However, I don’t wish to delay getting more information to you, and ask for your patience if complete information comes in iterations.
Siemens has previously indicated that the affected certificates are installed on high profile websites and infrastructure for Siemen’s group companies around the world, and that a rushed revocation would create more damage than could be expected from the serial number noncompliance.
We have been working with Siemens to dramatically advance the date by which the affected certificates can be replaced and revoked. Siemens predicts that the vast majority of the certificates can be replaced by September 30, 2017 with the few difficult cases following.
Addressing your questions:
1) The failure was one of process rather than deployed code. QuoVadis made an indepth review of the Siemens CA, policies and practices when we took over the rootsigning, just before the BR changes which raised the serial entropy requirements. At that time it was compliant. QuoVadis formally updates Siemens on changes to applicable standards, and the Siemens PKI team independently monitors groups like the CABF public and m.d.s.p. lists. Siemens were aware of the pending change to 64-bit serials and were prepared to implement them.
I note that at the same time planning was underway to move from the in-house CA to an OSS CA – precisely for the reason of easing compliance with the increasing pace of change in technical aspects of the BR and other standards, such as CT, CAA and serial entropy. It appears that by oversight, the update to bring the inhouse CA to 64-bits was not deployed, and our expectation was that the check would be made in the external audit. The long transition to the OSS CA is close to completion.
2) QuoVadis has a dedicated head of compliance and risk management who, in addition to overseeing QuoVadis’ own measures, supervises its external sub-CAs including detailed discussions on evolving standards, checks on implementations, as well as ongoing monitoring of certificate issuance. There is frequent communication with Siemens and our other root-signed customers.
Siemens has a significant and mature internal audit and external audit regime. QuoVadis placed too much reliance on the external ETSI TS 102042 V2.4.1 NCP+ DVCP/OVCP audit report for what should have been textbook issues like the serial number entropy. Going forward, QuoVadis will increase the formality of notifications regarding BR approved ballots, requiring documented evidence of compliance by the effective date, and notification to auditors for scope.
Like many CAs, QuoVadis uses crt.sh/certlint to check certificate issuance including for external sub-CAs. This perhaps led to a false sense of security, as certlint does not highlight issues with serial number entropy. Moreover, the fleeting window of visibility in some crt.sh reports may not reveal older issues or certificates that have not appeared in CT. QuoVadis is introducing routine use of certlint in its own certificate management system, and will build an expanded view for our external subCAs (the new Siemens CA will log all SSL in CT, and we intend our other external sub-CAs to do so before the Google deadline).
3) I do not have sufficient information yet to answer your questions regarding the auditor’s practices, and cannot comment on Digicert’s (nor Verizon’s) previous practices.
4) The list of affected certificates is attached in spreadsheet form; they will be uploaded to CT as well. You will note that the number has declined – Siemens' previous report did not take into account that some of the certificates had already previously been revoked for other reasons. The spreadsheet also includes certificates issued during the Digicert/Verizon root signing period.
Regards, Stephen
https://bugzilla.mozilla.org/attachment.cgi?id=8898848
Regards, Stephen
________________________________________
From: dev-security-policy [dev-security-policy-bounces+s.davidson=quovadisg...@lists.mozilla.org] on behalf of Eric Mill via dev-security-policy [dev-secur...@lists.mozilla.org]
Sent: Saturday, August 19, 2017 12:06 PM
To: Stephen Davidson
Cc: ry...@sleevi.com; mozilla-dev-s...@lists.mozilla.org
Subject: Re: Certificates with less than 64 bits of entropy