Open Bug 1575530 Opened 2 months ago Updated 9 hours ago

Camerfirma: Govern d'Andorra audits

Categories

(NSS :: CA Certificate Compliance, task)

task
Not set

Tracking

(Not tracked)

ASSIGNED

People

(Reporter: martin_ja, Assigned: martin_ja, NeedInfo)

Details

(Whiteboard: [ca-compliance])

Attachments

(4 files, 1 obsolete file)

Attached file govern_andorra_serials.txt (obsolete) —

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

  1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date.

As a result of the annual audit performed to the intermediate certificate of the Government of Andorra to cover all the certificates issued by this intermediate certificate. This intermediate certificate does not issue SSL certificates only SMIME certificates.

This audit was carried out by the external provider Auren.

We were aware of the situation for the first time when we received the negative report that contained relevant deficiencies on July 29th, 2019.

  1. A timeline of the actions your CA took in response. A timeline is a date-and-time-stamped sequence of all relevant events. This may include events before the incident was reported, such as when a particular requirement became applicable, or a document changed, or a bug was introduced, or an audit was done.

    1.- Perform the audit to the intermediate certificate of the Government of Andorra (July 17th, 2019)
    2.- Receive and review the negative report (July 29st, 2019),
    3.- Stop issuing certificates through the Government of Andorra Registration Authority which has the qualified audit report (July 31st, 2019)

  2. Whether your CA has stopped, or has not yet stopped, issuing certificates with the problem. A statement that you have will be considered a pledge to the community; a statement that you have not requires an explanation.

After reaching an agreement with the Government of Andorra, they stopped issuing certificates on July 31st, 2019.

A summary of the problematic certificates. For each problem: number of certs, and the date the first and last certs with that problem were issued.

7.373 certificates were identified (see below).
The first cert was issued: July 31, 2013
The last cert was issued: July 22, 2019

  1. The complete certificate data for the problematic certificates. The recommended way to provide this is to ensure each certificate is logged to CT and then list the fingerprints or crt.sh IDs, either in the report or as an attached spreadsheet, with one list per distinct problem.

See the attached file

  1. Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now.

We had not performed any external audits before because this intermediate CA does not issue SSL certificates and for that reason, we did not include this intermediate CA in our scope for 2018.

Mainly audit has found issues in the RA procedures about technical environment. We depend on the annual audit to control the SubCA procedures and check the technical environment.List of steps your CA is taking to resolve the situation and ensure such issuance will not be repeated in the future, accompanied with a timeline of when your CA expects to accomplish these things.

Firstly, we elaborated the first plan, which included on the following steps:

  1. Stop issuing certificates (already done)
  2. Ask the Government of Andorra for solving all non-conformities reported by the audits. By the end of September.
  3. Schedule a Point in Time audit in order to prove that these non-conformities have been solved. By the end of October depending on auditor availability.
  4. In the case that all non-conformities found have been resolved, issuance of a new intermediate CA certificate (also issued by ’Global Chambersign Root – 2008’). October 2019.
  5. Revocation of the old intermediate CA certificate. October 2019.
  6. Begin the issuance of new certificates for Andorra Government. November 2019
  7. Three months after the beginning of issuing certificates with the new intermediate CA, the Government of Andorra must pass a Period of Time audit. February 2020.

When we informed the Government of Andorra about this plan, they stated that the fact of not being able to issue certificates to citizens, companies and public workers for three months would have a huge impact, due to the fact that Andorra has a very high level of implementation of eGovernment, so, they asked us for a grace period in order to reduce this impact.

Most of the non-conformities detected, which made auditors issue a qualified report were related to the Registration Authority.

In this case, the grace period we are proposing would only have impact over the first point of the initial plan, which would remain like that:

  1. Stop issuing certificates through the Government of Andorra Registration Authority which has the qualified audit report (already done) and issue the certificates through a Camerfirma Registration Authority (August 26th).
  2. Ask the Government of Andorra for solving all non-conformities reported by the audits. By the end of September.
  3. Schedule a Point in Time audit in order to prove that these non-conformities have been solved. Before end October depending on auditor availability.
  4. In the case that all non-conformities found have been resolved, issuance of a new subCA certificate (also issued by ’Global Chambersign Root – 2008’). October 2019.
  5. Revocation of the old subCA certificate. October 2019.
  6. Begin the issuance of new certificates for Andorra Government. November 2019
  7. Three months after the beginning of issuing certificates with the new subCA, the Government of Andorra must pass a Period of Time audit. February 2020.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
  • The attached set of certificates does not meet the requirements set forth in https://wiki.mozilla.org/CA/Responding_To_An_Incident , namely:

    The complete certificate data for the problematic certificates. The recommended way to provide this is to ensure each certificate is logged to CT and then list the fingerprints or crt.sh IDs, either in the report or as an attached spreadsheet, with one list per distinct problem.

  • The intermediate certificate is not identified here
  • It appears to be a report that, from the period 2013 - 2019, Camerfirma maintained a non-technically constrained sub-CA that was not disclosed and publicly audited. Without knowing which intermediate, it's unclear whether this was for SSL/TLS (required to be disclosed as communicated in May 2014 ) or for S/MIME (required to be disclosed and as communicated November 2017 ). Can you clarify?
Flags: needinfo?(martin_ja)

(In reply to Ryan Sleevi from comment #1)

  • The attached set of certificates does not meet the requirements set forth in https://wiki.mozilla.org/CA/Responding_To_An_Incident , namely:

    The complete certificate data for the problematic certificates. The recommended way to provide this is to ensure each certificate is logged to CT and then list the fingerprints or crt.sh IDs, either in the report or as an attached spreadsheet, with one list per distinct problem.

See attached file. 6.935 certificates (we’ve withdrawn the expired certificates)

  • The intermediate certificate is not identified here

Intermediate certificate: CN=Entitat de Certificació de l'Administració Pública Andorrana. Subject Key Identifier: A6:B0:51:FD:9B:A0:46:48:2D:45:74:14:95:F7:D6:E2:9B:EF:F9:1E

  • It appears to be a report that, from the period 2013 - 2019, Camerfirma maintained a non-technically constrained sub-CA that was not disclosed and publicly audited. Without knowing which intermediate, it's unclear whether this was for SSL/TLS (required to be disclosed as communicated in May 2014 ) or for S/MIME (required to be disclosed and as communicated November 2017 ). Can you clarify?

This intermediate CA is disclosed with the name ‘Entitat de Certificació de l'Administració Pública Andorrana’, and it has been included on the CCADB within the given deadline. You can find the information about the certificate and the root CA in the attached files.

Referring to the audits, we had not externally audited the intermediate CA until this year because this intermediate CA had not been included in the scope for the review performed in 2018, due to the fact that the interpretation we applied was to include only SSL certificates in that scope.

This year we were conscious about the need to include these type of certificates for the first time and that is why we included them in the scope and performed the audit.

Flags: needinfo?(martin_ja)
Attachment #9087001 - Attachment is obsolete: true
Assignee: wthayer → martin_ja
Whiteboard: [ca-compliance]

Wayne: I'm greatly concerned by this plan, and would recommend immediate revocation.

My understanding, at present is:

  • Camerfirma has, since 2013, maintained an unaudited, unconstrained, publicly trusted CAs
  • Since 2014, Mozilla has required such certificates be audited, constrained, or revoked
  • Camerfirma has, to date, evaded detection of this issue by misleading Mozilla about the nature and scope of disclosure, by incorrectly reporting within CCADB that this certificate has been disclosed in scope of audit, despite the audit report listing this, and 5 other certificates, as out of scope (specifically, d.2.b, d.3, d.4, d.5, e.6, e.7 of said report)
  • Camerfirma has known about this issue since 2019-07 (although clearly, from such reports, known about it longer), and is requesting until 2019-10 to do anything about it.
  • Camerfirma acknowledges in Comment #2 that, despite communications in September 2018, January 2018, November 2017, April 2017 and May 2014
Flags: needinfo?(wthayer)

Juan: this is a very serious issue. At a minimum, I would like to know:

  • What issues were identified by the audit report? If an attestation statement was issued, please attach it here
  • On what date does Camerfirma plan to revoke the existing certificate? Is that the soonest date possible?
  • Is there any reason that this certificate can't be added to OneCRL, effectively preventing its use to sign TLS certificates?
  • Please confirm that Camerfirma has reviewed all subordinate CAs and there are no other missing or late audits, as described in bug #1502957 and bug #1549861
Flags: needinfo?(wthayer) → needinfo?(martin_ja)

Hi Wayne,

First of all, let us give you an introduction about the situation.

We are conscious about the problem occurred with the SubCA of Andorra.

Due to the special characteristics of the SubCA because it is for a Government of a Nation and the fact that it has never issued TLS certificates, this can have taken us to not consider it in the scope by mistake until this last audit cycle.

We are working to solve the situation in the best way possible, taking into account the criticality and the impact that would have any action made on the certificates issued.

The action plan raised tries to pay attention to the special situation of the client as well as the protection of the community of users.

You can find the response to your questions below:

  1. We already asked the auditors for the report and we are waiting to receive it. We will attach the file to this bug as soon as we receive it.

  2. As you can see in the information included in the description of the plan that we detailed on August, 22nd 2019, the soonest date we will be able to revoke the existing certificates is October due to the fact that it is extremely important for the Govern of Andorra to have the certificates non revoked until we can create the new SubCA and start issuing the new certificates through it.

In the meantime, the SubCA is blocked and no certificate can be issued through it.

  1. Referring to the prevention of the issuing of TLS certificates that you mentioned. This SubCA has never issued TLS certificates and from July 31st, 2019 the SubCA is blocked, so it cannot issue any kind of certificates, neither TLS nor other types.

These certificates have not been added to OneCRL because we could not revoke them yet. It is extremely important for the Govern of Andorra to have their certificates non revoked until we have the new CA ready to operate with all the necessary guarantees, nevertheless, we stopped issuing certificates through the SubCA on July 31st, 2019.

  1. We are performing an exhausting review for each case to be assured that there are not any cases as Ryan mentioned in his comment.

We hope we can provide you with the information tomorrow

(In reply to Eusebio Herrera from comment #8)

  1. Referring to the prevention of the issuing of TLS certificates that you mentioned. This SubCA has never issued TLS certificates and from July 31st, 2019 the SubCA is blocked, so it cannot issue any kind of certificates, neither TLS nor other types.

These certificates have not been added to OneCRL because we could not revoke them yet. It is extremely important for the Govern of Andorra to have their certificates non revoked until we have the new CA ready to operate with all the necessary guarantees, nevertheless, we stopped issuing certificates through the SubCA on July 31st, 2019.

Eusebio: we can add subCA certificates to OneCRL even if the CA has not revoked them. This causes the certificate to no longer be trusted for TLS in Firefox, which I understand will not be a problem because in this case the subCA never issued TLS certificates - is that correct?

(In reply to Wayne Thayer [:wayne] from comment #9)

Eusebio: we can add subCA certificates to OneCRL even if the CA has not revoked them. This causes the certificate to no longer be trusted for TLS in Firefox, which I understand will not be a problem because in this case the subCA never issued TLS certificates - is that correct?

Wayne: It may be useful when offering solutions like this to also remind CAs that this doesn’t address any BR compliance issues, and that other root programs may expect CAs to have clearly defined paths towards remediation of the compliance issue. OneCRL remains a useful tool for mitigating the risk to Mozilla users, but I’m concerned it may be misinterpreted as addressing the BR compliance issue.

Hi Wayne,

we just applied for inclusion in OneCRL.

We will inform you when the inclusion has been made.

Best regards.

Per email from Eusebio, I have indicated that the following certificate is "Ready to Add" to OneCRL, so that it will be added in the next batch of updates.

Subject: CN=Entitat de Certificació de l'Administració Pública Andorrana; O=M.I. Govern d'Andorra; C=AD
Issuer: CN=Global Chambersign Root - 2008; O=AC Camerfirma S.A.; C=EU
Certificate Serial Number: 00BBBBEEEE341353B9
SHA-256 Fingerprint: 62FDD1DD4DBD26940066AA030FCDA451B2BC2143FECE65A8AA03FC0BD311F0FD

Comments: CA plans to revoked this subCA cert in October 2019, and has requested that it be added to OneCRL now.

(In reply to Wayne Thayer [:wayne] from comment #7)

  • What issues were identified by the audit report? If an attestation statement was issued, please attach it here
Flags: needinfo?(martin_ja)
Type: defect → task

(In reply to Eusebio Herrera from comment #8)

  1. We are performing an exhausting review for each case to be assured that there are not any cases as Ryan mentioned in his comment.

We hope we can provide you with the information tomorrow

Eusebio: have you provided this information?

Flags: needinfo?(eusebio.herrera)
You need to log in before you can comment on or make changes to this bug.