Re: Revoking Trust in one ANSSI Certificate

On Wed, Dec 11, 2013 at 2:08 AM, Kathleen Wilson wrote: > Additionally, this CA has a root renewal request in progress[3]. As with all > root inclusion requests, the CA will be required to demonstrate compliance > with the BRs before the request can be approved. ... On Wed, Dec 11, 2013 at 2:30 AM

Re: Revoking Trust in one ANSSI Certificate

Am 2013-12-11 23:59, schrieb Gervase Markham: > Look again. It seems that it now contains 1106 certificates (!), with > widely varying revocation dates. Can't confirm that for any of the following CRL DPs: http://www.icp.minefi.gouv.fr/igca.crl (1 entry) http://www.icp.minefi.gouv.fr/ac-racine.crl

Re: Revoking Trust in one ANSSI Certificate

On 10/12/13 06:20, Jan Schejbal wrote: > The third sub-ca cert (Subject AC DGTPE Signature Authentification) > includes a CRL DP for a CRL issued by sub-ca 2, validity 2011-09-09 to > 2014-09-13. The CRL is empty. Look again. It seems that it now contains 1106 certificates (!), with widely varying

Re: Revoking Trust in one ANSSI Certificate

On Wed, Dec 11, 2013 at 1:49 AM, Samuel L wrote: > Le 11/12/13 01:08, Kathleen Wilson a écrit : >> Based on the list that Rob provided, there may be other domains that we >> might consider including. >> For example: >> *.ac-martinique.fr >> *.ac-creteil.fr >> *.ac-orleans-tours.fr >> *.education.f

Re: Revoking Trust in one ANSSI Certificate

On Tue, Dec 10, 2013 at 5:48 PM, Jan Schejbal wrote: > The CA has all three trust bits. We definitely should remove the code > signing trust bit. I agree. > Will this restriction also apply for S-MIME? If so, I > think we can keep the S-MIME one. What would the name constraint for S-MIME be? I

Re: Revoking Trust in one ANSSI Certificate

Le 11/12/13 01:08, Kathleen Wilson a écrit : Based on the list that Rob provided, there may be other domains that we might consider including. For example: *.ac-martinique.fr *.ac-creteil.fr *.ac-orleans-tours.fr *.education.fr *.ac-poitiers.fr As this list includes domains from the ministry o

Re: Revoking Trust in one ANSSI Certificate

On 10. 12. 2013 20:29, Charles Reiss wrote: > This list contains a bunch of RFC 1918 addresses (two under 10/8, around 111 > under 172.16/12, 9 under 192.168/16). This appears to contradict > https://bug368970.bugzilla.mozilla.org/attachment.cgi?id=355447 (information > gathering for inclusion of w

Re: Revoking Trust in one ANSSI Certificate

Am 2013-12-11 01:08, schrieb Kathleen Wilson: > Constrain the currently-included IGC/A root certificate to a certain > set of domains. I think the restriction needs to be along the lines > of *.gouv.fr. This sounds like a reasonable pragmatic approach for a short-term solution to minimize impact o

Re: Revoking Trust in one ANSSI Certificate

On Tue, Dec 10, 2013 at 4:08 PM, Kathleen Wilson wrote: > Constrain the currently-included IGC/A root certificate to a certain set of > domains. I think the restriction needs to be along the lines of *.gouv.fr. I think it might help to explain the rationale for the choice of *.gouv.fr: ANSSI is

Re: Revoking Trust in one ANSSI Certificate

All, I appreciate you sharing your findings and opinions about this incident and CA. Based on some of the CA responses noted in the January CA Communication[1], I have thought about constraining CAs that are unable to meet the timelines that have been provided regarding compliance with the

Re: Revoking Trust in one ANSSI Certificate

On 12/10/13 8:39 , Jan Schejbal wrote: > Am 2013-12-10 16:18, schrieb Rob Stradling: >> >> The larger file with more info is here... >> https://sslanalyzer.comodoca.com/igca_server_certs.zip > > Thanks, very nice! > > These look interesting: > > 8f5d29f6ae0f6aa472268de463dd2e397ddd1b50 > 1972268

Re: Revoking Trust in one ANSSI Certificate

Starting from http://www.ssi.gouv.fr/fr/anssi/services-securises/igc-a/ you can get the CRL of the 2048bits IGC/A, and a page linking to 14 sub-CAs. Ignore the 4096bits IGC/A for now, it hasn’t been accepted by Mozilla yet. Among those 14 sub-CAs, 4 don’t have any CRLDP: - “AC racine Agriculture

Re: Revoking Trust in one ANSSI Certificate

On 12/10/13 7:18 , Rob Stradling wrote: > On 10/12/13 14:46, Rob Stradling wrote: > >> I tried to send a larger file just now (with more info), but I'd >> forgotten that this list has a 40KB limit on attachments. > > The larger file with more info is here... > https://sslanalyzer.comodoca.com/igc

Re: Revoking Trust in one ANSSI Certificate

According to microsoft advisory (http://technet.microsoft.com/en-us/security/advisory/2916652?altTemplate=SecurityAdvisoryPF), the CA used to sign the rogue certificate is "AC DGTPE Signature Authentification" This certificate can be found here: http://crl2.dgtpe.fr/AC_DGTPE_Signature_Authenti

RE: Revoking Trust in one ANSSI Certificate

Sent: Tuesday, December 10, 2013 7:10 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Revoking Trust in one ANSSI Certificate I would suggest that there are 3 things for Mozilla to impress upon the participants in the ‎trusted store program: 1) Compliance with relevant specs

Re: Revoking Trust in one ANSSI Certificate

On 10/12/13 16:39, Jan Schejbal wrote: Am 2013-12-10 16:18, schrieb Rob Stradling: The larger file with more info is here... https://sslanalyzer.comodoca.com/igca_server_certs.zip Thanks, very nice! Thanks. :-) These look interesting: 8f5d29f6ae0f6aa472268de463dd2e397ddd1b50 1972268 C=F

Re: Revoking Trust in one ANSSI Certificate

Am 2013-12-10 16:18, schrieb Rob Stradling: > > The larger file with more info is here... > https://sslanalyzer.comodoca.com/igca_server_certs.zip Thanks, very nice! These look interesting: 8f5d29f6ae0f6aa472268de463dd2e397ddd1b50 1972268 C=FR, O=Ministere education nationale (MENESR), OU=110 0

Re: Revoking Trust in one ANSSI Certificate

On Mon, Dec 9, 2013 at 2:17 PM, Jan Schejbal wrote: > > I would really love to see the explanation how someone accidentally > issues and deploys a MitM Sub-CA... > I think it will turn out to be essentially the same reason that Microsoft got burned with the Flame attack. Just because an organiza

Re: Revoking Trust in one ANSSI Certificate

On 10/12/13 14:46, Rob Stradling wrote: I tried to send a larger file just now (with more info), but I'd forgotten that this list has a 40KB limit on attachments. The larger file with more info is here... https://sslanalyzer.comodoca.com/igca_server_certs.zip Column 1: SHA-1(Certificate) Colu

Re: Revoking Trust in one ANSSI Certificate

On 10/12/13 14:46, Rob Stradling wrote: Hopefully it won't reject this .zip file... Oh, it did. Maybe if I change the file extension from .zip to .txt... -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online PKu�C=�\�Iai
igca_server_identit

Re: Revoking Trust in one ANSSI Certificate

On 10/12/13 00:48, Erwann Abalea wrote: Le lundi 9 décembre 2013 23:15:01 UTC+1, Brian Smith a écrit : One thing that would really help would be an attempt to document which publicly-accessible websites are using certificates that chain (only) to the ANSSI root. I heard the claim that most Frenc

Re: Revoking Trust in one ANSSI Certificate

Am 2013-12-10 12:09, schrieb Jan Schejbal: > 5. Appears unable to operate a CA properly as per Erwann's mail (e.g. > no valid CRLs). I had a look at the CRLs of the certificates in the chain. The first sub-ca cert in the chain (Subject MINEFI-AUTORITE DE CERTIFICATION RACINE) includes a CRL DP w

Re: Revoking Trust in one ANSSI Certificate

I would suggest that there are 3 things for Mozilla to impress upon the participants in the ‎trusted store program:1) Compliance with relevant specs and policies. This is important not only to ensure proper, secure interoperability but also to create a level playing field. As Tim Moses points out t

Re: Revoking Trust in one ANSSI Certificate

Am 2013-12-10 09:52, schrieb Erwann Abalea: > I think ANSSI knows the duties associated to running a public CA, I'm > pretty sure the different ministries don't. I agree with the assumption that the ministries don't know the duties associated with running a public CA. Thus, ANSSI should never hav

Re: Revoking Trust in one ANSSI Certificate

On 12/10/2013 10:52 AM, From Erwann Abalea: You're right, of course. Mozilla has twice expressed its concerns about MITM certs linked to a public CA, and all public CAs including IGC/A was told to perform some checks on the complete set of certificates chaining to the root, reporting any deviat

Re: Revoking Trust in one ANSSI Certificate

Le mardi 10 décembre 2013 08:11:30 UTC+1, Eddy Nigg a écrit : > On 12/10/2013 02:48 AM, From Erwann Abalea: > > As Kathleen mentioned in bug 948175, governments need to vote budgets. > > :-) Issuing certs for google.com and other sites (assuming) without any > validation has nothing to do with B

Re: Revoking Trust in one ANSSI Certificate

On 12/10/2013 02:48 AM, From Erwann Abalea: As Kathleen mentioned in bug 948175, governments need to vote budgets. :-) Issuing certs for google.com and other sites (assuming) without any validation has nothing to do with BR compliance, budgets etc. -- Regards Signer: Eddy Nigg, StartCom Lt

Re: Revoking Trust in one ANSSI Certificate

Am 2013-12-09 22:12, schrieb Ryan Sleevi: > According to https://wiki.mozilla.org/CA:Communications#January_10.2C_2013 > (see the Responses section), this CA has indicated that they do not expect > to begin operating in full compliance to the Baseline Requirements and to > Mozilla's 2.1 Inclusion P

Re: Revoking Trust in one ANSSI Certificate

Le lundi 9 décembre 2013 23:15:01 UTC+1, Brian Smith a écrit : > One thing that would really help would be an attempt to document which > publicly-accessible websites are using certificates that chain (only) > to the ANSSI root. I heard the claim that most French public > government websites actual

Re: Revoking Trust in one ANSSI Certificate

On 12/9/2013 9:42 AM, Kathleen Wilson wrote: > Mozilla Security Blog post: > > https://blog.mozilla.org/security/2013/12/09/revoking-trust-in-one-anssi-certificate/ > > Google's blog post: > http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certifi

Re: Revoking Trust in one ANSSI Certificate

any of that. Surely there > is no reason to keep it secret, is there? > > *From: *Jan Schejbal > *Sent: *Monday, December 9, 2013 1:19 PM > *To: *mozilla-dev-security-pol...@lists.mozilla.org > *Reply To: *jan.schejbal_n...@gmx.de > *Subject: *Re: Revoking Trust in one ANSS

Re: Revoking Trust in one ANSSI Certificate

‎Brian, I was thinking it would be beneficial if ANSSI would provide a ‎host:port that would have the bad chain installed. This allows for anyone to check if their browser has been updated to un-trust the intermediate. I make this suggestion in addition to the points you raise below, and I think it

Re: Revoking Trust in one ANSSI Certificate

Let's start with the basics: what is the cert subject, serial number, date info? None of the four browser notices provided any of that. Surely there is no reason to keep it secret, is there?

Re: Revoking Trust in one ANSSI Certificate

One thing that would really help would be an attempt to document which publicly-accessible websites are using certificates that chain (only) to the ANSSI root. I heard the claim that most French public government websites actually use certificates that chain to a different CA. That has led me to wo

Re: Revoking Trust in one ANSSI Certificate

>From the information we have to date, I think the CAs that try hard to run a >conformant operation can be justifiably upset that this behaviour is tolerated. All the best. Tim. > On Dec 9, 2013, at 4:19 PM, "Eddy Nigg" wrote: > > On 12/09/2013 11:12 PM, From Ryan Sleevi: >> According to https

Re: Revoking Trust in one ANSSI Certificate

On 12/09/2013 11:12 PM, From Ryan Sleevi: According to https://wiki.mozilla.org/CA:Communications#January_10.2C_2013 (see the Responses section), this CA has indicated that they do not expect to begin operating in full compliance to the Baseline Requirements and to Mozilla's 2.1 Inclusion Poli

Re: Revoking Trust in one ANSSI Certificate

Am 2013-12-09 22:03, schrieb Eddy Nigg: > Is this CA compliant to the BR and Mozilla's CA policy and requirements? They didn't do a very good job at Section 14.1.1 of the BR if they allowed anyone who would "accidentally" issue a MitM cert access to a SubCA. Anyways, I'm looking forward to more d

Re: Revoking Trust in one ANSSI Certificate

On Mon, December 9, 2013 1:03 pm, Eddy Nigg wrote: > On 12/09/2013 08:09 PM, From Kathleen Wilson: > > On 12/9/13 9:42 AM, Kathleen Wilson wrote: > >> Mozilla Security Blog post: > >> > >> https://blog.mozilla.org/security/2013/12/09/rev

Re: Revoking Trust in one ANSSI Certificate

On 12/09/2013 08:09 PM, From Kathleen Wilson: On 12/9/13 9:42 AM, Kathleen Wilson wrote: Mozilla Security Blog post: https://blog.mozilla.org/security/2013/12/09/revoking-trust-in-one-anssi-certificate/ Google's blog post: http://googleonlinesecurity.blogspot.com/2013/12/further-impr

Re: Revoking Trust in one ANSSI Certificate

Hi, could we please have the certificates/chains involved in this, and could the corresponding bug (I assume there is one) maybe be made public? Especially of interest would be the dates when the certificates were issued, when they were first used for MitM, when this was reported to the CA by Googl

Re: Revoking Trust in one ANSSI Certificate

On 12/9/13 9:42 AM, Kathleen Wilson wrote: Mozilla Security Blog post: https://blog.mozilla.org/security/2013/12/09/revoking-trust-in-one-anssi-certificate/ Google's blog post: http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html The CA

Revoking Trust in one ANSSI Certificate

Mozilla Security Blog post: https://blog.mozilla.org/security/2013/12/09/revoking-trust-in-one-anssi-certificate/ Google's blog post: http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html The CA's public statement: http://www.ssi.gouv.fr/fr/menu/