I've completed a full scan of the crt.sh DB, which found 171 certs with
ROCA fingerprints.
The list is at https://misissued.com/batch/28/
Many of these are Qualified/EUTL certs rather than anything to do with
the WebPKI. Only about half of them chain to roots that are trusted by NSS.
On 17/10/17 14:49, Rob Stradling via dev-security-policy wrote:
On 16/10/17 23:15, Jakob Bohm via dev-security-policy wrote:
<snip>
Unfortunately, as of right now, their github repository still doesn't
include the promised C/C++ implementation,
Hi Jakob. Today I ended up rewriting the ROCA fingerprint checker in C
(using OpenSSL BIGNUM calls) to get it working in crt.sh. In case it's
useful, here's a Gist:
https://gist.github.com/robstradling/f525d423c79690b72e650e2ad38a161d
Build it with -lcrypto and pipe a DER cert to STDIN.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
