Closed Bug 1654216 Opened 4 years ago Closed 4 years ago

Buypass: PSD2 QWAC with RSA modulus not divisible by 8

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mads.henriksveen, Assigned: mads.henriksveen)

Details

(Whiteboard: [ca-compliance] [ev-misissuance])

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36

This is an incident report for one PSD2 QWAC issued by Buypass with a keylength not divisible by 8.

  1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date.

Buypass became aware of the problem on July 17th at approximately 07:00, the problem was reported by Digicert.

  1. A timeline of the actions your CA took in response. A timeline is a date-and-time-stamped sequence of all relevant events. This may include events before the incident was reported, such as when a particular requirement became applicable, or a document changed, or a bug was introduced, or an audit was done.

All times are local Norwegian times (CEST).
2020-07-17, 06:06: Digicert notified us about the problem.

2020-07-17, 07:20: We provided a feedback to Digicert and acknowledged the problem.

2020-07-17, 08:00: We temporarily stopped issuance of all manually issued certificates (i.e. certificates where issuance is triggered by a manual operation).

2020-07-17, 09:50: We analyzed all active certificates issued by Buypass and found no other affected certificates.

2020-07-17, 10:30: We decided to re-start issuance of manually issued certificates and added an additional manual control for correct key size before issuance.

2020-07-17, 12:00: We notified the customer that the certificate needed to be revoked within 5 days – at the latest 2020-07-21 07:20.

2020-07-20, 16:57: The affected certificate was revoked

  1. Whether your CA has stopped, or has not yet stopped, issuing certificates with the problem. A statement that you have will be considered a pledge to the community; a statement that you have not requires an explanation.

Buypass stopped the issuance of all manually issued certificates (e.g. PSD2 QWAC, QWAC, EVs, most OVs and some DVs) immediately when becoming aware of the problem.

After analyzing all active certificates realizing that the problem was limited, we decided to re-start issuance of manually issued certificates provided that the key length was manually checked before issuance.

For certificates issued automatically, we decided to add a manual control post-issuance until we understood the root cause of the problem.
After understanding the root cause of the problem (Monday 20th), we removed the additional controls.

No more certificates has been issued with this problem.

  1. A summary of the problematic certificates. For each problem: number of certs, and the date the first and last certs with that problem were issued.

We investigated all issued certificates and no other certificate with the same problem has been issued. The affected certificate was issued on November 4th 2019.

  1. The complete certificate data for the problematic certificates. The recommended way to provide this is to ensure each certificate is logged to CT and then list the fingerprints or crt.sh IDs, either in the report or as an attached spreadsheet, with one list per distinct problem.spreadsheet, with one list per distinct problem.

The affected certificate is https://crt.sh/?id=2074718985

  1. Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now.

This requirement was included in the Mozilla Root Policy back in February 2017 and we made some improvements in our controls of public keys later the same year. For some reason we failed to add a proper control for this specific requirement.

At about the same time, Buypass introduced linting as pre-issuance control in our issuance systems.

The main cause of this problem is that we mistakenly believed this requirement was implemented in our own controls and also covered by the linters. Our use of linting service from Sectigo includes cablint, x509lint and zlint.

However, after doing some post-incident analyses we realized that this issue was implemented in zlint recently (February 2020) and that it was not supported at time of issuance of the affected certificate.

We have already realized that we have relied too much on the linters (https://bugzilla.mozilla.org/show_bug.cgi?id=1632632).

  1. List of steps your CA is taking to resolve the situation and ensure such issuance will not be repeated in the future, accompanied with a timeline of when your CA expects to accomplish these things.

As a first step, we have verified that the linting service we currently use identifies this as a problem with RSA key sizes and this prevents issuance.

The next step will be to add this as an additional control when analyzing the public key from a CSR for proper key length, ensure it is not a debian key etc., as this is not included in the existing controls.

In addition, Buypass are in a process of analyzing and improving all implemented controls to ensure that we are compliant. This includes a systematic evaluation of all relevant requirements. See also https://bugzilla.mozilla.org/show_bug.cgi?id=1632632.

Assignee: bwilson → mads.henriksveen
Status: UNCONFIRMED → ASSIGNED
Type: defect → task
Ever confirmed: true
Whiteboard: [ca-compliance]

Please provide an update on or about 25-Aug-2020 when you report on the other bug.

Whiteboard: [ca-compliance] → [ca-compliance] Next Update 25-Aug-2020

The analyzes of the public key from a CSR is identified as one of the controls described in the latest update for bug #1632632. The responsibility for requirements related to the public key will be assigned to this control.

There is no new information to this bug.

Whiteboard: [ca-compliance] Next Update 25-Aug-2020 → [ca-compliance] Next Update 30-Sept-2020

Ben: I'm happy with closing this issue; Bug 1632632 shows Buypass is engaging in holistic review, and comments like https://bugzilla.mozilla.org/show_bug.cgi?id=1632632#c10 give some hope that the outcome of this review will be a number of good practices that can be shared and discussed with other CAs.

I think the thing that would most demonstrates Buypass committment to this is, in discussing their ultimate resolution of Bug 1632632, they look to write up and explain where the 'current' system is (i.e. the one that had issues). Understanding how they went from what they had (a complex system that made non-compliance sometimes easy to miss) to what they're going to have (a robust system of layered controls, with also simplified design), I think there is a lot the CA community will be able to learn from that experience.

Flags: needinfo?(bwilson)

I'll close this bug on or about 25-Sept-2020 unless there are any other issues or questions.

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Flags: needinfo?(bwilson)
Resolution: --- → FIXED
Product: NSS → CA Program
Whiteboard: [ca-compliance] Next Update 30-Sept-2020 → [ca-compliance] [ev-misissuance]
You need to log in before you can comment on or make changes to this bug.