On Thu, Sep 1, 2016 at 9:00 AM, Ryan Sleevi <r...@sleevi.com> wrote: > On Wed, August 31, 2016 10:09 pm, Richard Wang wrote: >> Thanks for your so detail instruction. >> Yes, we are improved. The two case is happened in 2015 and the mis-issued >> certificate period is only 5 months that we fixed 3 big bugs during the 5 >> months. >> For CT, we will improve the posting system. > > I had a little trouble parsing this, but let's make sure we're on the same > page. I've continued Gerv's original numbering: > > Incident -2: 16 January 2015 - 5 March 2015 - 1,132 BR-violating SHA-1 > certificates ( https://cert.webtrust.org/SealFile?seal=2019&file=pdf ) > Incident -1: April 4, 2015 - WoSign is informed it's routinely violating > its CPS for issued certificates ( > https://www.wosign.com/policy/wosign-policy-1-2-10.pdf ) > Incident X: April 9 - April 14, 2015 - 392 duplicate serial numbers > Incident 0: April 23, 2015 - 72 potentially dangerous port-validated > certificates > Incident 1: June, 2015 - 33 unvalidated base-domain from sub-domain > certificates > Incident 2: July, 2016 - At least 1 backdated SHA-1 certificate (was this > the only one? I wasn't clear from > https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/gksYkOTLCwAJ > )
It was brought to my attention that there is another incident. WoSign issued at least two certificates that have subject public keys which are for the SM2 algorithm. SM2 is an elliptic curve based algorithm but it does not use the US NIST P-256, P-384, or P-512 curves. The CA/Browser Forum Baseline Requirements and Mozilla CA Certificate Maintenance Policy both require that only these three curves be used for elliptic curve keys. In addition to including subjects keys using unapproved parameters, it seems these each share their serial number with another certificate for the same subject. So these are two more cases of duplicate serial numbers for different content. The log entries for the SM2 certificates are https://ctlog.wosign.com/ct/v1/get-entries?start=109239&end=109240; crt.sh doesn't have them. The matching serial numbers are https://crt.sh/?id=30613201 and https://crt.sh/?id=30613200. Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy