[cabfpub] Thursday's Agenda

Yngve N. Pettersen yngve at spec-work.net
Tue Apr 30 23:17:22 UTC 2013

On Tue, 30 Apr 2013 18:33:47 +0200, <Joseph.R.Kaluzny at wellsfargo.com>  

> We discussed ballot 80 in the last call regarding OCSP responders  
> answering with "good" for non-issued certificates. I would suggest  
> adding this to the agenda on the next call to discuss further. I  
> contacted our vendor regarding this and they have no plans to put this  
> on their roadmap so we would not be able to meet this requirement by  
> Aug. 1st, 2013.

Does this mean "no plans within X months", or "no plans, ever"?

If it is the first, then what is X?

Unfortunately, assuming the vendor is paraphrased correctly, the  
impression I get is that their meaning is "never". If so, there is no way  
that CAs using responders from this vendor (or others like it) will ever  
be able to get into compliance with the BR, unless they change vendors.

While the 'no "good" response for non-issued' policy won't handle all  
types of CA compromises, it was intended to counter a very specific kind  
of compromise, one where the attacker deletes the log and other  
information about issued certificates in order to avoid detection of his  
activities. Exactly what happened during the DigiNotar breach (For  
reference, according to available information DigiNotar was apparently  
revoking the attackers certificates almost as soon as he got them issued,  
which is probably why he deleted the logs).

What an extension of the August deadline means for Well Fargo (or any CA  
in a similar situation) is that if, hypothetically, you were compromised  
in the same fashion as DigiNotar, you would not even be able to take the  
step DigiNotar took when they finally realized how bad the situation was:  
Return revoked for any serial number you did not know anything about.

In this situation the only option available to Wells Fargo (or any other  
such CA) would be to revoke the intermediate CA certificate(s) used to  
issue the certificate(s) and move all known issued certificates to a new  
CA, with all the chaos that would entail. Worst case, the entire affected  
Root CA would have to be revoked by the browsers (and the CA may literally  
have only days to avoid that fate).

IMO the Vendor should treat this change at least as an important must-fix  
security policy modification, if not an outright security  
problem/vulnerability with their responder. By not acting they are  
disqualifying their product from a large segment of their market, the  
SSL/TLS certificate CA market.

The questions that I think needs to be answered are:

  1) Does the vendor mean X months, and if so, what is X?
  2) Regardless of what the vendor meant, what is Wells Fargo's plans to  
get into compliance with the BR on this point, and how many months Y will  
it take.
  3) Is X much larger than Y?
  4) Is Min(X,Y) >6 months (from today)?

Without any definite answer to these questions, any discussion about  
extending the MUST deadline for "no good response" is almost worthless,  
since any talk about an extension would be about how to pick a date (Keep  
in mind that I really wanted a much more accelerated schedule in the 3-6  
month range; August was chosen to give more time for vendors to adapt and  
patches applied, or to change vendors, if necessary).

BTW and FYI: While still a month or two off, I am planning to add  
functionality to my next generation TLS Prober that will check  
random/modified serial numbers and record the OCSP responses.

Yngve N. Pettersen

Using Opera's mail client: http://www.opera.com/mail/

More information about the Public mailing list