SK Incident report according to https://wiki.mozilla.org/CA/Responding_To_An_Incident#Incident_Report
SK ID Solutions became aware of the problem reported via Bugzilla https://bugzilla.mozilla.org/show_bug.cgi?id=1649942 on Thursday, 2 July 2020 at 08:58 EEST.
- July 2020 at 08:58 EEST – SK became aware of the problem reported in Bugzilla.
- July 2020 at 11:30 EEST - SK's internal meeting was held, to discuss/review the possible security impact. Further plan was agreed.
- July 2020 at 15:00 EEST - SK made discussion with our auditors to analayze the current situation as non-conformity/security issue in scope of requirements CAB BRG and eIDAS (ETSI). Further action plan was agreed for start of the week 28.
Regarding end-entity TLS certificates, please note that SK has terminated issuance of TLS Server Certificates as of 1. September 2017. Latest will expired on 29th of September 2020. In current situation the relevant (valid) CA hierarchy affected can be found here https://misissued.com/batch/138/
All related SK's CA certificates (can be found here https://misissued.com/batch/138/ ) have the common non-conformity, where "id-kp-OCSPSigning" EKU is present, without "id-pkix-ocsp-nocheck" extension.
Problematic CA certificates:
Intermediate 1: https://crt.sh/?id=12624839&opt=cablint
Intermdeiate 2: https://crt.sh/?id=78288258&opt=cablint
Intermediate 3: https://crt.sh/?id=163641648&opt=cablint
Related end-entity certificates:
PROFILE SERIAL VALIDTO
TLS 45CDC81C78336FA459A7FA7674BBA4B0 29-SEP-20
TLS 6946DF29C240C3AF599FCD7922B4A6BB 23-SEP-20
TLS 631999B132B8D564595F602EC5D4C311 05-AUG-20
TLS 686AE27975787BD9595F60CE7B39DB63 05-AUG-20
CA's like us, enabled the id-kp-OCSPSigning EKU in the Intermediate CA Profiles were following the Baseline Requirements to "protect relying parties". According to the BRs 18.104.22.168:
/"Generally Extended Key Usage will only appear within end entity certificates (as highlighted in RFC 5280 (22.214.171.124)), however, Subordinate CAs MAY include the extension to further protect relying parties until the use of the extension is consistent between Application Software Suppliers whose software is used by a substantial portion of Relying Parties worldwide"/
Also in our case following the ETSI is normative, and it has been not mandatory. But by our PKI ecosystem design, the same root is used, so the current situation is also consequence of different standards interpretations.
SK ID Solutions as TSP, will not carry out of revocation on listed root and intermediate CA's.
Currently SK has following action plan agreed, solving the BR compliance issue:
- SK will revoke* the last valid end-entity TLS certificates. Contact with 4 last customers is needed.
*NB! or let them expire, as "valid to" dates are close by. This needs discussion with Mozilla.
- If needed, leaving the Mozilla CA program earlier as planned, might be considered (depends on point 1 outcome).
- During week 28, SK will prepare risk assessment, to analyze it as reported security relevant issue, in a wider scope of overall TSP perspective.
SK will notice, when more detailed action plan is available. Please feel free to ask additional questions, if something is unclear.