On 30/03/2019 22:16, certification_author...@apple.com wrote: > On March 30, Apple submitted an update to the original incident report > (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted > below. > _______________________________________________________________________________________ > > We've been working our plan to revoke impacted certificates. Thus far over > 500,000 certificates have been revoked since the issue was identified and > 54,853 remain (file attached with remaining certificates [in teh Bugzilla > post]). Our plan will result in all impacted certificates being revoked. > > Our approach to resolving this incident has been to strike a balance between > a compliance incident with low associated security risk and impact to > critical services. We have established a timeline to address the remaining > certificates that minimizes service impact and allows standard QA and change > control processes to ensure uptime is not affected. > > As part of the remediation plan, a number of certificates will be migrated to > an internal, enterprise PKI, which will take more time. > > Based on these factors, it is expected that most certificates will be revoked > by April 30 with less than 2% extending until July 15. > > Another update will be provided next week. >
For the benefit of the community (including possible future creation of policies for mass revocation scenarios), could you detail: 1. How many of the 54,583 certificates are issued to Apple owned and operated servers and services and how many not. 2. What kinds of practical issues are delaying the replacement of certificates on any such Apple operated servers and services, perhaps with approximate percentages. For example is it: 2a. Security lockdown requiring specific authorized persons to oversee the certificate change in person. 2b. Security lockdown requiring security staff to physically travel to remote locations to authorize the change, one location at a time. 2c. Security procedures requiring some authorized persons to authorize the changes one certificate at a time, with those persons now inundated with a much larger than usual number of such requests per day/week. 2d. Non-security procedures requiring specific people to check the changes for mistakes. Those people now being inundated with a much larger than usual number of such requests per day/week. 2e. Non-security procedures requiring the changes to go through automated regression tests. The regression testing computers now being inundated with a much larger than usual number of such requests per day/week. 2f. Non-security procedures requiring the changes to be run on other computers for a certain number of weeks before deployment on some computers. 2g. Certificate checking procedures requiring certificates to remain valid for a certain period of time after their last actual use. 2h. Servers managed by teams that are busy with unrelated tasks at this time. 2o. Obscure servers that are rarely touched, causing practical problems locating the teams responsible. 2p. Anything else. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy