Closed Bug 1965459 Opened 9 months ago Closed 7 months ago

Telia: S/MIME Misissuance incorrect AIA id-ca-caIssuer http:URI

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: antti.backman, Assigned: antti.backman)

Details

(Whiteboard: [ca-compliance] [smime-misissuance])

Preliminary Incident Report

Telia CA issued S/MIME certificates violating S/MIME BR 7.1.2.3 for certificate contents in certificate extension Authority Information Access:id-ca-ca-Issuers.

Full Incident Report will disclosed at latest by 13:00 (UTC) May the 20th 2025.

Summary

Incident description:
Telia CA issued two (2) S/MIME certificates with Legacy profile violating the policy documented on this report. Personal information suppressed for privacy protection. All affected subscribers / subjects were informed via email of the issue and revocation of the certificates.

Preliminary timeline of events leading up to this incident:

  • 2025-05-08 12:22:47

    • CSR based request received by Telia CA from Telia CA's Swedish RA for the 1st certificate

  • 2025-05-08 12:22:48

    • Telia Email CA v5 Issued the certificate
    • Telia is using pkilint for S/MIME linting before issuance, but as the AIA id-ca-caIssuer contained http:URI the lint check did not identify the issue as pkilint does not verify if the URI is actually pointing to an Issuing Certificate file.

  • 2025-05-08 12:23:22

    • CSR based request received by Telia CA from Telia CA's Swedish RA for the 2nd certificate

  • 2025-05-08 12:23:23

    • Telia Class 2 CA v3 Issued the certificate
    • Telia is using pkilint for S/MIME linting before issuance, but as the AIA id-ca-caIssuer contained http:URI the lint check did not identify the issue as pkilint does not verify if the URI is actually pointing to an Issuing Certificate file.

  • 2025-05-08 20:58

    • Telia CA's daily AIA linting to verify id-ca-caIssuer content reported AIA ERROR http://ocsp.trust.telia.com readable:False,verify:False,mimetype:False sent to Telia CA's Security Manager for review

  • 2025-05-09 04:25

    • Telia CA Security Manager reviewed daily issuance logs and reports and identified above error report from daily AIA linting

  • 2025-05-09 05:31

    • Telia CA Security Manager contacted PKI Administrator for further review and verification of the error report

  • 2025-05-09 06:11

    • Certificate details were reviewed by Security Manager and contacted PKI Administrator
    • Issue was identified with the certificate confirmed by Security Manager and PKI administrator

  • 2025-05-09 06:30

    • Telia CA Security Board's emergency meeting called by Security Manager to record outcome of initial investigation and confirm that the issue must be disclosed as incident.
    • Decision was made not to stop the CA as this was identified to concern only one (1) certificate initially and mitigative configuration was identified possible to prevent issue to recur.

  • 2025-05-09 07:22:30

    • First identified misissued certificate was revoked with reasonCode: privilegeWithdrawn

  • 2025-05-09 07:23

    • Futher investigation continued and mitigative configuration was tested and set to prevent issue recurring by Telia CA.

  • 2025-05-09 07:56

    • Mitigative CA policy configuration was deployed for Telia Class 2 CA v3 to ensure that AIA extension is properly set prior issuance to production by PKI Administrators in supervision by Security Manager

  • 2025-05-09 10:46

    • Full certificate review identified another certificate with the same issue.

  • 2025-05-09 11:06:26

    • Second identified certificate was revoked reasonCode: privilegeWithdrawn

  • 2025-05-09 11:10

    • Review of all issued S/MIME certificates completed to confirm that the certificates reported on this incident are the only misissued certificates.

  • 2025-05-09 11:18

    • Mitigative CA policy configuration was deployed for Telia Email CA v5 to ensure that AIA extension is properly set prior issuance to production by PKI Administrators in supervision by Security Manager

  • 2025-05-09 11:

    • This preliminary incident report was disclosed in Mozilla's Bugzilla after final review by Telia CA team

  • 2025-05-09 11:

    • Root programs requiring direct notification of the disclosed incident informed by email with link to the disclosed incident

Relevant policies:
CA/Browser Forum S/MIME Baseline Requirements v 1.0.8

Section 7.1.2.3
Item c) (authorityInformationAccess)
subitem 2) (id-ca-caIssuers)

The authorityInformationAccess extension SHOULD contain at least one accessMethod value of type id-ad-caIssuers that specifies the URI of the Issuing CA’s Certificate.

Legacy: When provided, at least one accessMethod SHALL have the URI scheme HTTP. Other schemes (LDAP, FTP, …) MAY be present.

Source of incident disclosure:
Telia CA's daily issued S/MIME certificate content check for certificate AIA contents.

Certificate details of the affected certificates
Telia CA verfied that two (2) certificates were issued that violates the said policy for S/MIME certificates.

1st certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:d9:3c:cb:5b:1a:9f:05:79:87:c1:8c:da
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = SE, O = Telia Company AB, CN = Telia Email CA v5
        Validity
            Not Before: May  8 12:22:48 2025 GMT
            Not After : May  9 12:22:45 2026 GMT
        Subject: C = SE, O = Telia Company AB, organizationIdentifier = NTRSE-556103-4249, CN = XXXX, SN = XXXX, GN = XXX, emailAddress = XXX
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:25:c8:c0:ee:49:83:50:b0:44:0d:7e:64:3d:
                    50:ea:7e:d7:97:1f:31:75:f8:5a:b0:6b:b1:52:22:
                    dd:df:0b:3d:b7:0b:8a:09:41:5e:29:a6:5d:1e:07:
                    23:ed:b1:96:db:2d:b2:52:78:2b:9d:cb:3d:7e:dc:
                    df:2e:75:bf:fd:fe:be:c3:c3:36:ad:2a:43:b1:45:
                    98:1b:bd:23:9c:83:20:da:03:60:89:1a:5b:3d:a4:
                    3f:1b:29:0f:76:58:39:5d:a2:b8:c3:35:9f:7e:72:
                    c1:ee:f4:4a:68:4a:df:43:bd:96:ae:db:0a:d9:2c:
                    ed:1b:3b:7b:d8:9f:fb:99:2d:f8:da:fb:03:4c:63:
                    86:d9:86:c4:d3:d8:13:e5:dc:e7:a8:2e:d2:c6:cd:
                    01:20:e0:70:c8:43:0f:12:54:d5:49:b3:e5:f2:a5:
                    5c:17:a5:aa:50:52:23:01:e4:5a:2f:aa:06:2e:ce:
                    2a:73:76:d8:92:18:66:c3:bc:0d:8d:9a:82:ce:f7:
                    94:6a:70:0a:c7:d2:00:72:4e:90:a5:bf:85:9a:f7:
                    1a:9c:17:f8:eb:0e:e2:30:24:ef:77:ce:95:91:36:
                    3b:ae:55:23:8e:37:9c:a7:b8:5a:78:03:63:30:f4:
                    2e:81:66:8e:ca:a3:1c:30:67:09:1e:18:90:c3:90:
                    cb:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:37:E6:AF:0C:B0:E0:01:97:5B:18:BF:86:44:B8:1C:D1:E3:E1:65:94

            X509v3 Subject Key Identifier: 
                B5:9C:2F:C5:80:77:2C:80:D1:AF:E0:F7:21:59:DC:16:E2:96:C8:1E
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Certificate Policies: 
                Policy: 1.3.6.4.1.271.2.3.1.1.14
                  CPS: https://cps.trust.telia.com
                Policy: 2.23.140.1.5.3.1

            X509v3 Subject Alternative Name: 
                email:XXXX
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://httpcrl.trust.telia.com/teliaemailcav5.crl

            X509v3 Extended Key Usage: 
                E-mail Protection, TLS Web Client Authentication
            Authority Information Access: 
                OCSP - URI:http://ocsp.trust.telia.com
                CA Issuers - URI:http://ocsp.trust.telia.com

    Signature Algorithm: sha256WithRSAEncryption
         2f:7c:13:01:e1:7d:9d:18:63:52:65:98:48:7a:53:a3:27:f3:
         2c:1e:c0:92:64:26:28:e5:63:54:dc:fd:38:c0:51:31:60:b8:
         db:58:46:4f:3e:c8:48:5c:32:51:4b:a0:9e:e6:f5:40:95:1d:
         3e:af:50:16:05:08:2c:df:ce:c5:0d:63:a2:2d:77:ad:61:04:
         b3:54:14:60:4a:12:35:d8:3b:e2:6e:e8:dc:8d:0c:4a:3b:13:
         72:10:f9:de:31:e8:96:d2:8e:c6:a9:1c:a5:7d:92:63:75:f6:
         fd:9d:5a:df:9d:1e:33:f3:19:b5:7a:da:b1:bf:89:ee:a9:3b:
         d1:3d:b6:28:0d:7c:32:7d:0d:cc:1e:5c:26:02:f1:55:77:11:
         bc:0a:fa:d5:d1:65:ce:97:db:78:d5:49:87:5c:3a:53:47:b9:
         9b:57:c6:51:ab:fa:70:b9:56:49:c5:f4:2f:22:46:e3:ff:fd:
         03:4f:14:fd:ae:79:ef:ec:d2:63:45:74:bc:1d:a2:b7:04:8d:
         be:c7:48:23:35:c3:4f:50:96:93:98:b6:ef:fe:60:4c:5c:c8:
         90:ff:3d:53:37:b2:97:43:bb:80:26:bd:41:96:2b:8d:8e:e5:
         87:80:58:e5:50:4b:9e:86:21:41:6e:13:d0:e7:75:35:ef:be:
         89:66:f2:42:b4:f3:3f:e2:3a:8f:91:3b:23:5f:db:58:10:27:
         96:99:31:79:50:ae:c1:26:70:d4:31:85:92:00:dd:c0:98:35:
         ca:a5:85:40:52:62:ff:95:9e:e0:2b:c2:0e:d8:b1:ab:d8:c3:
         3e:8d:66:fc:3c:3f:7d:40:ab:f7:2c:00:f2:94:28:4c:42:2c:
         b8:0b:6f:52:bc:2f:0c:6a:07:6e:23:2c:94:6b:ff:54:3a:8f:
         2d:90:09:73:c4:97:fd:9e:65:cf:fc:09:5a:f8:19:37:e3:75:
         37:7a:f2:33:17:6e:cf:62:0b:fc:88:44:b6:fe:50:93:a5:90:
         4c:fc:0c:d6:ee:b7:eb:01:4d:9d:f9:c2:07:4e:04:14:45:80:
         ef:76:77:f8:b2:bb:87:5a:f8:c5:60:6c:82:11:0b:b7:c0:75:
         e1:85:b4:55:80:16:06:b5:85:c6:92:0c:44:87:59:32:ed:28:
         7e:70:83:bc:33:a0:21:89:57:3c:dc:65:60:21:eb:51:bc:92:
         e1:7b:8d:44:70:8c:ef:67:f5:88:fc:50:62:b5:52:0f:59:d1:
         42:16:46:29:db:21:d3:58:7a:7b:4d:02:fb:6b:8d:45:84:cc:
         fd:6e:2a:70:aa:91:3a:e2:b4:bd:d6:7e:9d:58:19:c8:71:0f:
         74:1c:14:c2:88:7d:4f:70

2nd certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:e2:e5:3f:a0:24:5c:cb:21:85:5c:80:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=SE, O=Telia Company AB, CN=Telia Class 2 CA v3
        Validity
            Not Before: May  8 12:33:23 2025 GMT
            Not After : May  9 12:33:22 2027 GMT
        Subject: C=SE, O=Arelion Sweden AB/2.5.4.97=NTRSE-556583-2226, CN=XXX, SN=XXX, GN=XXX, emailAddress=XXX
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:97:ae:7d:ed:82:fa:be:ca:15:ab:b5:4f:2a:f3:
                    19:67:ca:6c:e8:07:41:39:65:b2:e0:9d:4b:65:de:
                    53:e2:52:49:a8:40:47:36:af:5c:4d:b3:0f:4e:89:
                    25:c3:f5:df:24:73:23:40:ec:8a:b2:08:76:fb:bc:
                    ea:aa:1b:d8:fc:2a:c2:76:61:0a:a0:5b:ab:67:5a:
                    4e:24:34:a3:a0:cc:71:ef:fd:0f:3d:8d:d9:0e:4d:
                    5d:51:09:3a:50:2e:e3:8e:60:42:ab:46:dc:dd:73:
                    eb:9d:10:40:ad:65:c6:d8:c9:02:56:b2:83:25:ab:
                    5a:eb:c4:da:b2:2c:7c:5e:45:db:87:7e:90:2b:f8:
                    27:8e:34:a9:1b:8e:98:fc:61:81:b6:60:be:d2:1a:
                    e2:d2:33:86:fb:08:c2:fc:08:cf:3a:56:51:ec:6e:
                    36:73:d0:af:29:d3:25:fd:dd:4b:81:10:84:1f:b0:
                    c0:2c:eb:88:2c:71:2d:44:78:cc:40:96:d5:c2:c6:
                    46:8f:b0:7e:f8:2b:d8:70:e7:50:0e:3a:9f:67:f4:
                    44:4d:39:b7:8e:f9:28:7f:db:7e:1a:4d:07:b6:53:
                    e6:c2:ef:77:95:7a:9a:b5:df:0f:8a:00:d0:d5:0a:
                    e2:bc:eb:46:5c:f7:6d:95:8d:a3:1b:7c:f8:77:3a:
                    c6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:D3:A4:B5:F8:3E:59:CD:8C:11:E0:1A:34:76:34:93:DD:7E:9D:4D:F9
 
            X509v3 Subject Key Identifier:
                E4:CF:AE:28:7E:49:C7:B6:AE:15:92:02:C3:F9:93:5C:E4:33:4B:FF
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Certificate Policies:
                Policy: 1.3.6.1.4.1.271.2.3.1.1.12
                  CPS: https://cps.trust.telia.com
                Policy: 2.23.140.1.5.3.1
 
            X509v3 Subject Alternative Name:
                email:XXXX
            X509v3 CRL Distribution Points:
 
                Full Name:
                  URI:http://httpcrl.trust.telia.com/teliaclass2cav3.crl
 
            X509v3 Extended Key Usage:
                E-mail Protection, TLS Web Client Authentication
            Authority Information Access:
                OCSP - URI:http://ocsp.trust.telia.com
                CA Issuers - URI:http://ocsp.trust.telia.com
 
    Signature Algorithm: sha256WithRSAEncryption
         31:f2:12:79:2b:d9:bd:8a:06:78:5d:fe:90:a3:a0:fb:50:e9:
         21:ca:e4:f8:74:02:c4:6a:f1:99:1b:79:1a:8d:39:ae:b1:e8:
         c5:4b:2b:57:58:cd:c0:a4:bb:46:39:ef:7d:70:50:00:3b:ae:
         bd:a7:0c:f5:e4:83:d1:df:29:46:1a:83:ee:f7:1e:a1:6e:84:
         db:cc:16:e4:c5:ce:9d:b3:8c:d2:a9:aa:8f:97:71:45:60:7a:
         1a:b3:dd:93:e4:bc:c8:e3:a5:57:1b:5b:92:ce:fd:3d:7a:8e:
         f1:58:b0:5b:0b:18:46:cd:a0:aa:db:ca:32:e0:f7:3d:83:33:
         f5:1b:69:4f:15:d8:c3:8d:c4:e0:47:47:0c:24:5a:68:c6:22:
         9a:b9:bd:fc:ac:4c:81:a8:17:2e:d3:2c:d6:32:84:a7:c9:0b:
         e8:62:46:76:8d:c7:40:74:b3:e5:0b:a4:9b:5e:b8:57:cf:e4:
         00:9e:65:c0:ce:2e:3c:78:5b:5a:eb:8d:08:e7:56:eb:22:bc:
         0b:5d:ab:35:c9:63:ab:88:0d:f7:18:70:a9:d9:db:83:15:21:
         9a:ac:76:e7:b6:c1:e1:7d:6d:3f:1e:51:35:49:88:56:b1:43:
         79:27:90:18:0c:8e:8e:50:71:a9:c5:44:b5:bf:1a:67:12:a4:
         db:1b:c4:3a:7f:a2:8c:2f:41:00:af:0c:e4:c4:66:1d:cf:99:
         40:13:86:93:0a:f4:b2:25:d2:93:33:9c:e3:68:c7:84:ed:ef:
         0b:a0:e1:49:3a:e8:c6:2b:ff:39:6b:f2:c6:e8:f2:d5:f2:32:
         db:99:93:2f:4c:68:58:27:23:05:e1:d0:9b:0f:df:2f:74:ba:
         72:70:3c:6e:fc:bb:50:3a:55:b3:43:0d:aa:5a:12:92:3e:b8:
         9f:3f:ec:e0:c0:f0:a0:9b:e7:73:63:d7:7a:49:82:d4:cc:de:
         fe:8d:88:f6:a3:96:bb:a8:02:05:7b:d9:c8:52:d8:a4:60:fe:
         72:c4:4e:11:d8:ea:71:11:3b:54:fc:1b:77:18:88:17:18:84:
         86:54:41:48:e4:32:e9:a1:27:99:be:63:2b:1d:49:05:42:ee:
         35:60:6b:ee:65:f1:59:5b:15:04:25:6d:02:3d:6c:41:63:d6:
         27:70:6c:46:32:54:11:a7:1e:37:ad:de:c8:c3:88:8f:f7:de:
         29:21:8b:e5:ee:00:a8:f2:df:20:41:a0:46:4a:9f:b3:7f:0a:
         e0:d4:f9:1a:2f:07:4a:22:a3:86:41:31:5b:f9:25:7f:30:f6:
         1f:69:68:59:a6:39:e1:f1:60:13:d9:54:3b:00:ee:bc:b9:a7:
         00:77:f7:a2:95:86:ae:9f

To supplement the timeline details, Root Programs requiring direct communication of incident disclosure informed accordingly 11:42

PKIlint is not the reason for mis-issuance and has never promised to check URL links for accuracy. I don't think most people would want the linter reaching outside of the CA to check link accuracy. Instead, that should be some separate tool and monitor. I think your root cause needs to address how the Telia's QA (not PKIlint) didn't catch the incorrect URls.

Hi Jeremy,

Thank you for your feedback

We apologize for if our language is misleading. It was never our intention to imply or suggest that pkilint would be at fault here. Merely we tried to say quite the contrary, that we feel that pkilint did what is was supposed to do.

We fully agree that to reach out from CA infrastructure running the pre-issuance linting should not try reach something outside.

What comes to the RCA, we'll investigate and study thoroughly the causes when preparing the full incident report.

Assignee: nobody → antti.backman
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [ca-compliance] [smime-misissuance]

This is to update that the planned full incident disclosure from today will be postponed. We just had final review meeting on the report and found out that we need to work on couple of Root Causes to have all relevant information on the full incident report.

The full incident report will submitted at latest on Friday the 23rd at 06:00 UTC (09:00 EET).

Full Incident Report

This is the full incident report for misissued S/MIME certificates.

Summary

CA Owner CCADB unique ID: A000055

Incident description:

Telia CA issued S/MIME certificates violating S/MIME BR 7.1.2.3 for certificate contents in certificate extension Authority Information Access:id-ca-caIssuers.

Timeline summary:

  • Non-compliance start date: 2025-05-08
  • Non-compliance identified date: 2025-05-09
  • Non-compliance end date: 2025-05-09

Relevant policies:

S/MIME BR
Section 7.1.2.3
Item c) (authorityInformationAccess)
subitem 2) (id-ca-caIssuers)

The authorityInformationAccess extension SHOULD contain at least one accessMethod value of type id-ad-caIssuers that specifies the URI of the Issuing CA’s Certificate.

Legacy: When provided, at least one accessMethod SHALL have the URI scheme HTTP. Other schemes (LDAP, FTP, …) MAY be present.

Certificate Policy and Certification Practice Statement for Telia Client Certificates v4.7 7.1.2

Source of incident disclosure:

Self Reported

Impact

  • Total number of certificates:
    • Two (2)
  • Total number of "remaining valid" certificates:
    • Zero (0)
  • Affected certificate types:
    • S/MIME Legacy, sponsor-validated profile (2.23.140.1.5.3.1)
  • Incident heuristic:
    • All affected certificates are disclosed in the Appendix of this report
    • As S/MIME certificates are not publicly available / logged, criteria to externally assemble the full corpus of affected certificates therefor not available.
  • Was issuance stopped in response to this incident, and why or why not?:
    • No
    • Decision was made not to stop the CA as this was identified to concern only one (1) certificate initially and mitigative configuration was identified possible to prevent issue to recur.
    • Further review as described in the initial incident report identified another certificate, but mitigative configuration was already applied to prevent the issue to recur.
  • Analysis:
    • Affected certificates were immediately revoked upon identification and within 24 hours of issuance.
  • Additional considerations:

Timeline

  • 2024-10-07

    • Worker finalized and verified.

  • 2025-04-30

    • Decision to deploy and start the worker was taken by the Change Advisory Board at RA.

  • 2025-05-08 12:15:00

    • Deployment of the worker was triggered

  • 2025-05-08 12:17:03

    • Worker started

  • 2025-05-08 12:22:47

    • CSR based request received by Telia CA from Telia CA's Swedish RA for the 1st certificate

  • 2025-05-08 12:22:48

    • Telia Email CA v5 Issued the certificate
    • Telia is using pkilint for S/MIME linting before issuance, but as the AIA id-ca-caIssuer contained http:URI the lint check did not identify the issue as pkilint does not verify if the URI is actually pointing to an Issuing Certificate file.
    • For avoidance of any doubt, Telia CA has responsibility to ensure correctness of issued certificates, thus we are not expecting pkilintto verify the URI link target to be actually caIssuer certificate in DER format.

  • 2025-05-08 12:23:22

    • CSR based request received by Telia CA from Telia CA's Swedish RA for the 2nd certificate

  • 2025-05-08 12:23:23

    • Telia Class 2 CA v3 Issued the certificate
    • Telia is using pkilint for S/MIME linting before issuance, but as the AIA id-ca-caIssuer contained http:URI the lint check did not identify the issue as pkilint does not verify if the URI is actually pointing to an Issuing Certificate file.

  • 2025-05-08 20:58

    • Telia CA's daily AIA linting to verify id-ca-caIssuer content reported AIA ERROR http://ocsp.trust.telia.com readable:False,verify:False,mimetype:False sent to Telia CA's Security Manager for review

  • 2025-05-09 04:25

    • Telia CA Security Manager reviewed daily issuance logs and reports and identified above error report from daily AIA linting

  • 2025-05-09 05:31

    • Telia CA Security Manager contacted PKI Administrator for further review and verification of the error report

  • 2025-05-09 06:11

    • Certificate details were reviewed by Security Manager and contacted PKI Administrator
    • Issue was identified with the certificate confirmed by Security Manager and PKI administrator

  • 2025-05-09 06:30

    • Telia CA Security Board's emergency meeting called by Security Manager to record outcome of initial investigation and confirm that the issue must be disclosed as incident.
    • Decision was made not to stop the CA as this was identified to concern only one (1) certificate initially and mitigative configuration was identified possible to prevent issue to recur.

  • 2025-05-09 07:22:30

    • First identified misissued certificate was revoked with reasonCode: privilegeWithdrawn

  • 2025-05-09 07:23

    • Futher investigation continued and mitigative configuration was tested and set to prevent issue recurring by Telia CA.

  • 2025-05-09 07:56

    • Mitigative CA policy configuration was deployed for Telia Class 2 CA v3 to ensure that AIA extension is properly set prior issuance to production by PKI Administrators in supervision by Security Manager

  • 2025-05-09 08:39

    • Swedish RA was notfied by Security Manager of the issue to start addressing the issue and take required actions.

  • 2025-05-09 09:38:50

    • Faulty worked stopped.

  • 2025-05-09 10:46

    • Full certificate review identified another certificate with the same issue.

  • 2025-05-09 11:06:26

    • Second identified certificate was revoked reasonCode: privilegeWithdrawn

  • 2025-05-09 11:10

    • Review of all issued S/MIME certificates completed to confirm that the certificates reported on this incident are the only misissued certificates.

  • 2025-05-09 11:18

    • Mitigative CA policy configuration was deployed for Telia Email CA v5 to ensure that AIA extension is properly set prior issuance to production by PKI Administrators in supervision by Security Manager

  • 2025-05-09 11:36

    • This preliminary incident report was disclosed in Mozilla's Bugzilla after final review by Telia CA team

  • 2025-05-09 11:40

    • Root programs requiring direct notification of the disclosed incident informed by email with link to the disclosed incident

  • 2025-05-23

    • Full incident report was published in Mozilla Bugzilla.

Related Incidents

Bug Date Description
1963456 2025-04-29 Similar issue in AIA extension format as in this bug (AIA containing https URI), bug is TLS certificate related.
1962830 2025-04-25 Certificate missing OCSP URI in AIA, bug is TLS certificate related.
1914466 2024-08-22 Incorrect format of issuer CA in AIA, bug is TLS certificate related.
1908128 2024-07-16 AIA containing incorrect URI in OCSP URI, bug is TLS certificate related.
1884461 2024-03-08 Incorrect format of issuer CA in AIA, bug is TLS certificate related.
1884714 2024-03-11 LDAP URI in AIA, bug is TLS certficiate related.
1860697 2023-10-23 AIA in caIssuer, misconfiguration on S/MIME certificates.

Root Cause Analysis

Contributing Factor #1:

  • Description:
    • Issuing S/MIME CA relied upon Telia's SE RA CSR for the AIA extension, ca-id-caIssuers
    • Telia CA and Telia CA's internal RA in Sweden has had long term agreement (even before S/MIME BR has come in effect) where RA sets certificate information and passes it in CSR to the issuing CA. This practice has been working well for many years.
    • Because of this CA did not check the certificate content in such a way that the issue could have been identified at pre-issuance time. As explained in this report, post-issuance (daily linting) revealed the issue the next day.
  • Timeline:
    • Until the CA policy was configured to set ca-id-caIssuer to mitigate the identified issue 2025-05-09 as described on this report.
  • Detection:
    • Indirectly from daily linting and understanding of the agreement between CA and SE RA.
  • Interaction with other factors:
    • This factor is the primary contributor to the issue as the agreement between CA and SE RA resulted in CA trusting and relying upon SE RA's verification processes to ensure correct certificate information prior sending request to CA.
    • As issuing CA relied upon the information received to be verified by SE RA prior requesting certificate, no verification was made by the CA prior issuance.
  • Root Cause Analysis methodology used:
    • The cause was imminent for the CA when the issue was identified, no particular methodology was needed to identify this factor / root cause.

Contributing Factor #2: Bug in worker on RA

  • Description:

    • A new middlewear worker to generate certificate requests was taken into service for a limited number of users. This worker contained a software bug causing the faulty worker to select wrong value from configuration (the value for AIA id-ocsp was chosen) to populate the AIA id-ca-caIssuer in the certificate request. Validation of value in faulty worker only validated correct URI in basic format for this configuration value.
    • Therefore this was not detected in validation before sent to CA System.

  • Timeline:

    • Faulty Worker started: 2025-05-08 12:17:03
    • Non-compliance was detected: 2025-05-08 20:58
    • Faulty worked stopped : 2025-05-09 09:38:50

  • Detection:

    • Same as contributing factor #1

  • Interaction with other factors:

    • Contributing factors #3 and #4 allowed this bug to go unnoticed.

  • Root Cause Analysis methodology used:

    • 5 Whys

Contributing Factor #3: Insufficient code coverage in the worker allowed the bug to pass automated testing (RA)

  • Description:
    • A lack of clear and obvious visibility of code coverage for both the developer(s) and the reviewer allowed the insufficient coverage to go unnoticed. As a result, the bug causing the selection of an incorrect value was not detected at an early stage.
  • Timeline:
    • Faulty Worker development was finnished: 2024-10-07
    • Decision was made to deploy the worker in production: 2025-04-30
    • Faulty Worker started: 2025-05-08 12:17:03
    • Non-compliance was detected: 2025-05-08 20:58
    • Faulty worked stopped : 2025-05-09 09:38:50
  • Detection:
    • Identified during root cause analysis of contributing factor #2.
  • Interaction with other factors:
  • Root Cause Analysis methodology used:
    • 5 Whys

Contributing Factor #4: Requirement for the worker to collect CA-specific values was not clearly communicated between development/design and the testing team (RA)

  • Description:

    • Changes in roles and personnel during the development phase led to inadequate information sharing between the development and testing teams. Consequently, not all test cases were considered during the testing phase.

  • Timeline:

    • Requirement spesification was approved, reviewed and set in for development: 2024-05-21
    • Faulty Worker development was finnished: 2024-10-07
    • Decision was made to deploy the worker in production: 2025-04-30

  • Detection:

    • Identified during root cause analysis of contributing factor #2.

  • Interaction with other factors:

  • Root Cause Analysis methodology used:

    • 5 Whys

Contributing Factor #5: Manual quality assurance / testing allowed the bug to pass through(RA)

  • Description:
    • The tests run and test cases were not including adequate cases, thus not identifying this issue.
  • Timeline:
    • Worker QA was started: 2024-09-09
    • Worker QA was completed: 2024-10-03
  • Detection:
    • Identified during root cause analysis of contributing factor #2.
  • Interaction with other factors:
  • Root Cause Analysis methodology used:
    • 5 Whys

Lessons Learned

  • What went well:
    • Post-issuance daily linting alerted as expected CA for incorrect certificate issuance as designed.
    • CA was able to take swift actions to identify affected certificate and revoke the certificates within 24 hours
    • Mitigative policy changes were quickly applied to the issuer CAs to prevent issue to recur and not needing to stop the CA.
  • What didn’t go well:
    • Due to the explained internal agreement with SE RA caused this issue to happen
    • Pre-issuance linting did not include CA's custom linting used for daily post-issuance linting to prevent this issue to occur.
    • Gaps in communication and uncertainties in understanding of the requirements for the Worker functionality contributed to the issue.
    • Testing phase did not identify the issue in manual and automated testing phases
  • Where we got lucky:
    • Only small number of certificates were misissued.
  • Additional:
    • N/A

Action Items

Action Item Kind Corresponding Root Cause(s) Evaluation Criteria Due Date Status
Set all certificate values at Issuing CA where possible Prevent Root Cause # 1 All S/MIME Issuing CA policies updated in production to set all certificate values possible by the issuing CA and not relying on request (CSR) information. As this is internal to CA issuing system policies, external / public measurement of the effectiveness would not be possible. As S/MIME certificates are not logged in any public logs, information cannot be easily obtained. 2025-06-10 Ongoing
Implement custom pre-issuance linting to prevent this type of issue Prevent All Root Causes Custom linting deployed in production in all relevant CA issuer policies. As this is internal to CA issuing system, external / public measurement of the effectiveness would not be possible. As S/MIME certificates are not logged in any public logs, information cannot be easily obtained. 2025-09-01 Ongoing
RA will stop provide fixed values in certificate requests and let the CA system set those values. Prevent Root Cause # 2 RA system updated with new software and affected values removed from configuration. 2025-06-17 Ongoing
Modify the build script to ensure that code coverage reports are is easily accessible and reviewable during the Pull Request process. Prevent Root Cause # 3 The code coverage percentage is clearly visible in the Pull Request, making it easy for reviewers to assess test completeness. As this is a non-public repository, external verification of the change will not be possible. 2025-06-05 Ongoing
Modify the implementation phase routines to include a requirement alignment session, ensuring that all roles have a shared and consistent understanding of the project requirements before development begins. Prevent Root Cause #4 A requirement alignment session is included in the planning phase of each iteration, during which the impact of the planned changes is reviewed and agreed upon by all relevant roles. If necessary, the related information and requirements are updated to reflect the agreed changes. 2025-06-02 Ongoing
Include a cross-team planning meeting in the manual acceptance testing routine to align on the test plan before testing begins. This promotes shared responsibility for defining test cases and scope based on diverse insights. Prevent Root Cause #5 The test lead verifies that the proposed test plan is agreed upon across roles before the test session begins. 2025-06-02 Ongoing

Appendix

Personal information suppressed from the certificate details.

1st certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:d9:3c:cb:5b:1a:9f:05:79:87:c1:8c:da
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = SE, O = Telia Company AB, CN = Telia Email CA v5
        Validity
            Not Before: May  8 12:22:48 2025 GMT
            Not After : May  9 12:22:45 2026 GMT
        Subject: C = SE, O = Telia Company AB, organizationIdentifier = NTRSE-556103-4249, CN = XXXX, SN = XXXX, GN = XXX, emailAddress = XXX
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:25:c8:c0:ee:49:83:50:b0:44:0d:7e:64:3d:
                    50:ea:7e:d7:97:1f:31:75:f8:5a:b0:6b:b1:52:22:
                    dd:df:0b:3d:b7:0b:8a:09:41:5e:29:a6:5d:1e:07:
                    23:ed:b1:96:db:2d:b2:52:78:2b:9d:cb:3d:7e:dc:
                    df:2e:75:bf:fd:fe:be:c3:c3:36:ad:2a:43:b1:45:
                    98:1b:bd:23:9c:83:20:da:03:60:89:1a:5b:3d:a4:
                    3f:1b:29:0f:76:58:39:5d:a2:b8:c3:35:9f:7e:72:
                    c1:ee:f4:4a:68:4a:df:43:bd:96:ae:db:0a:d9:2c:
                    ed:1b:3b:7b:d8:9f:fb:99:2d:f8:da:fb:03:4c:63:
                    86:d9:86:c4:d3:d8:13:e5:dc:e7:a8:2e:d2:c6:cd:
                    01:20:e0:70:c8:43:0f:12:54:d5:49:b3:e5:f2:a5:
                    5c:17:a5:aa:50:52:23:01:e4:5a:2f:aa:06:2e:ce:
                    2a:73:76:d8:92:18:66:c3:bc:0d:8d:9a:82:ce:f7:
                    94:6a:70:0a:c7:d2:00:72:4e:90:a5:bf:85:9a:f7:
                    1a:9c:17:f8:eb:0e:e2:30:24:ef:77:ce:95:91:36:
                    3b:ae:55:23:8e:37:9c:a7:b8:5a:78:03:63:30:f4:
                    2e:81:66:8e:ca:a3:1c:30:67:09:1e:18:90:c3:90:
                    cb:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:37:E6:AF:0C:B0:E0:01:97:5B:18:BF:86:44:B8:1C:D1:E3:E1:65:94

            X509v3 Subject Key Identifier: 
                B5:9C:2F:C5:80:77:2C:80:D1:AF:E0:F7:21:59:DC:16:E2:96:C8:1E
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Certificate Policies: 
                Policy: 1.3.6.4.1.271.2.3.1.1.14
                  CPS: https://cps.trust.telia.com
                Policy: 2.23.140.1.5.3.1

            X509v3 Subject Alternative Name: 
                email:XXXX
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://httpcrl.trust.telia.com/teliaemailcav5.crl

            X509v3 Extended Key Usage: 
                E-mail Protection, TLS Web Client Authentication
            Authority Information Access: 
                OCSP - URI:http://ocsp.trust.telia.com
                CA Issuers - URI:http://ocsp.trust.telia.com

    Signature Algorithm: sha256WithRSAEncryption
         2f:7c:13:01:e1:7d:9d:18:63:52:65:98:48:7a:53:a3:27:f3:
         2c:1e:c0:92:64:26:28:e5:63:54:dc:fd:38:c0:51:31:60:b8:
         db:58:46:4f:3e:c8:48:5c:32:51:4b:a0:9e:e6:f5:40:95:1d:
         3e:af:50:16:05:08:2c:df:ce:c5:0d:63:a2:2d:77:ad:61:04:
         b3:54:14:60:4a:12:35:d8:3b:e2:6e:e8:dc:8d:0c:4a:3b:13:
         72:10:f9:de:31:e8:96:d2:8e:c6:a9:1c:a5:7d:92:63:75:f6:
         fd:9d:5a:df:9d:1e:33:f3:19:b5:7a:da:b1:bf:89:ee:a9:3b:
         d1:3d:b6:28:0d:7c:32:7d:0d:cc:1e:5c:26:02:f1:55:77:11:
         bc:0a:fa:d5:d1:65:ce:97:db:78:d5:49:87:5c:3a:53:47:b9:
         9b:57:c6:51:ab:fa:70:b9:56:49:c5:f4:2f:22:46:e3:ff:fd:
         03:4f:14:fd:ae:79:ef:ec:d2:63:45:74:bc:1d:a2:b7:04:8d:
         be:c7:48:23:35:c3:4f:50:96:93:98:b6:ef:fe:60:4c:5c:c8:
         90:ff:3d:53:37:b2:97:43:bb:80:26:bd:41:96:2b:8d:8e:e5:
         87:80:58:e5:50:4b:9e:86:21:41:6e:13:d0:e7:75:35:ef:be:
         89:66:f2:42:b4:f3:3f:e2:3a:8f:91:3b:23:5f:db:58:10:27:
         96:99:31:79:50:ae:c1:26:70:d4:31:85:92:00:dd:c0:98:35:
         ca:a5:85:40:52:62:ff:95:9e:e0:2b:c2:0e:d8:b1:ab:d8:c3:
         3e:8d:66:fc:3c:3f:7d:40:ab:f7:2c:00:f2:94:28:4c:42:2c:
         b8:0b:6f:52:bc:2f:0c:6a:07:6e:23:2c:94:6b:ff:54:3a:8f:
         2d:90:09:73:c4:97:fd:9e:65:cf:fc:09:5a:f8:19:37:e3:75:
         37:7a:f2:33:17:6e:cf:62:0b:fc:88:44:b6:fe:50:93:a5:90:
         4c:fc:0c:d6:ee:b7:eb:01:4d:9d:f9:c2:07:4e:04:14:45:80:
         ef:76:77:f8:b2:bb:87:5a:f8:c5:60:6c:82:11:0b:b7:c0:75:
         e1:85:b4:55:80:16:06:b5:85:c6:92:0c:44:87:59:32:ed:28:
         7e:70:83:bc:33:a0:21:89:57:3c:dc:65:60:21:eb:51:bc:92:
         e1:7b:8d:44:70:8c:ef:67:f5:88:fc:50:62:b5:52:0f:59:d1:
         42:16:46:29:db:21:d3:58:7a:7b:4d:02:fb:6b:8d:45:84:cc:
         fd:6e:2a:70:aa:91:3a:e2:b4:bd:d6:7e:9d:58:19:c8:71:0f:
         74:1c:14:c2:88:7d:4f:70

2nd certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:e2:e5:3f:a0:24:5c:cb:21:85:5c:80:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=SE, O=Telia Company AB, CN=Telia Class 2 CA v3
        Validity
            Not Before: May  8 12:33:23 2025 GMT
            Not After : May  9 12:33:22 2027 GMT
        Subject: C=SE, O=Arelion Sweden AB/2.5.4.97=NTRSE-556583-2226, CN=XXX, SN=XXX, GN=XXX, emailAddress=XXX
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:97:ae:7d:ed:82:fa:be:ca:15:ab:b5:4f:2a:f3:
                    19:67:ca:6c:e8:07:41:39:65:b2:e0:9d:4b:65:de:
                    53:e2:52:49:a8:40:47:36:af:5c:4d:b3:0f:4e:89:
                    25:c3:f5:df:24:73:23:40:ec:8a:b2:08:76:fb:bc:
                    ea:aa:1b:d8:fc:2a:c2:76:61:0a:a0:5b:ab:67:5a:
                    4e:24:34:a3:a0:cc:71:ef:fd:0f:3d:8d:d9:0e:4d:
                    5d:51:09:3a:50:2e:e3:8e:60:42:ab:46:dc:dd:73:
                    eb:9d:10:40:ad:65:c6:d8:c9:02:56:b2:83:25:ab:
                    5a:eb:c4:da:b2:2c:7c:5e:45:db:87:7e:90:2b:f8:
                    27:8e:34:a9:1b:8e:98:fc:61:81:b6:60:be:d2:1a:
                    e2:d2:33:86:fb:08:c2:fc:08:cf:3a:56:51:ec:6e:
                    36:73:d0:af:29:d3:25:fd:dd:4b:81:10:84:1f:b0:
                    c0:2c:eb:88:2c:71:2d:44:78:cc:40:96:d5:c2:c6:
                    46:8f:b0:7e:f8:2b:d8:70:e7:50:0e:3a:9f:67:f4:
                    44:4d:39:b7:8e:f9:28:7f:db:7e:1a:4d:07:b6:53:
                    e6:c2:ef:77:95:7a:9a:b5:df:0f:8a:00:d0:d5:0a:
                    e2:bc:eb:46:5c:f7:6d:95:8d:a3:1b:7c:f8:77:3a:
                    c6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:D3:A4:B5:F8:3E:59:CD:8C:11:E0:1A:34:76:34:93:DD:7E:9D:4D:F9
 
            X509v3 Subject Key Identifier:
                E4:CF:AE:28:7E:49:C7:B6:AE:15:92:02:C3:F9:93:5C:E4:33:4B:FF
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Certificate Policies:
                Policy: 1.3.6.1.4.1.271.2.3.1.1.12
                  CPS: https://cps.trust.telia.com
                Policy: 2.23.140.1.5.3.1
 
            X509v3 Subject Alternative Name:
                email:XXXX
            X509v3 CRL Distribution Points:
 
                Full Name:
                  URI:http://httpcrl.trust.telia.com/teliaclass2cav3.crl
 
            X509v3 Extended Key Usage:
                E-mail Protection, TLS Web Client Authentication
            Authority Information Access:
                OCSP - URI:http://ocsp.trust.telia.com
                CA Issuers - URI:http://ocsp.trust.telia.com
 
    Signature Algorithm: sha256WithRSAEncryption
         31:f2:12:79:2b:d9:bd:8a:06:78:5d:fe:90:a3:a0:fb:50:e9:
         21:ca:e4:f8:74:02:c4:6a:f1:99:1b:79:1a:8d:39:ae:b1:e8:
         c5:4b:2b:57:58:cd:c0:a4:bb:46:39:ef:7d:70:50:00:3b:ae:
         bd:a7:0c:f5:e4:83:d1:df:29:46:1a:83:ee:f7:1e:a1:6e:84:
         db:cc:16:e4:c5:ce:9d:b3:8c:d2:a9:aa:8f:97:71:45:60:7a:
         1a:b3:dd:93:e4:bc:c8:e3:a5:57:1b:5b:92:ce:fd:3d:7a:8e:
         f1:58:b0:5b:0b:18:46:cd:a0:aa:db:ca:32:e0:f7:3d:83:33:
         f5:1b:69:4f:15:d8:c3:8d:c4:e0:47:47:0c:24:5a:68:c6:22:
         9a:b9:bd:fc:ac:4c:81:a8:17:2e:d3:2c:d6:32:84:a7:c9:0b:
         e8:62:46:76:8d:c7:40:74:b3:e5:0b:a4:9b:5e:b8:57:cf:e4:
         00:9e:65:c0:ce:2e:3c:78:5b:5a:eb:8d:08:e7:56:eb:22:bc:
         0b:5d:ab:35:c9:63:ab:88:0d:f7:18:70:a9:d9:db:83:15:21:
         9a:ac:76:e7:b6:c1:e1:7d:6d:3f:1e:51:35:49:88:56:b1:43:
         79:27:90:18:0c:8e:8e:50:71:a9:c5:44:b5:bf:1a:67:12:a4:
         db:1b:c4:3a:7f:a2:8c:2f:41:00:af:0c:e4:c4:66:1d:cf:99:
         40:13:86:93:0a:f4:b2:25:d2:93:33:9c:e3:68:c7:84:ed:ef:
         0b:a0:e1:49:3a:e8:c6:2b:ff:39:6b:f2:c6:e8:f2:d5:f2:32:
         db:99:93:2f:4c:68:58:27:23:05:e1:d0:9b:0f:df:2f:74:ba:
         72:70:3c:6e:fc:bb:50:3a:55:b3:43:0d:aa:5a:12:92:3e:b8:
         9f:3f:ec:e0:c0:f0:a0:9b:e7:73:63:d7:7a:49:82:d4:cc:de:
         fe:8d:88:f6:a3:96:bb:a8:02:05:7b:d9:c8:52:d8:a4:60:fe:
         72:c4:4e:11:d8:ea:71:11:3b:54:fc:1b:77:18:88:17:18:84:
         86:54:41:48:e4:32:e9:a1:27:99:be:63:2b:1d:49:05:42:ee:
         35:60:6b:ee:65:f1:59:5b:15:04:25:6d:02:3d:6c:41:63:d6:
         27:70:6c:46:32:54:11:a7:1e:37:ad:de:c8:c3:88:8f:f7:de:
         29:21:8b:e5:ee:00:a8:f2:df:20:41:a0:46:4a:9f:b3:7f:0a:
         e0:d4:f9:1a:2f:07:4a:22:a3:86:41:31:5b:f9:25:7f:30:f6:
         1f:69:68:59:a6:39:e1:f1:60:13:d9:54:3b:00:ee:bc:b9:a7:
         00:77:f7:a2:95:86:ae:9f

Full incident report posted, we'll be following on question / comments on this incident.

As we have couple of action items defined to be completed in few weeks ahead, weekly updates will be provided as required.

This is our weekly update, planned action items on schedule.

Update 6.6.2025

This is our weekly update, following action times have been completed as planned.

Completed Action Items

Action Item Kind Corresponding Root Cause(s) Evaluation Criteria Due Date Status
Modify the build script to ensure that code coverage reports are is easily accessible and reviewable during the Pull Request process. Prevent Root Cause # 3 The code coverage percentage is clearly visible in the Pull Request, making it easy for reviewers to assess test completeness. As this is a non-public repository, external verification of the change will not be possible. 2025-06-05 Completed
Modify the implementation phase routines to include a requirement alignment session, ensuring that all roles have a shared and consistent understanding of the project requirements before development begins. Prevent Root Cause #4 A requirement alignment session is included in the planning phase of each iteration, during which the impact of the planned changes is reviewed and agreed upon by all relevant roles. If necessary, the related information and requirements are updated to reflect the agreed changes. 2025-06-02 Completed
Include a cross-team planning meeting in the manual acceptance testing routine to align on the test plan before testing begins. This promotes shared responsibility for defining test cases and scope based on diverse insights. Prevent Root Cause #5 The test lead verifies that the proposed test plan is agreed upon across roles before the test session begins. 2025-06-02 Completed

Changed Action Item

Following action item has been changed to be completed earlier as initially planned. We've been able to advance faster in our custom linter development and we're able to deploy linter defined in the action item with new schedule.

Action Item Kind Corresponding Root Cause(s) Evaluation Criteria Due Date Status
Implement custom pre-issuance linting to prevent this type of issue Prevent All Root Causes Custom linting deployed in production in all relevant CA issuer policies. As this is internal to CA issuing system, external public measurement of the effectiveness would not be possible. As S/MIME certificates are not logged in any public logs, information cannot be easily obtained. 2025-06-27 Ongoing

For other pending action items we are on plan and see no reason to complete action items as scheduled.

Update 13.6.2025 Report

This is our weekly update, following action item has been completed as planned.

Completed Action Items

Action Item Kind Corresponding Root Cause(s) Evaluation Criteria Due Date Status
Set all certificate values at Issuing CA where possible Prevent Root Cause # 1 All S/MIME Issuing CA policies updated in production to set all certificate values possible by the issuing CA and not relying on request (CSR) information. As this is internal to CA issuing system policies, external / public measurement of the effectiveness would not be possible. As S/MIME certificates are not logged in any public logs, information cannot be easily obtained. 2025-06-10 Completed

For the pending action items we are on plan and see no reason to complete those action items as scheduled.

Update 19.6.2025 Report

This is our weekly update, following action item has been completed as planned.

Completed Action Items

Action Item Kind Corresponding Root Cause(s) Evaluation Criteria Due Date Status
RA will stop provide fixed values in certificate requests and let the CA system set those values. Prevent Root Cause # 2 RA system updated with new software and affected values removed from configuration. 2025-06-17 Completed

For the last pending action item we are on plan and see no reason to complete the action item as planned.

Update 27.6.2025 Report

This is our weekly update, following action item has been completed as planned.

Completed Action Items

Action Item Kind Corresponding Root Cause(s) Evaluation Criteria Due Date Status
Implement custom pre-issuance linting to prevent this type of issue Prevent All Root Causes Custom linting deployed in production in all relevant CA issuer policies. As this is internal to CA issuing system, external public measurement of the effectiveness would not be possible. As S/MIME certificates are not logged in any public logs, information cannot be easily obtained. 2025-06-27 Completed

All action items are now herby completed and we'll start to prepare our disclosure report.

Requesting next update to be set 16.7.2025.

Flags: needinfo?(bwilson)
Whiteboard: [ca-compliance] [smime-misissuance] → [ca-compliance] [smime-misissuance] Next update 2025-07-16

Report Closure Summary

  • Incident description:
    Telia CA issued S/MIME certificates violating S/MIME BR 7.1.2.3 for certificate contents in certificate extension Authority Information Access:id-ca-caIssuers.

  • Incident Root Cause(s):
    #1

    Issuing S/MIME CA relied upon Telia's SE RA CSR for the AIA extension, ca-id-caIssuers

    Telia CA and Telia CA's internal RA in Sweden has had long term agreement (even before S/MIME BR has come in effect) where RA sets certificate information and passes it in CSR to the issuing CA. This practice has been working well for many years.

    Because of this CA did not check the certificate content in such a way that the issue could have been identified at pre-issuance time. As explained in this report, post-issuance (daily linting) revealed the issue the next day.

    #2

    A new middlewear worker to generate certificate requests was taken into service for a limited number of users. This worker contained a software bug causing the faulty worker to select wrong value from configuration (the value for AIA id-ocsp was chosen) to populate the AIA id-ca-caIssuer in the certificate request. Validation of value in faulty worker only validated correct URI in basic format for this configuration value.

    Therefore this was not detected in validation before sent to CA System.

    #3

    A lack of clear and obvious visibility of code coverage for both the developer(s) and the reviewer allowed the insufficient coverage to go unnoticed. As a result, the bug causing the selection of an incorrect value was not detected at an early stage.

    #4

    Changes in roles and personnel during the development phase led to inadequate information sharing between the development and testing teams. Consequently, not all test cases were considered during the testing phase.

    #5

    The tests run and test cases were not including adequate cases, thus not identifying this issue.

  • Remediation description:
    CA policies were reviewed and updated to set all possible certificate values at the CA instead of trusting values provided by the CSR submitted by SE RA.
    Custom pre-issuance linting was developed and deployed to ensure AIA:ca-id-caIssuer contains correct value for the issuing CA.
    Software development process was reviewed and improvements made to ensure that quality assurance and acceptance of the software updates are comprehensively tested.
    Automation support for software testing was improved with new test cases to rely upon automation rather than just human testing for more consistent quality assurance.

  • Commitment summary:

    Telia has plans to amend its custom linting solution coverage to address use cases outside the scope of standard liting solutions and requiring access to data that is outside the contents of tbs-certificate, pre-certificate or final certificate. Through clear roadmap to further enhance custom liting solution Telia shall improve its capabilities to prevent incidents similar to (and beyond) as reported on this incident.

All Action Items disclosed in this report have been completed as described, and we request its closure.

Flags: needinfo?(incident-reporting)

This is a final call for comments or questions on this Incident Report.

Otherwise, it will be closed on approximately 2025-07-14.

Whiteboard: [ca-compliance] [smime-misissuance] Next update 2025-07-16 → [close on 2025-07-14] [ca-compliance] [smime-misissuance]

This is our update on Next Update, nothing to update, waiting the incident to be closed as indicated by comment #13.

Requesting Next Update to be set the 15th of August.

Status: ASSIGNED → RESOLVED
Closed: 7 months ago
Flags: needinfo?(incident-reporting)
Resolution: --- → FIXED
Whiteboard: [close on 2025-07-14] [ca-compliance] [smime-misissuance] → [ca-compliance] [smime-misissuance]
Flags: needinfo?(bwilson)
You need to log in before you can comment on or make changes to this bug.