Re: Incidents involving the CA WoSign

2016-09-01 Thread Percy
They have confirmed that it's a fake cert. Alibaba knew this prior to my contact and said they already contacted WoSign. Percy Alpha(PGP ) On Wed, Aug 31, 2016 at 3:15 AM, Gervase Markham wrote: > On 29/08/16

Re: Reuse of serial numbers by StartCom

2016-09-01 Thread Eddy Nigg
On 09/01/2016 04:20 AM, Matt Palmer wrote: That sounds an awful lot like "we can't fix our own systems", which is a... terrifying thought. Not so, rather according to my assessment, the cost and everything it entailed (including other risks) to fix that particular issue outweighed the

Re: Sanctions short of distrust

2016-09-01 Thread Hanno Böck
On Wed, 31 Aug 2016 12:43:38 -0700 (PDT) Nick Lamb wrote: > 1. Implement "Require SCTs" for problematic CAs. Notify the CA they > are obliged to CT log all certificates, inform subscribers etc. or > their subscriber's certificates will suddenly be invalid in Firefox > from

Re: Incidents involving the CA WoSign

2016-09-01 Thread Ryan Sleevi
On Wednesday, August 31, 2016 at 11:03:11 PM UTC-7, Percy wrote: > Indeed, WoSign has become too big to fail. I would suggest that the decision > whether to remove WoSign should be independent of whether it's practical to > implement such removal. Otherwise, larger CA basically gained "natural

Re: Hongkong Post recently issued SHA1 cert that could be used in TLS

2016-09-01 Thread Man Ho (Certizen)
On 9/1/2016 3:52 AM, Nick Lamb wrote: > It may make sense to explicitly tell Hongkong Post that it must not do > anything which would have the effect of subverting/ undoing this change. For > example, if Hongkong Post wants to create a new certificate for the > intermediate "Hongkong Post

Re: Sanctions short of distrust

2016-09-01 Thread Kurt Roeckx
Hi Nick, I want to thank you for bringing this up, because we always seem to have the same kind of discussions when something happened. Ryan's mail has a bunch of other suggestions for what we can do. 1. Implement "Require SCTs" for problematic CAs. Is there a reason we don't require

RE: Sanctions short of distrust

2016-09-01 Thread Richard Wang
WoSign is volunteering to "Require CT", see this: https://bugs.chromium.org/p/chromium/issues/detail?id=626338 And we even plan to log code signing certificate and client certificate in the future once our system upgrade is ready. We think CT is a good solution for any mis-issued problem.

Re: Sanctions short of distrust

2016-09-01 Thread Ryan Sleevi
On Thursday, September 1, 2016 at 12:07:48 AM UTC-7, Hanno Böck wrote: > Good thing: Can be easily tested by others whether a CA implements it > and it may reduce misissuances. > > I'm inclined to say every CA should implement CAA, but it seems last > time this was discussed in the

Re: Reuse of serial numbers by StartCom

2016-09-01 Thread Nick Lamb
On Thursday, 1 September 2016 08:54:16 UTC+1, Eddy Nigg wrote: > Not so, rather according to my assessment, the cost and everything it > entailed (including other risks) to fix that particular issue outweighed > the benefits for having it fixed within a time-frame shorter than that. It seems

Re: Incidents involving the CA WoSign

2016-09-01 Thread Andrew Ayer
On Thu, 1 Sep 2016 09:00:38 -0700 "Ryan Sleevi" wrote: > Incident -2: 16 January 2015 - 5 March 2015 - 1,132 BR-violating SHA-1 > certificates ( https://cert.webtrust.org/SealFile?seal=2019=pdf ) This was a violation of a "SHOULD NOT" (not a "MUST NOT") issue SHA-1 certificates

Re: Incidents involving the CA WoSign

2016-09-01 Thread Kurt Roeckx
On 2016-08-31 20:13, Ryan Sleevi wrote: Setting aside for a second whether or not distrusting is the right action, let's think about what possible responses. A) Remove the CA. Users may manually trust it if they re-add it, but it will not be trusted by default. B) Actively distrust the CA.

RE: Reuse of serial numbers

2016-09-01 Thread Peter Gutmann
Rob Stradling writes: >https://crt.sh/?serial=056d1570da645bf6b44c0a7077cc6769=1662 says >"Not Revoked" three times. I wonder if that's causing some confusion here. Just to make sure I'm not misreading this in some way, is this really saying there are 313 certs issued

RE: Reuse of serial numbers

2016-09-01 Thread Richard Wang
I am sure it is revoked, please check it again, thanks. Best Regards, Richard -Original Message- From: dev-security-policy [mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On Behalf Of Patrick T Sent: Thursday, September 1, 2016 5:07 PM To:

Re: Hongkong Post recently issued SHA1 cert that could be used in TLS

2016-09-01 Thread Matt Palmer
On Thu, Sep 01, 2016 at 10:14:01AM +0800, Man Ho (Certizen) wrote: > What about our existing SSL server certs, which are still valid until 31 > Dec 2016? Majority of those cert. subscribers are offering government > and public services to residents of Hong Kong. You might want to let them know

Re: Reuse of serial numbers

2016-09-01 Thread Rob Stradling
On 01/09/16 11:29, Peter Gutmann wrote: Rob Stradling writes: I guess it makes them easy to revoke, if a single revocation can kill 313 certs at once. That's true. Hey, WoSign has solved the CRL scalability problem! If WoSign have discovered a way to know, at

Re: Reuse of serial numbers by StartCom

2016-09-01 Thread Patrick T
On Wednesday, 31 August 2016 17:57:41 UTC+1, Eddy Nigg wrote: > On 08/31/2016 03:19 PM, Matt Palmer wrote: > > That bug appears to pre-date *all* of the certificates listed above. > > Further, the last communication on that bug (2014-09-22), from Eddy > > Nigg (of StartCom), said: > >> It's a

RE: Reuse of serial numbers

2016-09-01 Thread Peter Gutmann
Rob Stradling writes: >>I guess it makes them easy to revoke, if a single revocation can kill 313 >>certs at once. > >That's true. Hey, WoSign has solved the CRL scalability problem! >It'd be impossible to revoke (via CRL and/or OCSP) a subset of those 313 >certs

Re: Reuse of serial numbers

2016-09-01 Thread Rob Stradling
On 01/09/16 11:18, Peter Gutmann wrote: Rob Stradling writes: https://crt.sh/?serial=056d1570da645bf6b44c0a7077cc6769=1662 says "Not Revoked" three times. I wonder if that's causing some confusion here. Just to make sure I'm not misreading this in some way, is

RE: website control validation problem

2016-09-01 Thread Richard Wang
For https://crt.sh/?id=29884704 , he finished the website control validation. We and Alibaba are investigating why he can do the website control validation. The is the log, but we can't expose more now since it is related to Alibaba. 2016-06-23 01:34:39: WoSign validation system received

RE: Yes, we are improved

2016-09-01 Thread Richard Wang
We can separate the 2015 incident from 2016, and separate report incident from un-reported, then all clear: In 2015 reported: Incident -2: 16 January 2015 - 5 March 2015 - 1,132 BR-violating SHA-1 certificates Incident X: April 9 - April 14, 2015 - 392 duplicate serial numbers In 2015

Re: Hongkong Post recently issued SHA1 cert that could be used in TLS

2016-09-01 Thread Matt Palmer
On Thu, Sep 01, 2016 at 07:48:23PM +0800, Man Ho (Certizen) wrote: > > On 9/1/2016 6:13 PM, Matt Palmer wrote: > > You might want to let them know it's time to get new certs. > > > > - Matt > We did inform all subscribers back in October 2014 that SHA-1 SSL server > cert was CEASED since 1

RE: Incidents involving the CA WoSign

2016-09-01 Thread Richard Wang
The posting to log server still not finished. Best Regards, Richard -Original Message- From: Peter Bowen [mailto:pzbo...@gmail.com] Sent: Thursday, September 1, 2016 11:11 PM To: Richard Wang Cc: Ryan Sleevi ;

Re: Yes, we are improved

2016-09-01 Thread Ryan Sleevi
On Thursday, September 1, 2016 at 6:35:54 PM UTC-7, Richard Wang wrote: > I said " Yes, we are improved", you can see from the timeline that from June > 2015 to July 2016, over one-year period that we don't have any incident, this > means we fixed system bug in time and do more validation and

Re: Reuse of serial numbers

2016-09-01 Thread Richard Barnes
On Thu, Sep 1, 2016 at 6:35 AM, Rob Stradling wrote: > On 01/09/16 11:29, Peter Gutmann wrote: > >> Rob Stradling writes: >> >> I guess it makes them easy to revoke, if a single revocation can kill 313 certs at once. >>> >>> That's

Re: Reuse of serial numbers by StartCom

2016-09-01 Thread Kurt Roeckx
On 2016-09-01 14:21, Matt Palmer wrote: On Thu, Sep 01, 2016 at 10:53:36AM +0300, Eddy Nigg wrote: On 09/01/2016 04:20 AM, Matt Palmer wrote: You were knowingly violating a MUST provision of RFC5280. From experience there have been many RFC violations, sometimes even knowingly and

Re: Hongkong Post recently issued SHA1 cert that could be used in TLS

2016-09-01 Thread Man Ho (Certizen)
On 9/1/2016 6:13 PM, Matt Palmer wrote: > You might want to let them know it's time to get new certs. > > - Matt We did inform all subscribers back in October 2014 that SHA-1 SSL server cert was CEASED since 1 January 2016, and reminded each of them individually that SHA-1 SSL server cert will no

Re: Incidents involving the CA WoSign

2016-09-01 Thread Erwann Abalea
Bonjour, Le jeudi 1 septembre 2016 09:27:11 UTC+2, Ryan Sleevi a écrit : > On Wednesday, August 31, 2016 at 11:03:11 PM UTC-7, Percy wrote: [...] > > Or we can use an offline whitelist. How about include SHA-2 of existing > > WoSign certificates in the binary? So the browser would first check

Re: Hongkong Post recently issued SHA1 cert that could be used in TLS

2016-09-01 Thread Nick Lamb
On Thursday, 1 September 2016 12:48:34 UTC+1, Man Ho (Certizen) wrote: > We did inform all subscribers back in October 2014 that SHA-1 SSL server > cert was CEASED since 1 January 2016, and reminded each of them > individually that SHA-1 SSL server cert will no longer be trusted by > browsers

Re: Incidents involving the CA WoSign

2016-09-01 Thread Ryan Sleevi
On Wed, August 31, 2016 10:09 pm, Richard Wang wrote: > Thanks for your so detail instruction. > Yes, we are improved. The two case is happened in 2015 and the mis-issued > certificate period is only 5 months that we fixed 3 big bugs during the 5 > months. > For CT, we will improve the

Re: Sanctions short of distrust

2016-09-01 Thread Jakob Bohm
On 01/09/2016 09:30, Ryan Sleevi wrote: On Thursday, September 1, 2016 at 12:07:48 AM UTC-7, Hanno Böck wrote: Good thing: Can be easily tested by others whether a CA implements it and it may reduce misissuances. I'm inclined to say every CA should implement CAA, but it seems last time this

Re: Reuse of serial numbers by StartCom

2016-09-01 Thread Jeremy Rowley
The ballot on this started today > On Sep 1, 2016, at 7:21 AM, Kurt Roeckx wrote: > >> On 2016-09-01 14:21, Matt Palmer wrote: >>> On Thu, Sep 01, 2016 at 10:53:36AM +0300, Eddy Nigg wrote: On 09/01/2016 04:20 AM, Matt Palmer wrote: You were knowingly violating a MUST

Re: Incidents involving the CA WoSign

2016-09-01 Thread Ryan Sleevi
On Thursday, September 1, 2016 at 5:30:28 AM UTC-7, Erwann Abalea wrote: > The whitelist for EV logged before 01/01/15 contained around 180k > certificates, each one identified by a 64bits digest, the list was compressed > in order to gain 25%, the result was an object slightly larger than 1MB.

Re: Incidents involving the CA WoSign

2016-09-01 Thread keycurves
> It is clear to us, and appears to be clear to > other CAs based on their actions, that misissuances where domain control > checks have failed fall into the category of "serious security concern". > ... > * It seems clear from publicly available information that StartCom's > issuance systems are

Re: Incidents involving the CA WoSign

2016-09-01 Thread Vincent Lynch
This may be getting a bit ahead of the discussion, but... The exact relationship between WoSign and StartCom seems relevant to how these violations should be handled. Whether browsers decide to distrust WoSign, require CTs for all/future certs, take some other "probationary" decision, or do