Re: Certificate with invalid dnsName issued from Baltimore intermediate
On 07/18/2017 11:57 AM, Hanno Böck wrote: More dotdot-certificates: [snip] via searching censys.io: https://crt.sh/?id=174803642 for *..syntaxafrica.com Issued by GoDaddy in 2016; expires later this year, but revoked (CRL timestamp says a few days after issuance) https://crt.sh/?id=38662560 for *usmc..afpimsstaging.mil Issued by U.S. Government in 2012; expired 2015 I also some old internal name certificates: https://crt.sh/?id=39441152 for autodiscover.eat...ltransport.local Issued by GoDaddy in 2012; expired 2015 https://crt.sh/?id=39333847 for autodiscover.jgexchange2.bellgibfamily.local Issued by GoDaddy in 2012; expired 2015 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
dNSName containing '/' / low serial number entropy
https://crt.sh/?id=174827359 is a certificate issued by D-TRUST SSL Class 3 CA 1 2009 containing the DNS SAN 'www.lbv-gis.brandenburg.de/lbvagszit' (containing a '/') with a notBefore in April 2017. The certificate also seems to have a short certificate serial number, which cannot include 64 bits of entropy. Many certificates issued by this CA appears to use large serial numbers (e.g. [1]). But there are certificates with much shorter sequential-looking serial numbers with notBefores shortly before [2] and after [3] this certificate's and as recent as 4 July 2017 [4]. [1] https://crt.sh/?id=137090990 , https://crt.sh/?id=124715040 [2] https://censys.io/certificates/4445455caca3e9cf2ab2b673304487cb220871aa6d5ac1bf03827f74609c3646 [3] https://censys.io/certificates/8d08033efe732e8fb6c2f3257c52b500af991bd1f363ffd6e29ec1812a943cd9 [4] https://crt.sh/?id=173758922 I did a cursory check on censys.io to see if there were other cases of short serial numbers in certificates with recent notBefores that are trusted by Mozilla: - Digidentity Services CA - G2 (https://crt.sh/?caid=868 ; chains to Staat der Nederlanden Root CA - G2) has issued certificates which serial numbers that appear to be of the form 0x1000 + sequential counter with notBefores as recent as 8 June 2017. - Siemens Issuing CA Internet Server 2016 (https://crt.sh/?caid=26087 ; chains to QuoVadis Root CA 2 G3) has issued certificates with 4-byte serial numbers with notBefores as recent as 11 July 2017, though they do not appear to be assigned sequentially. D-Trust and QuoVadis both indicated no problems complying with version 2.4.1 of Mozilla's certificate policies (which requires, among other things, 64 bits of serial number entropy) by 1 June 2017 when they replied to Mozilla's April CA communication. The Government of the Netherlands indicated they needed a delay for CPS translation only. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: TunRootCA2 root inclusion request
On 07/19/17 05:10, Aaron Wu wrote: - Tunisian Server Certificate Authority - TunServerCA2 https://crt.sh/?id=21813439 is a certificate issued by this CA which has a domain name in the common name but only an email address in the SAN. (The certificate has TLS server/client usage EKUs.) https://crt.sh/?id=99182607 is a revoked certificate issued by this CA which has a domain name in the common name which does not match the domain name in the SAN, which is for a different TLD. (A new certificate with both names in SANs, https://crt.sh/?id=99462700 , has a notBefore which appears to have around the same timestamp as the revocation.) https://crt.sh/?id=15126121 is an expired certificate (notBefore March 2016; notAfter March 2017) issued by this CA which has a wildcard name in the common name while the SAN contains specific domain names that would be covered by the wildcard only. https://crt.sh/?id=10975511 is an expired certificate with a notBefore of Oct 2015 and notAfter of Oct 2016 issued by this CA with an iPAddress SAN of 127.0.0.1. (I believe that by 2014, the BRs prohibited issuing internal name certs with validity past November 2015.) ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: TunRootCA2 root inclusion request
On 07/19/2017 05:10 AM, Aaron Wu wrote: - Tunisian Server Certificate Authority - TunServerCA2 https://crt.sh/?id=79470561&opt=cablint is a certificate for the internal name 'adv-mail.calladvance.local' issued by this CA with a notBefore of 2017. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Certificate with invalid dnsName
On 07/19/2017 06:03 PM, Tom wrote: Following that discovery, I've search for odd (invalid?) DNS names. Here is the list of certificated I've found, it may overlap some discovery already reported. If I'm correct, theses certificate are not revoked, not expired, and probably trusted by Mozilla (crt.sh issuer are marked trusted by Mozilla, but not all). [snip] Some additional problematic certs: chains to Swisscom: https://crt.sh/?id=175444569 wxadm.swissucc.local chains to CATCert, notBefore in 2017: https://crt.sh/?id=98706307 maritim4.mmaritim.local chains to PROCERT, notBefore in 2017: https://crt.sh/?id=175466182 fospuca.local chains to Baltimore Cybertrust Root (DigiCert): https://crt.sh/?id=12344381 lorweb.local chains to Baltimore Cybertrust Root (DigiCert), notBefore in 2017: https://crt.sh/?id=175469208 skbfep01.justica.local https://crt.sh/?id=175469209 energy.ctd and pt chains to QuoVadis, notBefore in 2017: https://crt.sh/?id=175466199 devsrv.pe.siemens.info-com (swapped -/.) chains to DocuSign, notBefore in 2017: https://crt.sh/?id=99149574 "www.immonotaireargus.com " (trailing space) ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Certificate with invalid dnsName
On 07/19/2017 06:03 PM, Tom wrote: Following that discovery, I've search for odd (invalid?) DNS names. Here is the list of certificated I've found, it may overlap some discovery already reported. If I'm correct, theses certificate are not revoked, not expired, and probably trusted by Mozilla (crt.sh issuer are marked trusted by Mozilla, but not all). Annotating these certs: Starting with *: I believe this cert is presently untrusted by Mozilla due to revocation of all paths to the Federal PKI: https://crt.sh/?id=7211484*eis.aetc.af.mil chains to StartCom (and all of these from StartCom are minor compared to StartCom's other problems): https://crt.sh/?id=10714112*g10.net-lab.net chains to Baltimore CyberTrust Root (DigiCert): https://crt.sh/?id=48682944*nuvolaitaliana.it chains to StartCom: https://crt.sh/?id=15736178*assets.blog.cn.net.ru https://crt.sh/?id=17295812*dev02.calendar42.com https://crt.sh/?id=15881220*dev.1septem.ru https://crt.sh/?id=15655700*assets.blog.cn.net.ru https://crt.sh/?id=17792808*quickbuild.raptorengineering.io Starting with -: chains to QuoVadis: https://crt.sh/?id=54285413 -d1-datacentre-12g-console-2.its.deakin.edu.au chains to StartCom: https://crt.sh/?id=78248795-1ccenter.777chao.com Multiple *.: chains to QuoVadis: https://crt.sh/?id=13299376*.*.victoria.ac.nz I believe this cert is presently trusted by Mozilla only via a technically constrained subCA: https://crt.sh/?id=44997156*.*.rnd.unicredit.it chains to Swisscom: https://crt.sh/?id=5982951*.*.int.swisscom.ch Internals TLD: chains to Baltimore CyberTrust Root (DigiCert): https://crt.sh/?id=33626750a1.verizon.test I believe this cert is presently untrusted by Mozilla due to revocation of the relevant subCA: https://crt.sh/?id=33123653DAC38997VPN2001A.trmk.corp chains to Certplus (DocuSign): https://crt.sh/?id=42475510naccez.us.areva.corp I believe these presently lack an unrevoked, unexpired trust path in Mozilla: https://crt.sh/?id=10621703collaboration.intra.airbusds.corp https://crt.sh/?id=48726306zdeasaotn01.dsmain.ds.corp ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Certificate with invalid dnsName issued from Baltimore intermediate
On 07/17/2017 11:21 AM, Ben Wilson wrote: Dear Jonathan, Thank you for bringing this to our attention. We have contacted Intesa Sanpaolo regarding this error and have asked them to correct it as soon as possible. Sincerely yours, This CA also issued a recent certificate for the unqualified dNSName 'webinterfacestrong': https://crt.sh/?id=177606495 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy