On Thu, 6 Oct 2022 13:36:03 -0700 "'Aaron Gable' via dev-security-policy@mozilla.org" <dev-security-policy@mozilla.org> wrote:
> Ah, that's a good point! > > In Let's Encrypt's particular case, we guarantee that all of our CRL > shards in a given "generation" share the same CRL Number, so > detecting one shard substituted from a previous generation would be > very easy. But I recognize that doing so is not required and could > not be relied upon in the general case. Right. I'm not seeing any way for a client to avoid the attack described by Corey without making assumptions about the CA's practices which might not be true in all cases. So I have to concur with Corey that there is currently a security issue which would allow attackers to tamper with Apple and Mozilla revocation systems. A simple fix would be to require that CAs use HTTPS URLs for CRL shards, though this wouldn't be as strong as relying on indicators within the CRL itself. Regards, Andrew -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20221007100135.dbb57df7c258081cac2953f1%40andrewayer.name.
