Re: DigiCert ROCA fingerprint incident report

Wed, 08 Nov 2017 04:05:19 -0800 

I see all 7 of the certs identified in this thread in crt.sh:

Serial number: 4a907fbfc90eb043c50c9c8ace6305a1
SAN->dNSName: [www.]asik-portal.com
https://crt.sh/?id=13734110

Serial number: 8008c178d0d4cd3d79acc09f6ac132c
SAN->dNSName: *.Thameswater.co.uk
https://crt.sh/?id=249452540

Serial number: 2dab9a2d40a2f55c5d705551cf7cafe5
SAN->dNSName: *.thameswater.co.uk
https://crt.sh/?id=249452542

Serial number: 306b67f5c25ee0fd495d2be88979eb72
SAN->dNSName: *.thameswater.co.uk
https://crt.sh/?id=249452543

Serial number: 7c7b826b183093ba1e5b9850ac31d806
SAN->dNSName: *.thameswater.co.uk
https://crt.sh/?id=249452544

Serial number: 4c834767e44ecbd0cdef8e60c04dcf32
SAN->dNSName: r02s06.nex.yahoo.com
https://crt.sh/?id=153622290

Serial number: a18e9
Domain name: [www.]vwiscada.com
https://crt.sh/?id=42223834

On 07/11/17 18:27, Jeremy Rowley via dev-security-policy wrote:

I believe so – I asked that they all be logged, but I’ll need to double check 
whether it got done.


From: Alex Gaynor [mailto:agay...@mozilla.com]
Sent: Tuesday, November 7, 2017 11:23 AM
To: Jeremy Rowley <jeremy.row...@digicert.com>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: DigiCert ROCA fingerprint incident report


Hi Jeremy,


Have all these certificates been submitted to CT?


Thanks!

Alex


On Tue, Nov 7, 2017 at 1:20 PM, Jeremy Rowley via dev-security-policy 
<dev-security-policy@lists.mozilla.org 
<mailto:dev-security-policy@lists.mozilla.org> > wrote:

Hey everyone,



Here's the DigiCert incident report about the ROCA fingerprints. Note that
these were all issued by Symantec (ie, before the transaction closed).



We became aware of the issue when it was posted to the mailing list.
However, at that time, the certs were not operated by DigiCert. We became
aware that DigiCert needed to take action on close (Nov 1).  At that time,
the new combined team launched an investigation to determine the impacted
certs. Six certs were identified and revoked:




4a907fbfc90eb043c50c9c8ace6305a1


8008c178d0d4cd3d79acc09f6ac132c


2dab9a2d40a2f55c5d705551cf7cafe5


306b67f5c25ee0fd495d2be88979eb72


7c7b826b183093ba1e5b9850ac31d806


4c834767e44ecbd0cdef8e60c04dcf32



These certs were all revoked around Nov 3, within 24 hours of identifying
the impacted certs at DigiCert.



Jeremy


--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to