Re: WoSign and StartCom

2016-09-27 Thread Hector Martin "marcan"
are going to be the least of your worries. The "install it once and don't touch it" mentality stops working the moment there's an Ethernet port with a cable connected to it. I would hope networked equipment at critical public infrastructure like a hospital is using a supported, updated oper

Re: Fw: StartCom temination announcement

2017-12-03 Thread marcan via dev-security-policy
not to, we're going to sell your e-mail address to other CAs". Lovely. -- marcan (mar...@marcansoft.com) Public Key: https://mrcn.st/pub ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: Efficient test for weak RSA keys generated in Infineon TPMs / smartcards

2017-10-20 Thread Hector Martin 'marcan' via dev-security-policy
some fraction (or at least 100% of keys generated on affected hardware are detected by the test tool regardless of how vulnerable they are). [1] https://crypto.stackexchange.com/questions/52292/what-is-fast-prime -- Hector Martin "marcan" Public key: https://m

Re: Possible future re-application from WoSign (now WoTrus)

2017-11-24 Thread Hector Martin 'marcan' via dev-security-policy
On 2017-11-22 21:10, Rob Stradling via dev-security-policy wrote: > On 22/11/17 11:45, marcan via dev-security-policy wrote: >> On 22/11/17 20:41, Tom via dev-security-policy wrote: >>>> Although not listed in the Action plan in #1311824, it is noteworthy >>>>

Re: 2018.01.09 Issue with TLS-SNI-01 and Shared Hosting Infrastructure

2018-01-13 Thread Hector Martin 'marcan' via dev-security-policy
rhaps one of the simplest and most universal validation configurations, working with any server software as long as you can provision a single static DNS record. -- Hector Martin "marcan" (mar...@marcan.st) Public Key: https://mrcn.st/pub ___ d

Re: Trustico code injection

2018-03-01 Thread Hector Martin 'marcan' via dev-security-policy
On 2018-03-02 02:56, Hector Martin 'marcan' via dev-security-policy wrote: > On 2018-03-02 00:28, Hanno Böck via dev-security-policy wrote: >> Hi, >> >> On twitter there are currently some people poking Trustico's web >> interface and found trivial script injections: >

Re: Trustico code injection

2018-03-01 Thread Hector Martin 'marcan' via dev-security-policy
think of all of this? -- Hector Martin "marcan" (mar...@marcan.st) Public Key: https://mrcn.st/pub ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: Trustico code injection

2018-03-01 Thread Hector Martin 'marcan' via dev-security-policy
erver was handling TLS, not a remote load balancer solution (unless somehow 127.0.0.1 was forwarding to a remote host, which doesn't really make any sense). -- Hector Martin "marcan" (mar...@marcan.st) Public Key: https://mrcn.st/pub ___ dev-secu

Re: Trustico code injection

2018-03-01 Thread Hector Martin 'marcan' via dev-security-policy
ave demonstrated such problems? -- Hector Martin "marcan" (mar...@marcan.st) Public Key: https://mrcn.st/pub ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: DNS fragmentation attack subverts DV, 5 public CAs vulnerable

2018-12-11 Thread Hector Martin 'marcan' via dev-security-policy
s particular attack, and I'm hoping that by pointing this out we can start a discussion about what those mitigations should look like :-) As you've noted, Let's Encrypt seems to be leading on this front. It would be interesting to see if any other CAs can document their approach to mitigating this

Re: Online exposed keys database

2018-12-27 Thread Hector Martin 'marcan' via dev-security-policy
, etc). -- Hector Martin "marcan" Public key: https://mrcn.st/pub ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: CAA records on a CNAME

2019-03-17 Thread Hector Martin 'marcan' via dev-security-policy
h to lock down their CAA records for such third-party hosted domains would have to get CAA records added to them, but I think that makes more sense as an explicit thing rather than breaking CNAMEs by default). -- Hector Martin "marcan" Public key: https://mrcn.st/pub _

Re: Survey of (potentially noncompliant) Serial Number Lengths

2019-03-18 Thread Hector Martin 'marcan' via dev-security-policy
ead of > 64? > > Yes. Fixed. Thanks! Perhaps it would make sense to separate out <64, ==64, >64? 100% "64-bit" serial numbers would indicate an algorithm using 63 bits of entropy and the top bit coerced to 1. -- Hector Martin "marcan" (mar...@marcan.s

Re: CAA records on a CNAME

2019-03-18 Thread Hector Martin 'marcan' via dev-security-policy
Martin "marcan" Public key: https://mrcn.st/pub ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: Pre-Incident Report - GoDaddy Serial Number Entropy

2019-03-18 Thread Hector Martin 'marcan' via dev-security-policy
-- Hector Martin "marcan" Public key: https://mrcn.st/pub ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: Pre-Incident Report - GoDaddy Serial Number Entropy

2019-03-18 Thread Hector Martin 'marcan' via dev-security-policy
ere one bit never changes. [1] See https://en.wikipedia.org/wiki/Birthday_problem#Cast_as_a_collision_problem : >>> math.sqrt(2*(2**64) * math.log(1/(1 - 0.01))) 608926881.2334852 -- Hector Martin "marcan" Public key: https://mrcn.st/pub _

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

2019-03-12 Thread Hector Martin 'marcan' via dev-security-policy
at hand, and accepting responsibility is a basic tenet of earning community trust. [1] https://mrcn.st/t/1780_27c3_console_hacking_2010.pdf pp. 122-129 -- Hector Martin "marcan" Public key: https://mrcn.st/pub ___ dev-security-policy mailing list

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

2019-03-12 Thread Hector Martin 'marcan' via dev-security-policy
not attempting to pursue "creative interpretations"), but also, equally, recognizing when actions and decisions may have unexpectedly and unintentionally contributed to a problem, and making changes to eliminate that possibility in the future. -- Hector Martin "marcan" (mar...@ma

Re: Pre-Incident Report - GoDaddy Serial Number Entropy

2019-03-12 Thread Hector Martin 'marcan' via dev-security-policy
help it. -- Hector Martin "marcan" (mar...@marcan.st) Public Key: https://mrcn.st/pub ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: Entropy of certificate serial number

2019-04-11 Thread Hector Martin 'marcan' via dev-security-policy
bet you could combine it with the x.509 structure to yield useful conditional parsing, much like the demonstrated SHA-1 collision combined it with the JPEG structure to yield conditional parsing. The serial number entropy requirement also mitigates this weaker attack, of course. -- Hector Martin &quo