KIR S.A.: 8 bugs at once!
156 views
Skip to first unread message
Watson Ladd
Jun 10, 2021, 11:50:28 AM6/10/21
to dev-secur...@mozilla.org
Dear dev-security-policy,
KIR S.A. seems to have 8 missuance issues all active at once, each one with very similar deficiencies in the reports. While the underlying issues vary, two of them involve delayed revocation, five of them incorrect data entry by operators that is uncaught by automated checks, and two involve OCSP.
I think it's worth taking a harder look. In my cursory examination I've also noticed some suspicious certificates like https://crt.sh/?id=4547403311 where the Organization listed is the CA, despite the domain not clearly belonging to the CA. https://crt.sh/?id=4186923909 also falls into this category, and the domain doesn't seem to be used, a mere month after the certificate was obtained. Obviously it's possible that these are legitimate issuance, but it's definitely unusual.
Sincerely,
Watson Ladd
KIR S.A. seems to have 8 missuance issues all active at once, each one with very similar deficiencies in the reports. While the underlying issues vary, two of them involve delayed revocation, five of them incorrect data entry by operators that is uncaught by automated checks, and two involve OCSP.
I think it's worth taking a harder look. In my cursory examination I've also noticed some suspicious certificates like https://crt.sh/?id=4547403311 where the Organization listed is the CA, despite the domain not clearly belonging to the CA. https://crt.sh/?id=4186923909 also falls into this category, and the domain doesn't seem to be used, a mere month after the certificate was obtained. Obviously it's possible that these are legitimate issuance, but it's definitely unusual.
Sincerely,
Watson Ladd
Matthias Merkel
Jun 10, 2021, 12:32:58 PM6/10/21
to dev-secur...@mozilla.org, watso...@gmail.com
According to https://www.dns.pl/en/whois, these domains do belong to KIR. Of course, the amount of open issues, especially with this variety, is still concerning and should be looked into.
Matthias Merkel
Reply all
Reply to author
Forward
0 new messages