In a related vein, I was playing around some time ago with generating RSA
keys that would contain "interesting" payloads in the modulus. An
example with Windows bind shellcode in the modulus, which when included in a
DER-encoded CSR, gets flagged by ClamAV:
https://gist.github.com/CBonnell/699b2c01121e07440e1cf42d0210eba1.
From a policy standpoint, the BRs already establish an obligation for CAs to
reject certificate requests that contain keys that are known to be weak,
compromised, or if there is "clear evidence" that the method of generation
was "flawed" (section 6.1.1.3). My interpretation of "flawed" in that
section is that there is some characteristic or other information conveyed
within the key (or certificate request as a whole) that would provide clear
evidence that the key is unsuitable for use. I don't think that there was
clear evidence in the case of the certificate that was previously linked to
indicate that the method of generation was flawed.
It would be useful to understand if the key in question was generated using
tooling that may be used for other keys so that similar weak keys can be
blocked (assuming that there is some shared trait in the public key that can
be flagged).
Thanks,
Corey
--
You received this message because you are subscribed to the Google Groups
"
dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to
dev-security-po...@mozilla.org.