Policy unclear for CA "TWCA Secure SSL Certification Authority"

[Oscar Koeroo]

Hello,

I've been doing some scanning on a few million pages and consistently see the policy OIDs for DV, IV, OV, QWAC in the scopes of ETSI, CA/B or others.

The certificate found on the site "https://ettoday.net" I can't determine the assurance policy.

Example certificate:

Subject: CN=*.ettoday.net,OU=RD,O=ET New Media Holding Co.\, Ltd.,L=Taipei,ST=Taiwan,C=TW

Issuer: CN=TWCA Secure SSL Certification Authority,OU=Secure SSL Sub-CA,O=TAIWAN-CA,C=TW

Serial number: 95559031384477517871019103745820225456

The only policy OID set is: 1.3.6.1.4.1.40869.1.1.25  ['www.twca.com.tw']

How should I qualify this certificate? Or is this a misissuance? A clarification would be great on how to determine this.

The OID is also not part of this quite complete list of policy OIDs https://github.com/zmap/constants

Your guidance would be appreciated.

Kind regards,

Oscar Koeroo

[Ben Wilson]

One of their CPSes says that Policy OID is for a "Device Certificate" (Assurance Level 2), which is separate than a TLS server certificate with an OID of 1.3.6.1.4.1.40869.1.1.21 (Assurance Level 3), both are very similar, but I don't know what the distinction is between the two types.

--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f79c9a95-b07a-4f04-8a23-e228cd8f43ean%40mozilla.org.

[Ryan Sleevi]

Oscar:

The likely reason for your scans is the result of CA/Browser Forum Ballot SC31, https://cabforum.org/2020/07/16/ballot-sc31-browser-alignment/ , which was adopted as part of BRs v1.7.1. Effective 2020-09-30, all Subscriber certificates MUST include a CA/Browser Forum Reserved Policy OID (see Section 1.2.2 for the effective dates, referencing Section 7.1.6.4). Given that the majority of certificates have been issued since then, this would likely explain your scan.

Prior to this, in BRs 1.7.0, Section 7.1.6.4 permitted CAs to use EITHER a CA/Browser Forum reserved OID OR a CA-specified OID in their CP/CPS. Understandably, this makes it difficult-to-impossible for relying parties to have interoperable confidence, hence the changes in 1.7.1 that aligned with existing browser requirements.

In particular, prior to BRs 1.7.1, Microsoft had this as a requirement in their root program, at https://aka.ms/rootcert.

Thus, to answer your question regarding https://crt.sh/?id=2884243786

1. If before 2020-09-30, and it contains id-kp-serverAuth and lacks a CA/BF OID

  a. It was in violation of Microsoft's root program requirements.

  b. If you cannot discover in the CP/CPS in effect at the time of issuance that the CA affirmatively states this OID complies to the BRs or EVGs, then it was in violation of the Baseline Requirements

2. If on-or-after 2020-09-30, and it contains id-kp-serverAuth and lacks a CA/BF OID, it is in violation of the Baseline Requirements

Hope that helps clarify.

The CP/CPS disclosed in CCADB is https://www.twca.com.tw/picture/file/05271722-TWCAGLOBALCPSV13EN.pdf , which would appear out of compliance with Mozilla's Root Store Policy (Specifically, Policy 3.3(4) ). It's unclear if Mozilla relies on CCADB disclosures to achieve that requirement, although https://www.twca.com.tw/repository links to 11061501-TWCAGLOBALCPSV13EN.pdf as their most recent CPS (which would also be out of compliance, as best I can tell). I double checked the CCADB disclosures for the Root, https://crt.sh/?id=8559119 , and while they _also_ list different versions and URLs compared to https://www.twca.com.tw/repository, they also appear to be out of compliance.

Ignoring this failure to update issue for a second, as Ben has highlighted, 1.3.6.1.4.1.40869.1.1.25 is disclosed as a "Device Certificate". It's unclear if TWCA is asserting this policy OID complies with the Baseline Requirements, given they also list AATL-related certificates ( 1.3.6.1.4.1.40869.1.1.26 ), and presumably the latter do not comply to the Baseline Requirements.

Thus, it's entirely possible that this certificate is misissued. Hopefully the above steps allow you to reproduce the investigation and reach your own determination, based on the available facts.

To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZ_izKoqWjxEQ6k22eDw5e14PL-0Zmoz5oJn%2BgwsFBFTg%40mail.gmail.com.

[Oscar Koeroo]

Ryan and Ben,

Thank you for your thorough analyses in your replies. How do I best proceed into filing a complaint on the found and confirmed non-compliance to the baseline requirements?

[Ben Wilson]

Hi Oscar,

It would be very helpful if you filed a Bugzilla bug here - https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA+Certificate+Compliance. 

In the Summary field, start the subject with "TWCA: [a brief title for the violation]"

Then, in the Description/Comment field, explain your findings.

Alternatively, you can post your findings here, and I will open the Bug in Bugzilla for you.  

Thanks,

Ben Wilson

[Oscar Koeroo]

Hello Ben,

I've filled the bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1738778

While filling in the forum I noticed the first numbers in the serial being very much overlapping. As far as I understand the policy on serial numbers, these must be have sufficient entropy. This does not show this feature:

95559031384477521445258106110945506283
95559031384477517871019103745820225456

--- kkday.com ---
Subject: CN=*.kkday.com,OU=IT Dept.,O=KKDAY.COM INTERNATIONAL COMPANY LIMITED (TAIWAN),L=Taipei,ST=Taiwan,C=TW

Issuer: CN=TWCA Secure SSL Certification Authority,OU=Secure SSL Sub-CA,O=TAIWAN-CA,C=TW

Serial number: 95559031384477521445258106110945506283
OID 1.3.6.1.4.1.40869.1.1.25 not found in db
No OID found for DV, OV, EV, IV, QWAC

--- ettoday.net ---

Subject: CN=*.ettoday.net,OU=RD,O=ET New Media Holding Co.\, Ltd.,L=Taipei,ST=Taiwan,C=TW
Issuer: CN=TWCA Secure SSL Certification Authority,OU=Secure SSL Sub-CA,O=TAIWAN-CA,C=TW
Serial number: 95559031384477517871019103745820225456

OID 1.3.6.1.4.1.40869.1.1.25 not found in db
No OID found for DV, OV, EV, IV, QWAC

Would this qualify as another issue to report?

kind regards,

Oscar Koeroo

[Buschart, Rufus]

Hi Oscar!

 

I checked ~10 certificates issued by TWCA at crt.sh and the serial numbers all do have the same onset (“47:e5:00:00:00:04”) but these are followed by 64 random bits. Therefore, I would say, this is not a mis-issuance.

 

/Rufus

To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/9dca72c0-2a1e-511f-9ee7-1d36f7d87998%40gmail.com.

[Hao-Chun Li]

Hi Oscar,

We use 16-byte serial numbers where the last 8 bytes of each serial number are randomly generated by HSM, complying with the 64-bit entropy requirement.

Regarding the policy OID, we have answered on bugzilla.

Thank you,

Hao-Chun Li

oko...@gmail.com 在 2021年11月2日 星期二上午5:28:24 [UTC+8] 的信中寫道：

[Hao-Chun Li]

Hi Ryan,

 

Sorry for not addressing all of the concerns you raised in the first response.

 

Regarding the policy OID issue, your analysis is correct. We completed the transition to including BR OID in all TLS server certificates on 2020-07-16, so before that date not all certificates include BR OID. The certificates without BR OID were indeed in violation of Microsoft’s root program requirements. All certificates issued after the transition date (and the effective date of OID requirement from BR 1.7.1) include BR OID and are not in violation of the Baseline Requirements.

 

Regarding the CP/CPS, the most recent CP/CPS  are the “Draft” ones (v1.6 for Global CA CPS)  on https://www.twca.com.tw/repository?lang=en which have effective date of 2021-05-04. The draft status is due to the lengthy approval process (which is actually still in progress for this version) required by Taiwan Electronic Signature Act. The CP/CPS listed in the Root CA records on CCADB were submitted with the annual audit reports and were up-to-date for the audit period. For the different versions listed in the intermediate CA records, we thought they should have been updated by the audit report case but just realized that ”CP/CPS Same as Parent” is not checked. I have updated the intermediate CA records and will file an update request to CCADB for the Root CA records. We have also been working on releasing new CP/CPS more frequently.

 

Our current CP/CPS covers both TLS server certificates and certificates for other applications like AATL certificate you mentioned. In these certificate types only “TLS / SSL Certificate” and “Device Certificate” have the id-kp-serverAuth and are subjected to compliance with the Baseline Requirements. Although it is indeed confusing from the naming, but the requirements for “TLS / SSL Certificate” and “Device Certificate”, for example, the description of the identity authentication process (3.2.2), are the same in the CP/CPS. The name “Device Certificate” was originally intended for devices with embedded web server (e.g. NAS) and are distinguished at the business level, thus the different assurance levels in the CP/CPS. But then because they are both TLS server certificates by definition of the Baseline Requirements and root program requirements, we do not really distinguished between these two types of certificate. To avoid confusion, we are planning to combine them into only “TLS / SSL Certificate” in future version of CP/CPS.

 

Hope above clarifies your concerns.

 

Do you think we should also post these to Bugzilla, and for which part we should file an incident report?

Pease tell us if you have any further questions.

 

Thanks,

Hao-Chun Li

Ryan Sleevi 在 2021年11月2日 星期二上午1:21:20 [UTC+8] 的信中寫道：

[Ryan Sleevi]

On Wed, Nov 3, 2021 at 4:22 AM Hao-Chun Li <hc...@twca.com.tw> wrote:

Regarding the CP/CPS, the most recent CP/CPS  are the “Draft” ones (v1.6 for Global CA CPS)  on https://www.twca.com.tw/repository?lang=en which have effective date of 2021-05-04. The draft status is due to the lengthy approval process (which is actually still in progress for this version) required by Taiwan Electronic Signature Act.

I think it's worth asking Root Programs whether CP/CPSes flagged as "Draft" comply with BRs v1.8.0, Section 2.3, or whether TWCA should have notified an inability to comply with the BRs under Section 9.16.3, so that they would be aware of it. Perhaps TWCA already has done this notification, and could link to it?

The issue here is that relying parties rely on CP/CPS to understand what the CA practices, and I'd question whether something flagged "draft" reasonably conveys that. It equally opens up questions for the relevant audits and supervision, and whether or not the auditor's interpretation of "draft" is "not in force", which would materially affect the conclusions of the audits. 

The CP/CPS listed in the Root CA records on CCADB were submitted with the annual audit reports and were up-to-date for the audit period. For the different versions listed in the intermediate CA records, we thought they should have been updated by the audit report case but just realized that ”CP/CPS Same as Parent” is not checked. I have updated the intermediate CA records and will file an update request to CCADB for the Root CA records. We have also been working on releasing new CP/CPS more frequently.

This does seem, on its face, a failure to abide by the CCADB Policy. I'm glad that it was as simple a matter of "CP/CPS Same as Parent" not being checked, but it may be appropriate to consider filing an incident on the failure to detect this previously. In particular, it's useful to understand what processes and controls TWCA had in place to ensure all of its disclosed CAs' CP/CPS were correct, why those processes and controls failed to notice this, and how those processes have been improved to better detect issues in this category going forward. That is, the goal isn't to understand that you've simply checked "CP/CPS Same as Parent", or that you've added an extra set of eyes to cross-check during disclosure that it's checked, but rather, to understand the processes to make sure disclosed information (e.g. via CCADB, via the website, etc) is correct.

But that's ultimately a question for Ben and Kathleen, as well as other root programs, which rely on the CCADB to understand the state of all CAs in their program.

Our current CP/CPS covers both TLS server certificates and certificates for other applications like AATL certificate you mentioned. In these certificate types only “TLS / SSL Certificate” and “Device Certificate” have the id-kp-serverAuth and are subjected to compliance with the Baseline Requirements. Although it is indeed confusing from the naming, but the requirements for “TLS / SSL Certificate” and “Device Certificate”, for example, the description of the identity authentication process (3.2.2), are the same in the CP/CPS. The name “Device Certificate” was originally intended for devices with embedded web server (e.g. NAS) and are distinguished at the business level, thus the different assurance levels in the CP/CPS. But then because they are both TLS server certificates by definition of the Baseline Requirements and root program requirements, we do not really distinguished between these two types of certificate. To avoid confusion, we are planning to combine them into only “TLS / SSL Certificate” in future version of CP/CPS.

It's good to hear there are updates. However, I think the question is this:

The BRs (1.7.0) required that:

The extension MUST contain one or more policy identifiers that indicate adherence to and compliance with
these Requirements. CAs MUST either use a CA/Browser Forum identifier reserved for this purpose or MUST
use a policy identifier documented by the CA in its Certificate Policy and/or Certification Practice Statement
to indicate the Certificate's compliance with these Requirements.

The issuing CA SHALL document in its Certificate Policy or Certification Practice Statement that the
Certificates it issues containing the specified policy identifier(s) are managed in accordance with these
Requirements.

That is, there's a specific requirement to document that the specified policy identifier is managed according to the Baseline Requirements. In Version 1.5, Dated 2020/01/30, of the Global CA, I couldn't find such documentation in Section 1.2, except for the OID 2.23.140.1.2.2. It's certainly true that Section 2.2 and 9.15 make reference to general compliance, but it doesn't seem fair to generalize. That's because TWCA asserts several types of certificates; for example, in Section 1.4.1 1(4), it lists testing certificates, which clearly don't comply with the Baseline Requirements because TWCA notes that "neither this CA nor the RA will implement subscriber identity authentication in any form."

Similarly, in Section 3.1.1, (1) TLS / SSL certificate is a distinct listing than (4) Device Certificate, same as in Section 4.3.1 (1 and 3). Similarly, Section 4.3.1 does not require the information of the "SSL Digital Certificate Application Form" for Device Certificates.

My point is that it does not seem anything in the CP/CPS meets the requirement of the BRs, namely, that certificates containing the specified policy identifier(s) are managed in accordance with the Baseline Requirements. It seems that in order for that conclusion to be reached, either all the disclosed policies in the CP/CPS should be assumed to be compliant with the BRs (at which point, all the AATL and S/MIME certificates are misissued, because they're not TLS server certificates, and a BR compliant OID for subscriber certificates means it's a TLS certificate) _or_ that only those explicitly disclosed as compliant (the BR policy OID) complied with BRs 1.7.0.

I realize that the most likely issue here is that this is a documentation/translation issue, and thus may seem minor. However, the risk, for Relying Parties, is that it's impossible to tell whether TWCA "intended" to indicate compliance or whether it actually intended to indicate non-compliance. If, for example, it misissued a "Device Certificate", could TWCA argue that it disclosed, in its CP/CPS, that such Device Certificates weren't compliant with the BRs, therefore any issues caused are the Relying Party's fault? That's why the precision matters: to make it clear that there's no "loophole" being intended, and this is why the BRs require the explicit disclosure/commitment, so that it's clear that the CA is guaranteeing such certificates will comply. This may seem a hypothetical risk, but there have been several incidents in the past where CAs have argued such (either by omitting elements from the scope of their audit, or attempting to carve out via their CP/CPS), hence the concern.

[Hao-Chun Li]

Ryan Sleevi 在 2021年11月3日 星期三下午11:08:12 [UTC+8] 的信中寫道：

On Wed, Nov 3, 2021 at 4:22 AM Hao-Chun Li <hc...@twca.com.tw> wrote:

Regarding the CP/CPS, the most recent CP/CPS  are the “Draft” ones (v1.6 for Global CA CPS)  on https://www.twca.com.tw/repository?lang=en which have effective date of 2021-05-04. The draft status is due to the lengthy approval process (which is actually still in progress for this version) required by Taiwan Electronic Signature Act.

I think it's worth asking Root Programs whether CP/CPSes flagged as "Draft" comply with BRs v1.8.0, Section 2.3, or whether TWCA should have notified an inability to comply with the BRs under Section 9.16.3, so that they would be aware of it. Perhaps TWCA already has done this notification, and could link to it?

The issue here is that relying parties rely on CP/CPS to understand what the CA practices, and I'd question whether something flagged "draft" reasonably conveys that. It equally opens up questions for the relevant audits and supervision, and whether or not the auditor's interpretation of "draft" is "not in force", which would materially affect the conclusions of the audits. 

The "Draft" versions are really official publications approved by our PMA that has undergone the required procedures. They are effective for CA operations and WebTrust audits from the date of publication so, for example, the audit reports for 2019 period (https://www.cpacanada.ca/generichandlers/cpachandler.ashx?AttachmentID=238800) did list the "Draft" versions in the audit scope. We used the word "Draft" only to distinguish between versions that have a competent authority approval number and the versions that do not. We have communicated this issue with Mozilla previously when updating annual audit reports, and agreed that the "Draft" CP/CPS are acceptable providing that they are officially published by the CA and consistent with the audit reports, and thus the procedure in BR 9.16.3 was not involved.

 

We understand the word "Draft" is confusing and are planning to adopt a versioning scheme that the approval status will be denoted by version numbers, deprecating the use of the word "Draft". 

 

The CP/CPS listed in the Root CA records on CCADB were submitted with the annual audit reports and were up-to-date for the audit period. For the different versions listed in the intermediate CA records, we thought they should have been updated by the audit report case but just realized that ”CP/CPS Same as Parent” is not checked. I have updated the intermediate CA records and will file an update request to CCADB for the Root CA records. We have also been working on releasing new CP/CPS more frequently.

This does seem, on its face, a failure to abide by the CCADB Policy. I'm glad that it was as simple a matter of "CP/CPS Same as Parent" not being checked, but it may be appropriate to consider filing an incident on the failure to detect this previously. In particular, it's useful to understand what processes and controls TWCA had in place to ensure all of its disclosed CAs' CP/CPS were correct, why those processes and controls failed to notice this, and how those processes have been improved to better detect issues in this category going forward. That is, the goal isn't to understand that you've simply checked "CP/CPS Same as Parent", or that you've added an extra set of eyes to cross-check during disclosure that it's checked, but rather, to understand the processes to make sure disclosed information (e.g. via CCADB, via the website, etc) is correct.

But that's ultimately a question for Ben and Kathleen, as well as other root programs, which rely on the CCADB to understand the state of all CAs in their program.

We have considered the repository on our website as the authoritative repository for publication of information required by Section 2.2 of the BR. But as you mentioned, it is also required by Mozilla Root Store Policy to keep information on CCADB up-to-date. We have followed CCADB updates posted on this group and updated the information on CCADB, but we did not include updating CCADB in the procedure of publication of new CP/CPS versions.

We will file the incident report of failure to keep the information on CCADB up-to-date, and will include updating CCADB as part of our publication procedure of the CP/CPS.

Our current CP/CPS covers both TLS server certificates and certificates for other applications like AATL certificate you mentioned. In these certificate types only “TLS / SSL Certificate” and “Device Certificate” have the id-kp-serverAuth and are subjected to compliance with the Baseline Requirements. Although it is indeed confusing from the naming, but the requirements for “TLS / SSL Certificate” and “Device Certificate”, for example, the description of the identity authentication process (3.2.2), are the same in the CP/CPS. The name “Device Certificate” was originally intended for devices with embedded web server (e.g. NAS) and are distinguished at the business level, thus the different assurance levels in the CP/CPS. But then because they are both TLS server certificates by definition of the Baseline Requirements and root program requirements, we do not really distinguished between these two types of certificate. To avoid confusion, we are planning to combine them into only “TLS / SSL Certificate” in future version of CP/CPS.

It's good to hear there are updates. However, I think the question is this:

The BRs (1.7.0) required that:

The extension MUST contain one or more policy identifiers that indicate adherence to and compliance with
these Requirements. CAs MUST either use a CA/Browser Forum identifier reserved for this purpose or MUST
use a policy identifier documented by the CA in its Certificate Policy and/or Certification Practice Statement
to indicate the Certificate's compliance with these Requirements.

The issuing CA SHALL document in its Certificate Policy or Certification Practice Statement that the
Certificates it issues containing the specified policy identifier(s) are managed in accordance with these
Requirements.

That is, there's a specific requirement to document that the specified policy identifier is managed according to the Baseline Requirements. In Version 1.5, Dated 2020/01/30, of the Global CA, I couldn't find such documentation in Section 1.2, except for the OID 2.23.140.1.2.2. It's certainly true that Section 2.2 and 9.15 make reference to general compliance, but it doesn't seem fair to generalize. That's because TWCA asserts several types of certificates; for example, in Section 1.4.1 1(4), it lists testing certificates, which clearly don't comply with the Baseline Requirements because TWCA notes that "neither this CA nor the RA will implement subscriber identity authentication in any form."

Similarly, in Section 3.1.1, (1) TLS / SSL certificate is a distinct listing than (4) Device Certificate, same as in Section 4.3.1 (1 and 3). Similarly, Section 4.3.1 does not require the information of the "SSL Digital Certificate Application Form" for Device Certificates.

My point is that it does not seem anything in the CP/CPS meets the requirement of the BRs, namely, that certificates containing the specified policy identifier(s) are managed in accordance with the Baseline Requirements. It seems that in order for that conclusion to be reached, either all the disclosed policies in the CP/CPS should be assumed to be compliant with the BRs (at which point, all the AATL and S/MIME certificates are misissued, because they're not TLS server certificates, and a BR compliant OID for subscriber certificates means it's a TLS certificate) _or_ that only those explicitly disclosed as compliant (the BR policy OID) complied with BRs 1.7.0.

I realize that the most likely issue here is that this is a documentation/translation issue, and thus may seem minor. However, the risk, for Relying Parties, is that it's impossible to tell whether TWCA "intended" to indicate compliance or whether it actually intended to indicate non-compliance. If, for example, it misissued a "Device Certificate", could TWCA argue that it disclosed, in its CP/CPS, that such Device Certificates weren't compliant with the BRs, therefore any issues caused are the Relying Party's fault? That's why the precision matters: to make it clear that there's no "loophole" being intended, and this is why the BRs require the explicit disclosure/commitment, so that it's clear that the CA is guaranteeing such certificates will comply. This may seem a hypothetical risk, but there have been several incidents in the past where CAs have argued such (either by omitting elements from the scope of their audit, or attempting to carve out via their CP/CPS), hence the concern.

It is true that after incorporating multiple certificate types into the CP/CPS, it is currently unclear which types of certificate are intended to be in compliance with the BR and which are not, and thus not meeting the requirement to document which policy identifier is managed according to the BR.

We will file the incident report regarding this issue and resolve this issue in the next version of the CP/CPS. We have also been working on migration to a pure TLS hierarchy in the next generation of the root CA and exclusive CPS for TLS server certificates, which we hope can prevent issues like this in the first place.

TWCA has committed to comply with all the requirements. We appreciate all issues and concerns raised in this discussion and carefully review all of them, and will improve our documentation and practice in the future.