Hello, I recently did an investigation where I tried to simply download private keys from web servers with common filenames. I collected these filenames simply from common tutorials on the web (server.key, privatekey.key, myserver.key, key.pem and [hostname].key with and without www). In several cases I was able to download private keys belonging to currently valid certificates.
I wrote about this today for the German news site Golem.de (with an english translation available): https://www.golem.de/news/https-private-keys-on-web-servers-1707-128862.html In the course of this I also learned quite a bit about the revocation process. According to the baseline requirements a CA shall revoke keys within 24 hours in case of a key compromise. Some notes about my experiences: * All certificates I reported are revoked now. * In several cases the deadline wasn't hit and CAs took longer. Some took over 4 days. In one case (Gandi) I learned that it's a branded CA from Comodo. Comodo immediately revoked the cert after they learned about it, but this raises interesting questions about the responsibilities of branded CAs. * The reporting process is wildly different. Some CAs provide email addresses, others online forms, Symantec has forms with captchas. In the April CA communications [1] mozilla announced that it wants to compile a list of contact methods and has asked CAs for them. I would encourage streamlining that process. I also think revocation should be automatable (at least on the side of the reporter) and wonder whether things like forms with captchas should be outruled. Particularly interesting is Let's Encrypt that provides an API via ACME to revoke if you posess the private key. IMHO that's ideal. * Comodo re-issued certs with the same key. I wonder if there should be a rule that once a key compromise event is known to the CA it must make sure this key is blacklisted. (Or maybe one of the existing rules already apply, I don't know.) I had opened a private bug in mozillas bugtracker which contains some more info and lists of the specific certificates. It's up to mozilla when they'll open it, but from my side I think this can go public. [1] https://wiki.mozilla.org/CA/Communications#April_2017_Responses [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1378074 -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy