Interesting - this escaped our notice because it has a Tor descriptor. Unfortunately, it looks like the fetch function with v3 is not supported so we'll have to change how we pull and include the descriptor. Since the key is already in the cert, I agree there is nothing gain by including it, but I doubt there's strong incentives to change the guidelines right now. We'll modify to include it.
-----Original Message----- From: Alex Cohn <a...@alexcohn.com> Sent: Monday, March 12, 2018 6:55 PM To: Jeremy Rowley <jeremy.row...@digicert.com> Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: DigiCert .onion certificates without Tor Service Descriptor Hash extension Thanks, Jeremy. I also found a certificate [1] with both 16-character.onion and 56-character.onion addresses [2] listed in the SAN. The v3 address is not included in the 2.23.140.1.31 extension, which seems to violate the same rule as below. However, v3 addresses include the service's entire public key in the address itself, so there's nothing to be gained by embedding a hash of that key in a certificate. I'm not sure what, if anything, needs to happen in this case. Thoughts? Alex [1] https://crt.sh/?id=351449246 [2] https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt On Mon, Mar 12, 2018 at 7:28 PM, Jeremy Rowley via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > Thanks Alex. Sorry for the delayed response. I've been traveling today. > We're reaching out to each of the customers and getting their cert replaced. > > > Looking into this, we did not correctly implement the ballot: > 1. We didn't add a check to our backend system too verify the cert > included a descriptor prior to issuance. > 2. On the front end, we missed requiring a Tor descriptor prior to > processing the order. > 3. The validation team received insufficient training on the Tor > descriptor requirement. > > In reality, the issue was too much reliance on the human component of > asserting the Tor descriptors instead of having a technical control in > place. We're working on putting those technical controls in place. > > Jeremy > > -----Original Message----- > From: dev-security-policy > <dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla. > org> On Behalf Of Alex Cohn via dev-security-policy > Sent: Sunday, March 11, 2018 9:37 PM > To: dev-security-policy@lists.mozilla.org > Subject: DigiCert .onion certificates without Tor Service Descriptor > Hash extension > > In the EV Guidelines [1], Appendix F states "The CA MUST include the > CAB Forum Tor Service Descriptor Hash extension in the TBSCertificate > convey hashes of keys related to .onion addresses." This language was > added in Ballot 201 [2], which had an effective date of 8 July 2017. > > The following certificates (and precertificates if the corresponding > certificate is not in a public CT log) were issued by DigiCert after 8 > July for .onion domains, but lack the necessary extension: > https://crt.sh/?q=240277340 (revoked 26 October 2017) > https://crt.sh/?q=261570255 > https://crt.sh/?q=261570338 > https://crt.sh/?q=261570380 > https://crt.sh/?q=261570384 > https://crt.sh/?q=261579788 > https://crt.sh/?q=261601212 > https://crt.sh/?q=261601280 > https://crt.sh/?q=261601281 > https://crt.sh/?q=261601284 > https://crt.sh/?q=261988060 > https://crt.sh/?q=326491168 > https://crt.sh/?q=326830043 > https://crt.sh/?q=328308725 > https://crt.sh/?q=328961187 > https://crt.sh/?q=329559222 > https://crt.sh/?q=330180704 > https://crt.sh/?q=351449233 (revoked 10 March 2018 after initial email > to > DigiCert) > > This was previously discussed on m.d.s.p about a year ago [3]. > > [1] > https://cabforum.org/wp-content/uploads/CA-Browser-Forum-EV-Guidelines-v1.6. > 8.pdf > [2] https://cabforum.org/2017/06/08/2427/ > [3] > https://groups.google.com/d/msg/mozilla.dev.security.policy/6pBLHJBFNt > s/ZtNI > D_xfAgAJ > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy