Closed
Bug 1315018
Opened 8 years ago
Closed 8 years ago
SHA-1 issuance by GlobalSign root
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: gerv, Assigned: kathleen.a.wilson)
References
Details
https://crt.sh/?cablint=211&iCAID=36&minNotBefore=2016-01-01&opt=cablint lists three intermediate certificates, which use the SHA-1 hash algorithm and were issued in 2016. These certs was issued directly by "GlobalSign Root CA", a root certificate trusted by Mozilla to issue server certificates. This issuance is in violation of the Baseline Requirements, which Mozilla policies require adherence to. Please can you explain what has happened, with particular reference to the following questions: A) Does the CP/CPS of the relevant issuing CA forbid the use of SHA-1? If not, why not? B) What is the audit status of the relevant issuing CAs? C) Given that the issuance of intermediates is a rare event taking much care, how did you manage to issue some SHA-1 ones? D) What technical controls are in place within your CA to prevent SHA-1 issuance and how were they bypassed? Gerv
Assignee | ||
Comment 1•8 years ago
|
||
Steve, Please look into this and update this bug with the information listed above as soon as possible.
Blocks: BR-Compliance
Comment 2•8 years ago
|
||
Gerv, GlobalSign generated some SHA-1 CAs earlier this year as part of normal CA lifecycle management. These CAs were generated to support S/MIME and client authentication products and we don’t intent to use them for SSL certificate issuance. These CAs are not technically constrained and they were disclosed to Mozilla in March 2016, shortly after they were created. Since these CAs will not be used to issue SSL certificates we didn’t believe that they fall under the BRs, and we didn’t see anything in the Mozilla policy that prohibited the creation of new SHA-1 CAs as long as they were not intended to be used to issue SSL certificates. If we misinterpreted your intent, we apologize, but based on your notes there is some "acknowledged" ambiguity which you appear to be addressing. Why did we use SHA-1? - We have several customers using our retail PersonalSign 1, 2, and 3 offering that continue to need SHA-1 S/MIME and/or client certificates including US FDA S/MIME, Belgian government and the Peru government. Not directly related is the need for SHA-1 Code Signing to support those applications that need to be used on older operating systems. Why did we not technically constrain these CAs? - Adding EKU to CAs can have unintended consequences, especially in older applications. Since we don't know all the applications that are using the email/client auth certificates it's risk we didn't want to take. Also, there is a minor Thunderbird email issue with using EKUs in CAs: https://bugzilla.mozilla.org/show_bug.cgi?id=1225818 I hope this helps. Doug
Reporter | ||
Comment 3•8 years ago
|
||
The BRs say: "These Requirements only address Certificates intended to be used for authenticating servers accessible through the Internet." Mozilla policy says: "CA operations and issuance of certificates to be used for SSL-enabled servers must also conform to version 1.1.5 of the CA/Browser Forum Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates." Because both of these use language of intent, it is at best unclear whether the SHA-1 ban applies to certificate not intended for server use. There is a discussion going on in m.d.s.policy to remedy this loophole. Gerv
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Updated•7 years ago
|
Product: mozilla.org → NSS
Updated•1 year ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•