Closed Bug 1530971 Opened 5 years ago Closed 5 years ago

HARICA: P-384,ecdsa-with-SHA256 Certificates

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jimmy, Assigned: jimmy)

Details

(Whiteboard: [ca-compliance] [ca-misissuance])

Attachments

(1 file, 1 obsolete file)

Incident Report for Mozilla Feb 2019-v1.1.pdf
236.47 KB, application/pdf
Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0

Steps to reproduce:

On February 25th 2019 during a detailed policy documents review comparing differences between the Baseline Requirements and Mozilla Policy, we discovered that HARICA had issued Intermediate CA Certificates with ECDSA P-384 key and SHA256 hashing algorithm which is a violation of Section 5.1 of the Mozilla Root store Policy.

The effective date of the Mozilla Root store Policy that only allows specific curve-hash pairs was February 28, 2017. Please note that this issue is not considered a violation of the Baseline Requirements which describe allowed curves and hashing algorithms in section 6.1.5.

HARICA's CA Software (EJBCA) was set to inherit the Root CA's combination of Key and hash algorithms and used the SHA256ECDSA algorithm although the key was using curve P-384. This led to issuing subCA Certificates and end-entity certificates with the same pair (SHA256, P-384).

As soon as the finding was verified and an internal Incident created (Ticket#2019022610002302), Certificate issuance was disabled from the affected subCAs.

A full database scan was conducted and revealed only one (1) affected end-entity certificate issued for a test web site operated by HARICA. Five (5) intermediate CA Certificates were also affected.

Mitigation measures are implemented to minimize the risk of reoccurance. More details in section 2.7 of the attached report.

The problematic Certificates are planned to be revoked by March 8th, 2019.

Please let us know if you have any further questions or concerns about this incident.

Sincerely,

Dimitris Zacharopoulos.
PKI Manager

Assignee: wthayer → jimmy
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [ca-compliance]
QA Contact: kwilson → wthayer

This is the final report after revoking the affected CA Certificates and marking them accordingly in CCADB.

Please let us know if there are any further questions or concerns.

Attachment #9047010 - Attachment is obsolete: true

We will also ask from our CA software manufacturer to implement specific additional validators for Mozilla Policy requirements that detect similar inconsistencies.

What is the status if this action item?

Flags: needinfo?(jimmy)

We have created a ticket to PrimeKey for a feature request that checks for this rule. I don't know if this will be accepted as a feature request but in any case I can commit to informing the community in m.d.s.p. if this feature is added in EJBCA.

As far as HARICA is concerned, we have enforced our P384 subCAs to always use SHA384 as a hashing algorithm when they sign end-entity certificates, which is the expectation of the Mozilla Policy.

We have also created an issue (https://github.com/mozilla/pkipolicy/issues/170) with some recommended language to make this requirement clearer to CAs that implement this rule.

It appears that remediation is complete.

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Flags: needinfo?(jimmy)
Resolution: --- → FIXED

The community may follow the progress of this feature using this link:

Product: NSS → CA Program
Summary: Harica: P-384,ecdsa-with-SHA256 Certificates → HARICA: P-384,ecdsa-with-SHA256 Certificates
Whiteboard: [ca-compliance] → [ca-compliance] [ca-misissuance]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: