Closed Bug 1060863 Opened 10 years ago Closed 9 years ago

LuxTrust: issuing 1024 bit certificates

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Platform:
x86
All
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kurt, Assigned: ca)

References

Details

(Whiteboard: BR Compliance - 1024 bit certs) 

I'm seeing recent 1024 bit certificates from following chain:
CN = Baltimore CyberTrust Root, OU = CyberTrust, O = Baltimore, C = IE
CN = LuxTrust root CA, O = LuxTrust s.a., C = LU
CN = LuxTrust Qualified CA, O = LuxTrust S.A., C = LU
Blocks: BR-Compliance
Whiteboard: BR Compliance - 1024 bit certs
Blocks: 944783
Assignee: kwilson → ca
As mentioned in the comment from Kurt, this certificate is issued under a CA which is signed by Baltimore. The concerned CA is 'LuxTrust root CA' (AKI : a6 0c 1d 9f 61 ff 07 17 b5 bf 38 46 db 43 30 d5 8e b0 52 06, SKI : dd 8a d7 30 f1 f9 91 71 e9 47 70 0c 25 e5 ac a1 8d df 8c 25) cross-signed by Baltimore CyberTrust Root. This CA is not in the scope of our request


The Root self signed CA submitted to Mozilla is our own self-signed CA, 'LuxTrust *Global* Root' and the AKI is different (AKI : 17 15 85 89 09 2f 24 87 6f 3f 1d 1b e4 f2 96 79 83 48 13 ce, SKI : 17 15 85 89 09 2f 24 87 6f 3f 1d 1b e4 f2 96 79 83 48 13 ce).
Luxtrust,

The certificate is still in violation of the CA/B Browser Forum. This is also a separate bug. You are obligated to take action regardless of any pending inclusion requests. Not taking action or responding without remedying the issue only damages your request.
We would like to bring the following clarifications :

LuxTrust has two different certificate chains : 
1. LuxTrust *Global* Root CA chain, which is in the scope of the submission to Mozilla Trusted CA program. The LT Global Root CA respects Mozilla CA Certificate policy requirements and its Sub CAs LT Global Qualified CA and LT SSL CA are certified against :
- ETSI TS 101 456 v1.4.3 for the products under the QCP+ and QCP certificate policies, and
- ETSI TS 102 042 v2.4.1 for the products under the NCP+, NCP, OVCP and EVCP certificate policies

2. LuxTrust Root CA chain, which is not in the scope of the submission to Mozilla Trusted CA program and is the subject of the present bug report :
o    This Root CA was initially created and cross-signed by GTE and is now cross-signed by Baltimore.
o    Under this CA chain, the LT Qualified CA issued certificates with 1024 bit length and with a 5 years lifetime, however :
- The LT Qualified CA does not issue 1024 bit certificates any more
- The last 1024 bit certificate with a 5 years lifetime was issued on 1st July 2011, before the adoption of the CA Browser forum Baseline requirements V1 (adoption on 22 November 2011).

Moreover, we confirm that LuxTrust Global Root does not and will never cross-sign with the LuxTrust Root CA.

Based on the points listed above, we request that the present bug report 1060863 be considered not blocking for the  acceptance of LT Global Root CA submission (Bug report 944783), and at the same time, be closed.

Regards,
Kurt: you said you had seen _recent_ issuance from this root, but LuxTrust say "The last 1024 bit certificate with a 5 years lifetime was issued on 1st July 2011". If they are mistaken in this, can you provide an example of a recent cert?

Gerv
Flags: needinfo?(kurt)
The last 10 examples I have:
 serial number | public key size | not valid before:
 \x0625ef      |            1024 | 2014-06-25 14:18:31+00
 \x0602cf      |            2047 | 2014-03-26 14:29:51+00
 \x05c442      |            2047 | 2013-09-24 11:36:18+00
 \x050731      |            1024 | 2012-07-26 16:26:07+00
 \x05072f      |            1024 | 2012-07-26 16:24:37+00
 \x05072e      |            1024 | 2012-07-26 16:23:25+00
 \x05072d      |            1024 | 2012-07-26 16:22:28+00
 \x05072b      |            1024 | 2012-07-26 16:19:34+00
 \x0364e1      |            1024 | 2011-06-15 09:43:28+00
 \x0363f3      |            1024 | 2011-06-14 00:00:00+00
Flags: needinfo?(kurt)
Thanks, Kurt. 

Luxtrust: how does the above fit with your assertion that the last 1024-bit cert in this hierarchy was issued in 2011?

"CN = Baltimore CyberTrust Root, OU = CyberTrust, O = Baltimore, C = IE" is a 2048-bit root and therefore not scheduled for removal from our store. Certificates chaining to it are trusted in Firefox. However, CAs should have ceased issuing 1024-bit certs for public use quite some time ago. This is what provokes our interest in the things Kurt is reporting.

Gerve
Thank you for pointing this out to us. 

Following your remarks, an in-depth assessment of the situation was immediately launched at LuxTrust. 
Given the importance of this bug report, LuxTrust Management has given high priority for this action and requested a global assessment of the certificates issued under this chain. The 1024 bit certificates are assessed one by one and appropriate measures are being proposed for correction.
We could not provide Mozilla with a feedback yet given that collecting all information took some more time than expected (especially in this holiday period). 

Nevertheless, once we have the assessment outputs (target date : next week), we will share this information on the bug report with the necessary corrective actions taken.

Yves
Following our assessment with regards to the 1024 - bit SSL certificates issued under the LT Qualified CA chain and cross-signed with Baltimore CyberTrust Root, please find below the related outputs:

1. these certificates (22) have been issued after july 2011 for business reasons:
1.1 most of these certificates were issued for one of the customers who had a technical restriction on their HSM which only supported at that time a max key length of 1024 bit
1.2 the other (few ones) have been issued for internal use 

2. among these certificates , some are already revoked and expired
3. in agreement with our customer, the other remaining 1024 bit active certificates will be replaced with 2048 bit certificates by the end of this year
4. the same measure has been defined for LuxTrust internal ones, by the end of this year.

Should you need more details, we remain fully available for providing further information.
thank you,
Yves
What does Mozilla do in this case (where a CA willingly broke the CA/B Baseline for 3 years & profited off of doing so?)
(In reply to him from comment #9)
> What does Mozilla do in this case (where a CA willingly broke the CA/B
> Baseline for 3 years 

Version 2.1 of Mozilla's CA Certificate Policy (which started to require compliance with the BRs) was published on February 14, 2013. 
https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Baseline_Requirements
"The first BR audit for each CA and subCA may include a reasonable list of BRs that the CA (or subCA) is not yet in compliance with...."

Since these certs were not issued in the LuxTrust Global Root CA hierarchy, I will removed the dependency from bug #944783.  However, I would still like to see this bug to completion by the end of this year, as per Comment #8.
No longer blocks: 944783
I'm seeing a 2047 bit certificate issued in September.
In reply to Comment 10, the identified 1024 bits certificates (which were issued for the concerned customer as stated in comment 8) have been revoked.  

Regards,
Regarding the comment raised by Mr Roeckx with regards to the 2047 bits certificates, we have assessed the situation in a risk-based approach. Given that 2047 bit keys have an equivalent strength as 2048 bit keys, no measure has been implemented yet for changing the 2047 bit keys.
2047 bit keys are 2048 bit keys for which the most significant bit is equal to 0. In addition, depending on the cryptographic library used, a 2048 bit key can be identified as 2048 or 2047 bits length key. 
For example, OpenSSL will identify a 2047 bit key and NSS a 2048 bits key for the same certificate. In a past post in Bugzilla regarding 1023 versus 1024 bit keys (which is basically the same issue), the proposal was to check with NSS : https://bugzilla.mozilla.org/show_bug.cgi?id=360126#c10
 Here are my result: 

\x050731      |            1024 | 2012-07-26 16:26:07+00
 \x05072f      |            1024 | 2012-07-26 16:24:37+00
 \x05072e      |            1024 | 2012-07-26 16:23:25+00
 \x05072d      |            1024 | 2012-07-26 16:22:28+00
The four certificates with serial numbers  \x050731,\x05072f,\x05072e and \x05072d were revoked on 18th December 2014, as mentioned in our statement, comment 12.
Please also refer to the LTQCA crl published on http://crl.luxtrust.lu/LTQCA.crl
Regards,
Is this bug ready to be closed as Resolved Fixed?
According to the topics previously communicated, we confirm that this bug report can be closed.
Regards,
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.