Closed Bug 1315035 Opened 8 years ago Closed 8 years ago

SHA-1 issuance by T-Systems root

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: gerv, Assigned: kathleen.a.wilson)

References

Details

https://crt.sh/?cablint=211&iCAID=770&minNotBefore=2016-01-01&opt=cablint lists three certificates for the domain names "mawi.hilgmbh.de", "centest.mohnmedia.net" and "cendemo.mohnmedia.net", which use the SHA-1 hash algorithm and were issued in 2016. These certs was issued by the intermediate "Shared Business CA 3":
https://crt.sh/?caid=770&opt=cablint
which chains up to "Deutsche Telekom Root CA 2", a root certificate trusted by Mozilla to issue server certificates. These certificates do not have an Extended Key Usage extension and therefore AIUI would be recognised by Firefox as valid for servers.

We recognise these certs have been revoked. However, this issuance is in violation of the Baseline Requirements, which Mozilla policies require adherence to. Please can you explain what has happened, with particular reference to the following questions:

A) Does the CP/CPS of the relevant issuing CA forbid the use of SHA-1? If not, why not?

B) What is the audit status of the relevant issuing CAs?

C) What technical controls are in place within your CA to prevent SHA-1 issuance and how were they bypassed?

Gerv
Bernd, Please look into this and update this bug with the information listed above as soon as possible.
Blocks: BR-Compliance
I notice one of these certs was discovered earlier this year and discussed in this thread:
https://groups.google.com/d/msg/mozilla.dev.security.policy/xKibg5sf5Oc/P0QAb728BAAJ 

However, there seem to be some open questions there which were not answered. Now might be a good moment for T-Systems to explain fully what happened in that case, and the other case.

Gerv
Gerv, we also discussed these topics in January on “mozilla.dev.security.policy”, see:
https://groups.google.com/d/msg/mozilla.dev.security.policy/SoODejSKGv0/kk3UNaM1AQAJ

Bernd
Bernd: on 3rd Feb you said (in the thread that you link to) that "SHA-1 certs can no longer be issued.". However, this cert:
https://crt.sh/?id=15019496&opt=cablint
was issued on 9th March. How did that happen?

Gerv
Hi Gerv, this certificate was issued by a customer (hilgmbh.de), to misuse an S/MIME certificate (SHA-1) as a gateway certificate, see:
https://groups.google.com/d/msg/mozilla.dev.security.policy/xKibg5sf5Oc/P0QAb728BAAJ.
Bernd
Bernd: in the conversation you link to, Nick Lamb had some very good questions. Please can you provide answers to them?

Thanks,

Gerv
The T-Systems "Shared-Business-CA" (SBCA) is a managed corporate PKI. Depending on the scope, SBCA can issue different certificate types. These certificate types have different profiles and use different templates, in which the CP/CPS defines the usage and scope of the certificates.

For a short time, some fields were not checked properly while issuing SMIME certificates. This was caused by an error within the verification routine. Because of that, it was possible to fill the common name field (CN) with an FQDN instead of given name and surname. Although this is prohibited specifically in the CP/CPS, these circumstances were utilized. 

Promptly after we realized the problem, the corresponding option was deactivated. Therefore, no additional certificates could be issued in this form. The affected certificates were revoked immediately. 
Following, the error was fixed and the continuous monitoring as the internal reviews were enhanced.

Bernd
Thank you for the explanation, and the details of the steps you are taking to make sure this doesn't happen again.

Gerv
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.