Add Google Root Certificates

ASSIGNED
Assigned to

Status

NSS
CA Certificate Root Program
ASSIGNED
a year ago
18 days ago

People

(Reporter: Ryan Hurst, Assigned: Kathleen Wilson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [ca-verifying] - Need BR Self Assessment)

Attachments

(6 attachments)

(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36

Steps to reproduce:

CA Details
----------

CA Name: Google Trust Services

Website: https://pki.goog 

One Paragraph Summary of CA:

Google Trust Services is run by Google.  Google is a commercial CA that will provide certificates to customers from around the world.  We will offer certificates for server authentication, client authentication, email (both signing and encrypting), and code signing.  Customers of the Google PKI are the general public.  We will not require that customers have a domain registration with Google, use domain suffixes where Google is the registrant, or have other services from Google.


This application includes four new root CAs. We have also acquired two roots already in the Mozilla program (GlobalSign R2 and R4), no changes are requested relative to these two roots.


Audit Type (WebTrust, ETSI etc.): 
WebTrust for CA 2.0, BR 2.0

Auditor: 				Ernst and Young USA
Auditor Website: 		http://www.ey.com/  
Audit Document URL(s): 
Web Trust for CAs:	https://cert.webtrust.org/ViewSeal?id=2124
Web Trust BRs: 	   	https://cert.webtrust.org/ViewSeal?id=2125 


Certificate Details Google Trust Services Root R1
--------------------------------------------------

Certificate Name: GTS Root R1
Summary Paragraph:
GTS Root R1 is a Root CA with an RSA key with a 4096 bit long modulus.  It will be used to issue a variety of certificate types via intermediates specific for each certificate type, as defined in our CP and CPS. Initially there will be one intermediate, “GTS X1”. For more information please see attached diagram.

Certificate URL:			https://pki.goog/gtsr1.crt    
Version: 				X.509 v3
SHA1 Thumbprint:            e1:c9:50:e6:ef:22:f8:4c:56:45:72:8b:92:20:60:d7:d5:a7:a3:e8
Public-Key:			(4096 bit)
Not Before:			Jun 22 00:00:00 2016 GMT
Not After :			Jun 22 00:00:00 2036 GMT

CRL URL:				http://crl.pki.goog/gtsr1/gtsr1.crl  
CRL issuance freq.:		At least once a quarter
OCSP URL: 				http://ocsp.pki.goog/gstr1      

Class (DV, IV, OV, or EV):	DV and OV
CP URL:				https://pki.goog/GTS-CP-1.0.pdf      
CPS URL:				https://pki.goog/GTS-CPS-1.0.pdf     
Requested Trust Indicators:	 Website, Email, and Code Signing
URLs of example websites using certificate subordinate to this root (if applying for SSL): 
					https://good.r1demo.pki.goog 
https://revoked.r1demo.pki.goog 
https://expired.r1demo.pki.goog 


Certificate Details Google Trust Services Root R2
--------------------------------------------------


Certificate Name: GTS Root R2
Summary Paragraph:
GTS Root R2 is a Root CA with an RSA key with a 4096 bit long modulus.  It will be used to issue a variety of certificate types via intermediates specific for each certificate type, as defined in our CP and CPS. Initially there will be one intermediate, “GTS X2”. For more information please see attached diagram.

Certificate URL:			https://pki.goog/gtsr2.crt     
Version: 				X.509 v3
SHA1 Thumbprint:            d2:73:96:2a:2a:5e:39:9f:73:3f:e1:c7:1e:64:3f:03:38:34:fc:4d
Public-Key:			(4096 bit)
Not Before:			Jun 22 00:00:00 2016 GMT
Not After :			Jun 22 00:00:00 2036 GMT

CRL URL:				https://crl.pki.goog/gtsr2/gtsr2.crl   
CRL issuance freq.:		At least once a quarter
OCSP URL: 				https://ocsp.pki.goog/gstr2      

Class (DV, IV, OV, or EV):	DV and OV
CP URL:				https://pki.goog/GTS-CP-1.0.pdf      
CPS URL:				https://pki.goog/GTS-CPS-1.0.pdf       
Requested Trust Indicators:	Website, Email, and Code Signing
URLs of example websites using certificate subordinate to this root (if applying for SSL): 
					https://good.r2demo.pki.goog 
https://revoked.r2demo.pki.goog 
https://expired.r2demo.pki.goog 


Certificate Details Google Trust Services Root R3
--------------------------------------------------


Certificate Name: GTS Root R3
Summary Paragraph:
GTS Root R3 is a Root CA with an ECDSA key using secp384r1.  It will be used to issue a variety of certificate types via intermediates specific for each certificate type, as defined in our CP and CPS.  Initially there will be one intermediate, “GTS X3”. For more information please see attached diagram.

Certificate URL:			https://pki.goog/gtsr3.crt     
Version: 				X.509 v3
SHA1 Thumbprint:            30:d4:24:6f:07:ff:db:91:89:8a:0b:e9:49:66:11:eb:8c:5e:46:e5
Public-Key:			ECDSA key using secp384r1
Not Before:			Jun 22 00:00:00 2016 GMT
Not After :			Jun 22 00:00:00 2036 GMT

CRL URL:				https://crl.pki.goog/gtsR3/gtsr3.crl   
CRL issuance freq.:		At least once a quarter
OCSP URL: 				https://ocsp.pki.goog/gstr3      

Class (DV, IV, OV, or EV):	DV and OV
CP URL:				https://pki.goog/GTS-CP-1.0.pdf      
CPS URL:				https://pki.goog/GTS-CPS-1.0.pdf     
Requested Trust Indicators:	Website, Email, and Code Signing
URLs of example websites using certificate subordinate to this root (if applying for SSL): 
					https://good.r3demo.pki.goog 
https://revoked.r3demo.pki.goog 
https://expired.r3demo.pki.goog 


Certificate Details Google Trust Services Root R4
--------------------------------------------------


Certificate Name: GTS Root R4
Summary Paragraph:
GTS Root R4 is a Root CA with an ECDSA key using secp384r1.  It will be used to issue a variety of certificate types via intermediates specific for each certificate type, as defined in our CP and CPS. Initially there will be one intermediate, “GTS X4”. For more information please see attached diagram.

Certificate URL:			https://pki.goog/gtsr4.crt     
Version: 				X.509 v3
SHA1 Thumbprint:            6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99
Public-Key:			ECDSA key using secp384r1
Not Before:			Jun 22 00:00:00 2016 GMT
Not After :			Jun 22 00:00:00 2036 GMT

CRL URL:				https://crl.pki.goog/gtsR4/gtsr4.crl   
CRL issuance freq.:		At least once a quarter
OCSP URL: 				https://ocsp.pki.goog/gstr4      

Class (DV, IV, OV, or EV):	DV and OV
CP URL:				https://pki.goog/GTS-CP-1.0.pdf      
CPS URL:				https://pki.goog/GTS-CPS-1.0.pdf     
Requested Trust Indicators:	Website, Email, and Code Signing
URLs of example websites using certificate subordinate to this root (if applying for SSL): 
					https://good.r4demo.pki.goog 
https://revoked.r4demo.pki.goog 
https://expired.r4demo.pki.goog
(Reporter)

Comment 1

a year ago
Created attachment 8821437 [details]
GTS PKI Hierarchy.pdf
(Assignee)

Updated

a year ago
Whiteboard: Information incomplete - Begin Information Verification
(Assignee)

Comment 2

a year ago
Francis, Please do the Information Verification for this request.
https://wiki.mozilla.org/CA:How_to_apply#Information_Verification
Assignee: kwilson → frlee
(Assignee)

Comment 3

a year ago
Ryan, My apologies for the delay in starting the Information Verification for this request due to holidays (December and Chinese New Year). I'm sure Francis will begin Information Verification of this request soon after he returns to the office.

Anyways, I was just looking at https://static.googleusercontent.com/media/pki.goog/en//GTS-CP-1.0.pdf and noticed that it refers to "Effective Date" a lot. But it was not clear to me what the "Effective Date" actually is. Please clarify.

Updated

a year ago
Assignee: frlee → awu

Comment 4

a year ago
Is there an ETA on this fix yet?
(Assignee)

Comment 5

a year ago
(In reply to B from comment #4)
> Is there an ETA on this fix yet?

See https://wiki.mozilla.org/CA for the process description.
And note: "It can take as long as two years for a new CA to make it from one end of the process to the other."

Aaron will begin step 4, Information Verification, but we're still waiting for the CA to reply to Comment #3.

and for a response from Google to the questions posted here:
https://groups.google.com/d/msg/mozilla.dev.security.policy/1PDQv0GUW_s/P8kAgEkODwAJ

Comment 6

a year ago
(In reply to B from comment #4)
> Is there an ETA on this fix yet?

To all those who are impatient for this certificate to be approved and implemented for Gecko-based products:

The presence of a root certificate in the NSS database used by Gecko-based products indicates that users can place some degree of trust in the use of that certificate for secure Web browsing.  For that trust to be valid, the certification authority owning the root certificate must undergo some scrutiny, which takes time.

Further expressions of the need for haste will not speed the process.  Any shortcuts or other measures to hasten the process can only weaken the trust users have in the overall certificate database.

Those who are anxious for these root certificates -- those who already trust them and who have no patience with the Mozilla process for scrutinizing certificate authorities -- can download and install the root certificates themselves.  

Note well:  These are my personal comments.  I do not work for either the Mozilla Foundation or the Mozilla Corporation.  Thus, these comments do not reflect the position of either organization.

Comment 7

a year ago
Relevant comments were forwarded to Google's security team to assist.

Comment 8

a year ago
(In reply to B from comment #4)
> Is there an ETA on this fix yet?

Is the lack of inclusion causing you a problem?  www.google.com is not currently using certificates that chain to these Google Trust Services CAs, so any errors you are seeing should not be due to this bug.
(Reporter)

Comment 9

a year ago
Created attachment 8844281 [details]
Tarsier Key Transference GlobalSign Root R2 and R4 - Final Report
(Reporter)

Comment 10

a year ago
Created attachment 8844282 [details]
Report on Management’s Assertion
Related to the Key Generation and Key
Transference of GTS Root R1, GTS Root
R2, GTS Root R3, and GTS Root R4
(Reporter)

Comment 11

a year ago
(In reply to Peter Bowen from comment #8)
> (In reply to B from comment #4)
> > Is there an ETA on this fix yet?
> 
> Is the lack of inclusion causing you a problem?  www.google.com is not
> currently using certificates that chain to these Google Trust Services CAs,
> so any errors you are seeing should not be due to this bug.

Peter is right. Though we want very much to have our new roots accepted as part of the Mozilla Root Program, this should not represent a blocking issue at this time. Planning on which root certificates to use when you have so many third-parties who are dependent on you requires long term planning, our guidance for third-parties wanting to trust Google and Alphabet products and services is to use, and periodically ensure the list of roots they use includes those at: https://pki.goog/roots.pem
(Reporter)

Comment 12

a year ago
(In reply to Kathleen Wilson from comment #5)
> (In reply to B from comment #4)
> > Is there an ETA on this fix yet?
> 
> See https://wiki.mozilla.org/CA for the process description.
> And note: "It can take as long as two years for a new CA to make it from one
> end of the process to the other."
> 
> Aaron will begin step 4, Information Verification, but we're still waiting
> for the CA to reply to Comment #3.
> 
> and for a response from Google to the questions posted here:
> https://groups.google.com/d/msg/mozilla.dev.security.policy/1PDQv0GUW_s/
> P8kAgEkODwAJ

Thank you Kathleen, I apologize in the delay in answering the questions in that thread. If you check now you will see I have responded now.

Updated

a year ago
Whiteboard: Information incomplete - Begin Information Verification → [ca-verification]
(Reporter)

Updated

a year ago
Attachment #8844282 - Attachment description: Tarsier Key Transference GlobalSign Root R2 and R4 - Final Report → Report on Management’s Assertion Related to the Key Generation and Key Transference of GTS Root R1, GTS Root R2, GTS Root R3, and GTS Root R4

Updated

a year ago
Whiteboard: [ca-verification] → [ca-verifying]

Updated

11 months ago
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Comment 13

11 months ago
Created attachment 8852819 [details]
CAInformaion_Google_InfoNeeded_20170330.pdf

Comment 14

11 months ago
Hi Ryan,

Based on the CPS and the information you provided, I've verified and enter into Salesforce for 4 root cases. Please see attachment in Comment#13 and we need your more information input and clarify which marked as "Need Response from CA" and "Need Clarification from CA"


Note:
1. For 'Recommended Practices' please refer to:
https://wiki.mozilla.org/CA:Recommended_Practices#CA_Recommended_Practices
2. For 'Problematic Practices' please refer to:
https://wiki.mozilla.org/CA:Problematic_Practices#Potentially_problematic_CA_practices

Kind regards,
Aaron

Comment 15

10 months ago
Hi Ryan,

Please also perform the BR Self Assessment, and attach the resulting BR-self-assessment document to this bug.

Note:
Current version of the BRs: https://cabforum.org/baseline-requirements-documents/
Until a version of the BRs is published that describes all of the allowed methods of domain validation, use version 1.4.1 for section 3.2.2.4 (Domain validation): https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.1.pdf

= Background = 

We are adding a BR-self-assessment step to Mozilla's root inclusion/change process.

Description of this new step is here:
https://wiki.mozilla.org/CA:BRs-Self-Assessment

It includes a link to a template for CA's BR Self Assessment, which is a Google Doc:
https://docs.google.com/spreadsheets/d/1ni41Czial_mggcax8GuCBlInCt1mNOsqbEPzftuAuNQ/edit?usp=sharing

Phase-in plan is here:
https://groups.google.com/d/msg/mozilla.dev.security.policy/Y-PxWRCIcck/Fi9y6vOACQAJ

Please let me know if you have any question, thank you!


Kind regards,
Aaron

Updated

10 months ago
Whiteboard: [ca-verifying] → [ca-verifying] - Need BR Self Assessment

Updated

10 months ago
Product: mozilla.org → NSS
(Assignee)

Comment 16

9 months ago
I have exchanged email with the auditor and confirmed the authenticity of these two audit statements:

1) Tarsier Key Transference GlobalSign Root R2 and R4 - Final Report Direct Link:
https://bug1325532.bmoattachments.org/attachment.cgi?id=8844281

2) Report on Management’s Assertion Related to the Key Generation and Key Transference of GTS Root R1, GTS Root R2, GTS Root R3, and GTS Root R4 Direct Link:
https://bug1325532.bmoattachments.org/attachment.cgi?id=8844282
(Assignee)

Comment 17

6 months ago
Ryan, please respond to Comment #15.

Comment 19

a month ago
Created attachment 8943360 [details]
2017 BR Self Assessment for GTS.pdf

Comment 20

a month ago
Hi Kathleen and Aaron,

I added the BR Self Assessment as an attachment.

Kind regards,
David

Comment 21

a month ago
Since at least 19 January 2018 and continuing today, google.com has had a persistent OCSP problem that prevents accessing any Google Web page if OCSP-checking is enabled.  This was reported in the mozilla.dev.security.policy newsgroup.  I will attach an image of the error popup.  

Most significantly, Google seems to lack a reasonable means to report the error.  The only E-mail address in the google.com WhoIs record is dns-admin@google.com.  My E-mail to that address with a report of the problem resulted in an automated reply indicating that security issues should instead be reported to security@google.com.  My message to that latter address resulted in an automated reply from security@google.com that listed a variety of Web addresses for reporting various problems.  Since I refuse to disable OCSP checking and all those Web addresses are for the google.com domain, I consider that response invalid.  

Before this request by Google progresses, I suggest that Google be required to demonstrate that they have a readily-found, public-facing means for individuals to report PKI problems.

Comment 22

a month ago
David: CAs are required to disclose their problem reporting mechanisms in their CP/CPS. Did you examine the CP/CPS? If not, why not? If so, did you attempt to use that mechanism? This is the same requirement of all CAs, by virtue of the Baseline Requirements.

Comment 23

a month ago
Created attachment 8944292 [details]
OCSP error popup for google.com

The affected certificate -- Google Internet Authority G2 -- appears to be an intermediate certificate signed by the GeoTrust Global CA root.  If Google cannot properly manage even its intermediate certificate, can it be expected to manage a certification authority and its root certificate?

Comment 24

a month ago
(In reply to Ryan Sleevi from comment #22)
> David: CAs are required to disclose their problem reporting mechanisms in
> their CP/CPS. Did you examine the CP/CPS? If not, why not? If so, did you
> attempt to use that mechanism? This is the same requirement of all CAs, by
> virtue of the Baseline Requirements.

The OCSP problem appears to be related to an intermediate certificate, not a root.  Thus I do not think Google's CP/CPS would apply.  I raise this issue because it creates a question (at least for me) whether Google can properly operate a certification authority.

Comment 25

a month ago
(In reply to David E. Ross from comment #24)
> The OCSP problem appears to be related to an intermediate certificate, not a
> root.  Thus I do not think Google's CP/CPS would apply.  I raise this issue
> because it creates a question (at least for me) whether Google can properly
> operate a certification authority.

Then I'm afraid you misunderstand CP/CPSes, as they apply to the hierarchy, and define the set of policies. We can continue this on m.d.s.p., but it does seem that your misunderstanding about how to report problems to CAs - any CA - has lead you to incorrect conclusions, both about responsiveness and what is expected of trusted CAs.

Comment 26

a month ago
I have updated the m.d.s.p thread on this incident but given the conversation moved into the bug I wanted to provide the same update here.

The issue has been identified and a fix has been pushed. I have verified the fix personally in several regions but it will take time for the fix to propagate globally.

As for how to contact the Google PKI team or any WebPKI CA, all CAs are required to include contact details in their CPS you can see this detail in our CPS (https://static.googleusercontent.com/media/pki.goog/en//GTS-CPS-2.0.pdf) in sections 4.9.3, 1.5.2 and 2.

Understanding that not all relying parties may be familiar with this practice we also include these contact details in the footer of https://pki.goog.

Additionally, we are actively working on a post-mortem and when it is complete we will share it with the Mozilla community.

Comment 27

a month ago
It appears the fix has propagated globally.
You need to log in before you can comment on or make changes to this bug.