1540315 - QuoVadis: LLB insufficient Serial Number Entropy

Status: RESOLVED FIXED

(CA Program :: CA Certificate Compliance, task)

Description

[Stephen Davidson]

Attachment: LLB_certificates_short serial.csv

1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date.

• LLB operates an external subCA signed by QuoVadis that is technically constrained to issue only S/MIME (rfc 822 constraints). LLB was informed by QuoVadis on March 8, 2019 about possible issues with 64 bit entropy in certificate serial numbers.

2. A timeline of the actions your CA took in response. A timeline is a date-and-time-stamped sequence of all relevant events. This may include events before the incident was reported, such as when a particular requirement became applicable, or a document changed, or a bug was introduced, or an audit was done.

• 2019-03-08: Information from QuoVadis about the issue
• 2019-03-11: Request further information from external consultant
• 2019-03-12: Starting analysis of the affected CA and certificates
• 2019-03-15: Report from external consultant about the affected CA and certificates
• 2019-03-20: Reporting back to QuoVadis – ongoing discussion between LLB and QuoVadis

3. Whether your CA has stopped, or has not yet stopped, issuing certificates with the problem. A statement that you have will be considered a pledge to the community; a statement that you have not requires an explanation.

• Certificates are only issued to internal employees. Certificates have never issued to external entities.
• The CA was stopped from issuing and the configuration was changed to 20 octet serials.

4. A summary of the problematic certificates. For each problem: number of certs, and the date the first and last certs with that problem were issued.

• There are 1360 valid certificates issued in the period April 4 2018 - March 27 2019.
• A list of the certificates is attached.

5. The complete certificate data for the problematic certificates. The recommended way to provide this is to ensure each certificate is logged to CT and then list the fingerprints or crt.sh IDs, either in the report or as an attached spreadsheet, with one list per distinct problem.

• These are S/MIME certs; CT is not used.
• A list of the certificates is attached.

6. Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now.

• Default installation of EJBCA.

7. List of steps your CA is taking to resolve the situation and ensure such issuance will not be repeated in the future, accompanied with a timeline of when your CA expects to accomplish these things.

• The PKI was upgraded and the configuration was changed to 20 octet serials.
• LLB intends to revoke and reissue the affected certificates. An update will be posted on the timeframe estimated to do so.

Comment 1

[Stephen Davidson]

As of June 8, we confirm that the last of these affected S/MIME certificates has been revoked by LLB. We consider the remediation complete.

Comment 2

[Ryan Sleevi]

Thanks for the update, Stephen. Please don't close out the bugs without someone from the CA Certificates Module doing so. I defer to Wayne to evaluate the acceptability and completeness of the remediation :)

Comment 3

[Stephen Davidson]

Thanks Ryan for clarifying that; I was uncertain.

Comment 4

[Wayne Thayer]

It appears that remediation has been completed.