Re: ROCA fingerprints found on crt.sh (was Re: Efficient test for weak RSA keys generated in Infineon TPMs / smartcards)
Hi Rob, all, we are treating this as an incident although all certs related to D-Trust are indeed Qualified/EUTL certs governed by National German Law and are not chaining up to roots that trusted by NSS, hence are not related to the WekbPKI. An incident report will be submitted by tomorrow noon (Thursday, 2017/10/19, German time). None of the systems used within D-Trust to operate WebPKI CAs are affected by the weak RSA key generation topic reported today. Kim Nguyen, D-Trust ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: ROCA fingerprints found on crt.sh (was Re: Efficient test for weak RSA keys generated in Infineon TPMs / smartcards)
Am Mittwoch, 18. Oktober 2017 11:15:03 UTC+2 schrieb Rob Stradling: > I've completed a full scan of the crt.sh DB, which found 171 certs with > ROCA fingerprints. > > The list is at https://misissued.com/batch/28/ > > Many of these are Qualified/EUTL certs rather than anything to do with > the WebPKI. Only about half of them chain to roots that are trusted by NSS. > > On 17/10/17 14:49, Rob Stradling via dev-security-policy wrote: > > On 16/10/17 23:15, Jakob Bohm via dev-security-policy wrote: > > > >> Unfortunately, as of right now, their github repository still doesn't > >> include the promised C/C++ implementation, > > > > Hi Jakob. Today I ended up rewriting the ROCA fingerprint checker in C > > (using OpenSSL BIGNUM calls) to get it working in crt.sh. In case it's > > useful, here's a Gist: > > > > https://gist.github.com/robstradling/f525d423c79690b72e650e2ad38a161d > > > > Build it with -lcrypto and pipe a DER cert to STDIN > > -- > Rob Stradling > Senior Research & Development Scientist > COMODO - Creating Trust Online Hi Rob, all, we are regarding this as an incident although all D-Trust related certificates are Qualified/EUTL certs governed by national German law as noted by Rob and are chaining up to roots that are trusted by NSS. Nevertheless an incident report will be provided tomorrow (2017/10/19). Kim Nguyen, D-Trust ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: ROCA fingerprints found on crt.sh (was Re: Efficient test for weak RSA keys generated in Infineon TPMs / smartcards)
On Wednesday, October 18, 2017 at 4:15:03 AM UTC-5, Rob Stradling wrote: > The list is at https://misissued.com/batch/28/ > > Many of these are Qualified/EUTL certs rather than anything to do with > the WebPKI. Only about half of them chain to roots that are trusted by NSS. > It's really interesting. Of those which are non-expired and which do chain to publicly trusted roots, a number of these have the term "scada" in one or more of their SAN dnsName entries. I wonder what manufacturers' SCADA control systems utilize Infineon TPMs. Frankly, the shocking part is that a manufacturer of some SCADA controller or front end bothered to attempt key control in a TPM at all. Those guys tend to be of the "security is a network layer problem, VPN all the things" perspective. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
ROCA fingerprints found on crt.sh (was Re: Efficient test for weak RSA keys generated in Infineon TPMs / smartcards)
I've completed a full scan of the crt.sh DB, which found 171 certs with ROCA fingerprints. The list is at https://misissued.com/batch/28/ Many of these are Qualified/EUTL certs rather than anything to do with the WebPKI. Only about half of them chain to roots that are trusted by NSS. On 17/10/17 14:49, Rob Stradling via dev-security-policy wrote: On 16/10/17 23:15, Jakob Bohm via dev-security-policy wrote: Unfortunately, as of right now, their github repository still doesn't include the promised C/C++ implementation, Hi Jakob. Today I ended up rewriting the ROCA fingerprint checker in C (using OpenSSL BIGNUM calls) to get it working in crt.sh. In case it's useful, here's a Gist: https://gist.github.com/robstradling/f525d423c79690b72e650e2ad38a161d Build it with -lcrypto and pipe a DER cert to STDIN. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
