[cabfpub] [EXTERNAL]Re: Issuance of certificates for keys reported as compromised

Jeremy Rowley jeremy.rowley at digicert.com
Tue Aug 21 22:22:28 UTC 2018 

We’re talking the former (re-signing a key used in a previous cert that was revoked by the CA itself for key compromise).  There isn’t an obligation for a CA to check to see if a key is compromised. The current process just kicks off a perpetual 24 hour revocation period as long as the public can find the compromised key. 

 

“Thus, I would expect that CAs are checking for reuse of compromised private keys prior to issuance.”

This is definitely not happening. 

“My assumption is a certificate which has been revoked due to compromise has a “weak Private Key.” As such, based on the current BRs, a CA should reject certificate requests using a key from a certificate that they revoked due to compromise.”This also doesn’t happen across CAs. Too ambiguous on what is a “weak Private Key”, although this is mixed results (all CAs seem to prevent 1024 bit certs but not all fail for Heartbleed issues) 

 

From: Wayne Thayer <wthayer at mozilla.com> 
Sent: Tuesday, August 21, 2018 3:56 PM
To: Bruce Morton <Bruce.Morton at entrustdatacard.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Tim Hollebeek <tim.hollebeek at digicert.com>; Jeremy Rowley <jeremy.rowley at digicert.com>; Ryan Sleevi <sleevi at google.com>
Subject: Re: [cabfpub] [EXTERNAL]Re: Issuance of certificates for keys reported as compromised

 

On Tue, Aug 21, 2018 at 2:15 PM Bruce Morton via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:

BR 6.1.1.3 states “The CA SHALL reject a certificate request if the requested Public Key does not meet the requirements set forth in Sections 6.1.5 and 6.1.6 or if it has a known weak Private Key (such as a Debian weak key, see http://wiki.debian.org/SSLkeys).” 

 

My assumption is a certificate which has been revoked due to compromise has a “weak Private Key.” As such, based on the current BRs, a CA should reject certificate requests using a key from a certificate that they revoked due to compromise.

 

If we're talking about the same CA re-signing a key previously used in a certificate that the CA revoked due to key compromise, then [if nothing else] the CA must revoke the new certificate within 24 hours per 4.9.1.1(3). Thus, I would expect that CAs are checking for reuse of compromised private keys prior to issuance.

 

If we're talking about other CAs rejecting the compromised key, then I have to question whether there is enough benefit to offset the substantial effort involved in designing and running a system that isn't susceptible to the concerns Ryan raised. It'd be interesting to see a proposal.

 

Bruce.

 

From: Public [mailto:public-bounces at cabforum.org <mailto:public-bounces at cabforum.org> ] On Behalf Of Tim Hollebeek via Public
Sent: August 21, 2018 4:55 PM
To: Jeremy Rowley <jeremy.rowley at digicert.com <mailto:jeremy.rowley at digicert.com> >; Ryan Sleevi <sleevi at google.com <mailto:sleevi at google.com> >; CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: [EXTERNAL]Re: [cabfpub] Issuance of certificates for keys reported as compromised

 

Yes, certainly, at a minimum, CAs should not be issuing new certificates for keys they themselves have previously determined to be compromised.

 

As you correctly note, this is currently a fairly common occurrence.

 

-Tim

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180821/dc3fac5a/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4984 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180821/dc3fac5a/attachment-0003.p7s>

More information about the Public mailing list