Quovadis: Certificate containing Debian weak key



10 months ago
3 months ago


(Reporter: wayne, Assigned: s.davidson)


Firefox Tracking Flags

(Not tracked)


(Whiteboard: [ca-compliance])



10 months ago
Hanno Böck reported the following certificate, issued in 2016 but not revoked until reported to QuoVadis on May 13, 2018, containing a Debian weak key:


Please publish an incident report, as described here:
The incident report should be posted to the mozilla.dev.security.policy forum and added to this bug.

Comment 1

10 months ago
1.	How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date.

Hanno Böck reported the issue by email to our support helpdesk on Saturday 12 May 2018 at 08:48:58 UTC.

2.	A timeline of the actions your CA took in response. A timeline is a date-and-time-stamped sequence of all relevant events. This may include events before the incident was reported, such as when a particular requirement became applicable, or a document changed, or a bug was introduced, or an audit was done.

It was confirmed that our systems are testing for Debian weak keys, leading to an extensive review of how this certificate came to be issued.

The certificate was replaced and revoked 13 May 2018 at 10:49:19 UTC.

On 13 May 2018, a complete scan was made of all issued QuoVadis SSL to verify that no other certificates were issued with this issue.

3.	Whether your CA has stopped, or has not yet stopped, issuing certificates with the problem. A statement that you have will be considered a pledge to the community; a statement that you have not requires an explanation.

The issue was resolved.  In addition in 2018, QuoVadis introduced post-issuance linting using zLint which will assist in identifying problem certificates promptly.  

4.	A summary of the problematic certificates. For each problem: number of certs, and the date the first and last certs with that problem were issued.

The reported certificate – issued in April 2016 - was the sole certificate created with this issue.

5.	The complete certificate data for the problematic certificates. The recommended way to provide this is to ensure each certificate is logged to CT and then list the fingerprints or crt.sh IDs, either in the report or as an attached spreadsheet, with one list per distinct problem.


6.	Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now.

Our certificate management system (CMS) has been checking for Debian weak keys since c2008.   During an upgrade of the CMS in 2016, a change was made which changed the Debian weak key test from a “LIKE” an “EQUAL” check which impacted the effectiveness of the check.  The change was corrected, but the problem certificate issued in the interim was not identified, as in recent history the Debian weak key test had not been triggered.

7.	List of steps your CA is taking to resolve the situation and ensure such issuance will not be repeated in the future, accompanied with a timeline of when your CA expects to accomplish these things.

QuoVadis has a test plan designed to verify that functionality in prior CMS versions is not impacted by component upgrades.  The Debian weak key test was no longer on it.  A review is being conducted to confirm these test plans have coverage in line with BR etc.

Comment 2

10 months ago
(In reply to Stephen Davidson from comment #1)

> A review is being conducted to confirm these test
> plans have coverage in line with BR etc.

Stephen: thank you for the incident report. please update this bug with the results of your review.

Comment 3

4 months ago
Stephen: please respond to the question in comment #2.
Assignee: sdavidson → s.davidson
Flags: needinfo?(s.davidson)

Comment 4

4 months ago

A review was made of valid certificates and no other Debian weak keys were found. The Debian weak keys test was added to the test plan for changes to our CMS. Additional improvements are being made to our CMS key tests for the RSA "should" statements in section 6.1.6 of the BR.

Flags: needinfo?(s.davidson)

Comment 5

3 months ago

Thank you for the confirmation Stephen.

Last Resolved: 3 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.