Closed Bug 1850807 Opened 1 year ago Closed 1 year ago

IdenTrust: basicConstraints not flagged "Critical" Per Certification Practices Statement

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: roots, Assigned: roots)

Details

(Whiteboard: [ca-compliance] [policy-failure])

Attachments

(3 files)

Valid Cert.csv
56.23 KB, text/csv
Details
Revoked Certs.csv
6.04 KB, text/csv
Details
Expired Certs.csv
1.37 KB, text/csv
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36

Steps to reproduce:

As part of a routine review, August 28, 2023, we noticed that some EV TLS certificates have the "basicConstraints" extension present, but not marked as "critical." This is a violation our TrustID CPS.
The certificate profile was corrected and implemented on August 29, 2023, to stop further misissuances.
We are still investigating details of this issue and are working with customers to revoke and replace affected certificates. We will disclose a full incident report no later than September 15, 2023.

Assignee: nobody → roots
Status: UNCONFIRMED → ASSIGNED
Type: defect → task
Ever confirmed: true
Whiteboard: [ca-compliance] [policy-failure]
  1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in the MDSP mailing list, a Bugzilla bug, or internal self-audit), and the time and date.

• As part of a routine review on 2023-08-28 12:20 MST, we discovered that 1187 EV TLS certificates have the "basicConstraints" extension present, but not marked as "critical." This is a violation of our TrustID CPS.

  1. A timeline of the actions your CA took in response. A timeline is a date-and-time-stamped sequence of all relevant events. This may include events before the incident was reported, such as when a particular requirement became applicable, or a document changed, or a bug was introduced, or an audit was done.

• 2023-08-28 12:20 MST: During an internal review of the CPS, we found that CPS Section 7.1.2.3 “End Entity Server Certificates,” requires that the ‘basicConstraints’ extension must be marked as critical if it is present. Our certificate profile required the presence of basicConstraints but marked it as "not critical."

• 2023-08-28 13:00 MST: We began investigating the scope of affected certificates.

• 2023-08-28 16:05 MST: We examined the certificate database and found 1187 instances of EV TLS certificates that had the basicConstraints extension present but not marked as critical.

• 2023-08-29 11:00 MST: We updated the certificate profile of the ICA issuing EV TLS certificates by removing the basicConstraints extension.

• 2023-08-29 11:15 MST: We began the initial outreach to affected customers that the misissued certificates would be revoked and replaced. Communication was difficult due to the weekend and US holiday on 2023-09-04.

• 2023-08-30 12:31 MST: We posted our initial issue report Bugzilla.
3. Whether your CA has stopped, or has not yet stopped, certificate issuance or the process giving rise to the problem or incident. A statement that you have stopped will be considered a pledge to the community; a statement that you have not stopped requires an explanation.

• 2023-08-29 We removed the basicConstraints extension from the EV TLS certificate profile. This stopped misissuance.

  1. In a case involving certificates, a summary of the problematic certificates. For each problem: the number of certificates, and the date the first and last certificates with that problem were issued. In other incidents that do not involve enumerating the affected certificates (e.g. OCSP failures, audit findings, delayed responses, etc.), please provide other similar statistics, aggregates, and a summary for each type of problem identified. This will help us measure the severity of each problem.

• We found 1187 EV TLS certificates with basicConstraints extension present but not flagged as critical, which violated our CPS requirement.

• Of the 1187 affected certificates, 107 have been revoked and 33 have expired as of 2023-9-15.

  1. In a case involving TLS server certificates, the complete certificate data for the problematic certificates. The recommended way to provide this is to ensure each certificate is logged to CT and then list the fingerprints or crt.sh IDs, either in the report or as an attached spreadsheet, with one list per distinct problem. It is also recommended that you use this form in your list "https://crt.sh/?sha256=[sha256-hash]", unless circumstances dictate otherwise. When the incident being reported involves an SMIME certificate, if disclosure of personally identifiable information in the certificate may be contrary to applicable law, please provide at least the certificate serial number and SHA256 hash of the certificate. In other cases not involving a review of affected certificates, please provide other similar, relevant specifics, if any.

A file is attached with the set of affected certificates issued between 2022-08-08 and 2023-08-29.
• All affected certificates: 1,187.
• Affected certificates still valid as of 2023-09-15: 1,048.

  1. Explanation about how and why the mistakes were made or bugs introduced, and how they avoided detection until now.

• The discrepancy was not noticed until now for the reasons stated below:

• There is a mismatch between our CPS and our certificate profile. Thus it was caught while updating the CPS and profile to comply with Baseline Requirements 2.0.0, in effect as of 2023-09-15.
• Our quarterly self-audits failed to identify this discrepancy due to inadequate checking of the certificate profile against the CPS.
• At the time of the incident, our linter tool was not checking for the “critical” field, as BR in effect states that this is an optional field.

  1. List of steps your CA is taking to resolve the situation and ensure that such situation or incident will not be repeated in the future, accompanied with a binding timeline of when your CA expects to accomplish each of these remediation steps.

• 2023-08-29 We removed the basicConstraints extension from the EV TLS certificate profile
• With the basicConstraints extension removed from the certificate profile, no changes need to be made to the linter tool.
• We have strengthened our quarterly self-audit processes to ensure that any discrepancies between the CPS and the certificate profiles are corrected.

Attached file Valid Cert.csv
Attached file Revoked Certs.csv
Attached file Expired Certs.csv

It was a good exercise to go through everything (e.g. as part of a compliance self-assessment) because that is apparently how this issue was detected. If the root problem was the mismatch between the CPS and the profile, then rather than waiting for the inconsistency between the CPS and profile to be detected by self-audit, wouldn't it be better to update everything simultaneously across the board? (Even though there might be lag until the CPS is published.) In other words, the written profiles, CPS, and code could/should be updated together. Also, it's sometimes difficult to keep up with changes to standards. So, it's probably good to monitor the changes as they occur and incorporate them into your systems as you go (with version control).
I don't believe that there are any outstanding remediation items. So, apart from Bug #1851710, which remains open, I believe this issue can be closed.

Flags: needinfo?(bwilson)

Confirmed. This bug can be closed.

I will close this on Friday, then.

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Flags: needinfo?(bwilson)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: