On Sat, Mar 07, 2020 at 09:07:11AM -0500, Ryan Sleevi wrote: > Thanks. I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1620772
I'll give points to SSL.com for a speedy initial response, but I'm a bit disconcerted about this: > The fingerpint of the claimed Debian weak key was not included in our > database. I think it's worth determining exactly where SSL.com obtained their fingerprint database of weak keys. The private key in my possession, which I generated for inclusion in the pwnedkeys.com database, was obtained by using the script provided in the `openssl-blacklist` source package, with no special options or modifications. The key used in this certificate is not one for a niche architecture or unusual configuration -- i386 was the dominant architecture at the time of the flaw, and 2048 bits is a standard key size. It would be somewhat more understandable if the key was, say, a 4096 bit key generated on a MIPS machine (it took *aaaaaaaaaaaages* to generate all of those), although it would still be a Debian weak key and thus still be a BR violation to issue a certificate for it. On the off-chance that there *was* a mistake in my key generation procedure, *and* a one-in-a-trillion collision of private keys, I've confirmed that the public key of the certificate in question is in the `openssl-blacklist` Debian package (https://packages.debian.org/jessie/openssl-blacklist, uploaded in 2011) with the following command: grep $(wget -O - -q https://crt.sh/?d=2531502044 \ | openssl x509 -noout -pubkey \ | openssl rsa -pubin -noout -modulus \ | sha1sum | cut -d ' ' -f 1 | cut -c 21-) \ /usr/share/openssl-blacklist/blacklist.RSA-2048 As further independent confirmation, the crt.sh page for the certificate shows that crt.sh *also* identifies the certificate as having a Debian weak key. My understanding is that crt.sh uses a database of keys that was independently generated by the operator of the crt.sh service. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
