On Mon, Mar 23, 2015 at 5:50 PM, Kathleen Wilson <kwil...@mozilla.com> wrote: > Peter, Did you read the blog posts? > 1) > https://blog.mozilla.org/security/2015/03/23/revoking-trust-in-one-cnnic-intermediate-certificate/ > 2) > http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.html
I did read them both, but missed a couple of details on the Mozilla one. >> - Was it issued since their latest complete audit period ended and, if >> not, did their auditor flag it? > > > From Mozilla's blog post: > "CNNIC issued an unconstrained intermediate certificate that was labeled as > a test certificate and had a two week validity, expiring April 3, 2015." > > CNNIC's most recent audit statement is 8/1/2014. Ok, so the auditor did not miss it. >> How do they >> explain issuing a subordinate CA certificate with a private key not >> being on a HSM meeting the Baseline Requirements? > > > That is a very good question. Their customer apparently used a Palo Alto > Network Firewall Built in CA server to create their CSR request, and planned > to export it and import it into their CA server. Apparently CNNIC was not > aware that the customer had done this (until the incident occurred). The Baseline Requirements state "The CA SHALL protect its Private Key in a system or device that has been validated as meeting at least FIPS 140 level 3 or an appropriate Common Criteria Protection Profile or Security Target, EAL 4 (or higher), which includes requirements to protect the Private Key and other assets against known threats." According to https://www.paloaltonetworks.com/company/certifications.html and http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2323, this device has been certified at Level 3 for several parts, but has an overall Level 2 certification. I was under the impression, from the Google blog post, that the CA key was not in a FIPS certified device at all. >> - How many other CA certs has CNNIC issued which are not stored on HSMs? >> > > Remember that it is CNNIC's customer who made this mistake. CNNIC, as the > CA, is still responsible for it. But I would be surprised if CNNIC > themselves have this problem, nonetheless I will ask them. I was under the impression that CNNIC failed to verify that the key was properly stored. Based on the note that it was generated and stored on a Palo Alto Networks firewall, it appears that they requirement was met, as technically it met FIPS Level 3. The BRs probably need to clarify that the _Overall_ level needs to be level 3, not just module levels. That being said, maybe the better question to ask is "How does CNNIC confirm that subordinate CA keys are generated and secured appropriately?" Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy