shipped, then they were issuing SHA-1 certificates under
a root trusted by Firefox.

You can use SHA-1 under a pulled root, but it has to actually be pulled
first.


I think the "Class 3 Public Primary Certification Authority" 
(https://crt.sh/?id=162) was already "pulled".


It may only have been removed completely in FF51, but it looks like it 
had the Websites trust bit disabled some time ago:


https://bugzilla.mozilla.org/show_bug.cgi?id=936105

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread Richard Barnes 
On Tue, Jan 24, 2017 at 11:08 AM, Peter Bowen  wrote:

> On Tue, Jan 24, 2017 at 8:00 AM, Richard Barnes 
> wrote:
> > On Tue, Jan 24, 2017 at 10:48 AM, Gervase Markham 
> wrote:
> >>
> >> This helpful spreadsheet shows that they were removed in Firefox 47 and
> >> 51 respectively:
> >> https://mozillacaprogram.secure.force.com/CA/RemovedCACertificateReport
> >> Although Firefox 51 was only released yesterday, so that's a bit
> >> concerning.
> >>
> >
> > Indeed, if they issued these before yesterday, this seems like a problem.
>
> I'm a little surprised to read this.  This SHA-1 "private" hierarchy
> is not new news and has been discussed in various forums over the year
> or 18 months. At least one other CA operator has a similar hierarchy
> that is chained back to a root formerly in the Mozilla trust store.
>
> I was under the impression Mozilla knew about this from the SHA-1
> exceptions discussions, as one of the topics there has been "why can't
> they use the SHA-1 certs from the pulled roots?"
>

If the root was removed in Firefox 51, and they were issuing SHA-1 off of
it before 51 shipped, then they were issuing SHA-1 certificates under a
root trusted by Firefox.

You can use SHA-1 under a pulled root, but it has to actually be pulled
first.

--Richard


>
> Thanks,
> Peter
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread Peter Bowen 
On Tue, Jan 24, 2017 at 8:00 AM, Richard Barnes  wrote:
> On Tue, Jan 24, 2017 at 10:48 AM, Gervase Markham  wrote:
>>
>> This helpful spreadsheet shows that they were removed in Firefox 47 and
>> 51 respectively:
>> https://mozillacaprogram.secure.force.com/CA/RemovedCACertificateReport
>> Although Firefox 51 was only released yesterday, so that's a bit
>> concerning.
>>
>
> Indeed, if they issued these before yesterday, this seems like a problem.

I'm a little surprised to read this.  This SHA-1 "private" hierarchy
is not new news and has been discussed in various forums over the year
or 18 months. At least one other CA operator has a similar hierarchy
that is chained back to a root formerly in the Mozilla trust store.

I was under the impression Mozilla knew about this from the SHA-1
exceptions discussions, as one of the topics there has been "why can't
they use the SHA-1 certs from the pulled roots?"

Thanks,
Peter
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread Gervase Markham 
On 24/01/17 16:00, Richard Barnes wrote:
> Except of course the non-zero slice of users that haven't updated yet.

True, although I think it's unreasonable to give CAs a dependency on the
quality of our automatic update infrastructure. We can have a discussion
about whether "checked into master" or "shipped in Firefox" is the right
point to allow them to say a root is no longer trusted and act
accordingly, but pushing it out past the ship date seems unreasonable to
me. (Not sure we have a policy on this...)

Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread Richard Barnes 
On Tue, Jan 24, 2017 at 10:48 AM, Gervase Markham  wrote:

> On 24/01/17 14:11, w...@gmail.com wrote:
> > I was searching on crt.sh and I found something confusing by accident.
> > View this page : https://crt.sh/?Identity=%25=7198
> > I can see many SHA-1 certificates issued in 2016 and one is issued in
> 2017.
>
> Your list is a list of certificates issued by "C=US, O=Symantec
> Corporation, CN=Symantec Private SSL SHA1 CA". If you view the page
> about that CA, you will see that it is not trusted by Mozilla:
> https://crt.sh/?caid=7198
>
> That's because it chains up to the following two roots:
>
> 1) OU=Class 3 Public Primary Certification Authority
> https://crt.sh/?caid=25
>
> 2) OU=Class 3 Public Primary Certification Authority - G2
> https://crt.sh/?caid=963
>
> This helpful spreadsheet shows that they were removed in Firefox 47 and
> 51 respectively:
> https://mozillacaprogram.secure.force.com/CA/RemovedCACertificateReport
> Although Firefox 51 was only released yesterday, so that's a bit
> concerning.
>

Indeed, if they issued these before yesterday, this seems like a problem.



>
> Rob: is the "Trusted by Mozilla" stuff based on the root store on
> Mozilla's master branch?
>
> Symantec representatives: was this "Private" SHA-1-issuing CA supposed
> to chain up to roots trusted by Mozilla until very recently?
>
> > I think it was banned before so someone could tell me why they can issue
> these SHA-1 certificates?
> > SHA-1 certificate issued in 2017 : https://crt.sh/?id=71625342
>
> What makes you think that certificate was issued in 2017?
>
> Validity
> Not Before: Jul  7 00:00:00 2016 GMT
> Not After : Dec 31 23:59:59 2017 GMT
>
> However, I do see this one issued in 2017:
> https://crt.sh/?id=7847
>
> Symantec reps? Is the idea that this is OK because no browser trusts
> this part of your PKI any more?
>

Except of course the non-zero slice of users that haven't updated yet.

--Richard


>
> Gerv
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread Rob Stradling 

On 24/01/17 15:48, Gervase Markham wrote:


Rob: is the "Trusted by Mozilla" stuff based on the root store on
Mozilla's master branch?


Hi Gerv.  Yes, I aim to keep crt.sh's view of "Trusted by Mozilla" in 
sync with mozilla-central [1].  [1] was last updated a few days ago, and 
I pushed the changes to crt.sh yesterday.



[1] 
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt


--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread Gervase Markham 
On 24/01/17 14:11, w...@gmail.com wrote:
> I was searching on crt.sh and I found something confusing by accident.
> View this page : https://crt.sh/?Identity=%25=7198 
> I can see many SHA-1 certificates issued in 2016 and one is issued in 2017.

Your list is a list of certificates issued by "C=US, O=Symantec
Corporation, CN=Symantec Private SSL SHA1 CA". If you view the page
about that CA, you will see that it is not trusted by Mozilla:
https://crt.sh/?caid=7198

That's because it chains up to the following two roots:

1) OU=Class 3 Public Primary Certification Authority
https://crt.sh/?caid=25

2) OU=Class 3 Public Primary Certification Authority - G2
https://crt.sh/?caid=963

This helpful spreadsheet shows that they were removed in Firefox 47 and
51 respectively:
https://mozillacaprogram.secure.force.com/CA/RemovedCACertificateReport
Although Firefox 51 was only released yesterday, so that's a bit concerning.

Rob: is the "Trusted by Mozilla" stuff based on the root store on
Mozilla's master branch?

Symantec representatives: was this "Private" SHA-1-issuing CA supposed
to chain up to roots trusted by Mozilla until very recently?

> I think it was banned before so someone could tell me why they can issue 
> these SHA-1 certificates?
> SHA-1 certificate issued in 2017 : https://crt.sh/?id=71625342

What makes you think that certificate was issued in 2017?

Validity
Not Before: Jul  7 00:00:00 2016 GMT
Not After : Dec 31 23:59:59 2017 GMT

However, I do see this one issued in 2017:
https://crt.sh/?id=7847

Symantec reps? Is the idea that this is OK because no browser trusts
this part of your PKI any more?

Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread wwwww818 
I was searching on crt.sh and I found something confusing by accident.
View this page : https://crt.sh/?Identity=%25=7198 
I can see many SHA-1 certificates issued in 2016 and one is issued in 2017.
I think it was banned before so someone could tell me why they can issue these 
SHA-1 certificates?
SHA-1 certificate issued in 2017 : https://crt.sh/?id=71625342
Hopefully
Liu
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: I found some SHA-1 certificates issued by Symantec

2017-01-24 Thread Rob Stradling 

On 24/01/17 14:11, w...@gmail.com wrote:

I was searching on crt.sh and I found something confusing by accident.
View this page : https://crt.sh/?Identity=%25=7198
I can see many SHA-1 certificates issued in 2016 and one is issued in 2017.
I think it was banned before so someone could tell me why they can issue these 
SHA-1 certificates?
SHA-1 certificate issued in 2017 : https://crt.sh/?id=71625342


Hi Liu.

The "Symantec Private SSL SHA1 CA" intermediate CA chains only to roots 
that are no longer trusted by Mozilla.  (However, those roots are still 
trusted by Microsoft, Apple and (for EV) Chrome).


See the "Trust" matrix on https://crt.sh/?caid=7198

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy