On Friday, 3 June 2016 07:53:06 UTC+1,
Bernd.N...@t-systems.com wrote:
> We revoked the affected certificate immediately.
>
> One of our customers issued a S/MIME certificate (SHA-1) to misuse as gateway certificate. That's the reason, why this certificate was identified as incorrect TLS Server certificate (ERROR: SHA-1 not allowed for signing certificates). We specified in our CP/CPS that this practice is not allowed.
>
> We will improve the verification mechanisms to prevent this kind of abuse in the future.
Bernd what do you mean here by "misuse as gateway certificate" ? The meaning of this is opaque to me, perhaps from my lack of experience with S/MIME systems. Does this mean only that the customer obtained this certificate from a system intended to issue S/MIME certs, but with the apparent intent to use it on a web server or similar ? Or something more ?
I am also a little worried by the vague phrase "in the future". When a problem like this is identified, where subscribers are able to obtain certificates which T-Systems should never have signed, you can't continue issuing and hope to fix it later.
That might be a language problem, but so far as I can see the only acceptable options here are for T-systems to
1. Ensure this system cannot issue working TLS server certificates NOW
OR
2. Cease issuance from the affected system until the problem is fixed.
In the Symantec thread they discussed technical controls they'd put in place to control this sort of risk, so you might want to discuss how they did it, or talk to other CAs in the S/MIME issuance business for their ideas.
A Mozilla employee might be able to expand on my thought here or correct me if I'm wrong.
Further, once the problem is fixed, it would make sense for T-Systems to perform an internal review of your issuance logs or other records to identify any other instances where this happened, revoke any affected certificates, and reach out to customers who obtained them explaining that this is _prohibited_ but emphasising that the fault in allowing issuance was yours, not theirs.
>From the Mozilla side, this is yet further evidence of the need to stop treating CN as a hostname in certificates, at least new certificates. We're fast approaching the point where more of the certificates with a hostname in the CN but no SAN are going to be mis-issued garbage like this example than are just the result of incompetent issuers not adding a SAN and there's no reason to reward either scenario with a a green lock logo.