1539190 - Kamu SM: Insufficient Serial Number Entropy

Status: RESOLVED FIXED

(CA Program :: CA Certificate Compliance, task)

Description

[Wayne Thayer]

Melis Balkaya posted the following incident report to the mozilla.dev.security.policy list:

As a preliminary note, Kamu SM would like to express that the only affected 2 certificates are the test certificates issued to our own domains in order to fulfill the related requirement of Mozilla Root Inclusion Request.

1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date.

While Mozilla root inclusion process of Kamu SM, we had noticed that our test certificates has serial number lower than 64 bits. Our system had been updated to generate serial numbers with greater than 64 bit entropy in 2017.

We monitor mozilla.dev.security.policy group daily based and we became aware of the EJBCA problem about DarkMatter concerns on 2019-02-26.

2. A timeline of the actions your CA took in response. A timeline is a date-and-time-stamped sequence of all relevant events. This may include events before the incident was reported, such as when a particular requirement became applicable, or a document changed, or a bug was introduced, or an audit was done.

2017-02-03 Kamu SM has issued three test certificates which are valid, expired and revoked in order to fulfill the related Mozilla Root Inclusion process requirement.

2017-03-07 In CP/CPS reviewing for Mozilla Root Inclusion Request of Kamu SM, we had noticed that our random number generator was not generating serial numbers with 64-bit entropy. Then, we changed the procedure for generating serial numbers as greater than 64-bit entropy. Our “valid test SSL certificate” was renewed with such a serial number. We did not take an action for other two test certificates because one is revoked and the other is expired.

2019-02-26 We became aware of the EJBCA problem about DarkMatter concerns.

2019-03-08 We have informed software developer team about the raised issue.

2019-03-11 They checked all certificates issued by "CN=TUBITAK Kamu SM SSL Sertifika Hizmet Saglayicisi - Surum 1”. They came to the conclusion that none of the issued certificates other than the two test certificates mentioned above are affected by this issue.

3. Whether your CA has stopped, or has not yet stopped, issuing certificates with the problem. A statement that you have will be considered a pledge to the community; a statement that you have not requires an explanation.

Since none of our customer certificates are affected by the serial number entropy problem, we have continued to issue SSL certificates.

4. A summary of the problematic certificates. For each problem: number of certs, and the date the first and last certs with that problem were issued.

2017-02-03 Kamu SM has issued three test certificates which are valid, expired and revoked in order to fulfill the related Mozilla Root Inclusion process requirement.

2019-03-19 With the announcement of the list of CAs that have been noncompliant with BR 7.1, we have investigated that two test certificates that are issued in the process of the Mozilla root inclusion request are affected by this issue.

5. The complete certificate data for the problematic certificates. The recommended way to provide this is to ensure each certificate is logged to CT and then list the fingerprints or crt.sh IDs, either in the report or as an attached spreadsheet, with one list per distinct problem.

2017-02-03 testsslrevoked.kamusm.gov.tr (0xbe64996b) https://crt.sh/?id=95903318

2017-02-03 testsslexpired.kamusm.gov.tr (0x76cb4f6c) https://crt.sh/?id=95903322

6. Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now.

Our certificate issuance system has been updated before we have included Mozilla Root Store.

7. List of steps your CA is taking to resolve the situation and ensure such issuance will not be repeated in the future, accompanied with a timeline of when your CA expects to accomplish these things.

Our affected test certificates were not valid since the beginning, and it is not allowed to issue a valid subscriber certificate which has a serial number lower than 64 bit in our system. All issued subscriber certificates other than those test certificates comply with BR 7.1.