I propose that the "RSA Security 1024 V3" root certificate authority be
removed from NSS.
OU = RSA Security 1024 V3
O = RSA Security Inc
Valid From: 2/22/01
Valid To: 2/22/26
I have not been able to find the current owner of this root. Both RSA
and VeriSign have stated in email that they do not own this root.
Therefore, to my knowledge this root has no current owner and no current
audit, and should be removed from NSS.
I have also filed a bug for this:
I am now opening this proposal up to public discussion. Please respond
to this discussion if you have any knowledge of this root that would
help in making this decision.
By the way, To see the complete list of all of the root certificate
authorities that are included in NSS, and who currently owns/operates
them, go to http://www.mozilla.org/projects/security/certs/ and click on
the "List of all included root certificates" link. This will display the
public and published version of a spreadsheet that I maintain. There is
a column called "Company Website" which indicates the current owner of
Separately, do we know how a root with such a name (if RSA was not the owner) was installed?
Who owns the cert named "RSA Security 2048 V3"?
It was put into nssckbi at the same time as the 1024 v3 cert.
Is that one also owned by nobody?
If so, let's nuke 'em both together.
See bugzilla bug 139874
> Separately, do we know how a root with such a name (if RSA was not
> the owner) was installed?
They do not own it now, but the company likely created it.
For instance, the Equifax root isn't controlled by Equifax anymore,
and there a couple of such examples. There was a time when roots were
That's rather worrying. Do we know for certain that one or other created
it originally? Do we know if it's in any other root stores other than
The lack of transparency in 2002 re: the source of added roots means we
have no idea whether e.g. some malicious actor slipped an extra one into
whatever list they were keeping internally to Netscape, and has been
MITMing people ever since.
Both "RSA Security 1024 V3" and "RSA Security 2048 V3" have the same
validity dates of 2001 Feb 22 to 2026 Feb 22. I believe that both of
these roots were created by RSA. I have not been able to ascertain from
RSA whether the "RSA Security 1024 V3" root has been simply retired by
RSA versus transferred to another company via M&A activity.
The "RSA Security 2048 V3" root is covered under RSA's current audit
> Do we know if it's in any other root stores other than
> our own?
Both "RSA Security 1024 V3" and "RSA Security 2048 V3" are shown as
valid in Apple's System Roots.
Microsoft's list includes "RSA Security 2048 V3", but not "RSA Security
The same validity range is not a proof of any kind. It should really
checked if this CA was created by RSA or - which i do hope not - is
a rogue one by someone who just set the same date range in his
certificate and then somehow got it included.
This could be a utter security desaster. Lets hope it isn't.
Do you believe that based solely on the validity dates?
If I had access to the machine of a Netscape NSS developer who was about
to update the root store, and I wanted to slip in a cert I had the
private key for, I'd add another entry to the store which was very
similar to an existing one but with one obvious difference, so that
people would assume they were a set.
Perhaps this is far-fetched and paranoid. But the fact that RSA know
nothing whatsoever about this root is rather concerning.
> Both "RSA Security 1024 V3" and "RSA Security 2048 V3" are shown as
> valid in Apple's System Roots.
Hmm. Do we have contacts at Apple who we can ask to see if they have
documentation on the provenance of this root?
According to bonsai, the certificate was installed in version 1.17
cvsroot) by Julien Pierre as part of bug #139874 (https://
Did anyone check with Valicert? Apparently this very issue came up in
2006 in Debian world.
You should better reread that message. Valicert has nothing to do with
this. The "RSA Security 1024 V3" CA was only shown as an example of a
CA by RSA in that message.
You are absolutely correct, I shall return to my corner now (and try
to determine why Google isn't using my real name).
IMHO, this Root Certificate should definitely be removed from NSS unless the
current owner steps forward and:
1. Asks for it to not be removed, and...
2. Provides evidence that it is covered by an appropriate audit, and...
3. Provides evidence that the private key has been kept secure since it was
initially created by RSA Security.
BTW, this "story" has already been picked up by The Reg:
> dev-security-policy mailing list
Comodo CA Limited, Registered in England No. 04058690
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender by replying
to the e-mail containing this attachment. Replies to this email may be
monitored by Comodo for operational or business reasons. Whilst every
endeavour is taken to ensure that e-mails are free from viruses, no liability
can be accepted and the recipient is requested to use their own virus checking
Kathleen, are you satisfied that the private keys for all the other Root
Certificates currently in NSS (especially those added back in the Netscape
era) were created securely and have always been held securely?
Or are there any others that need to be investigated in the same manner that
you've just been doing with "RSA Security 1024 V3"?
> BTW, this "story" has already been picked up by The Reg:
> On Tuesday 06 April 2010 20:22:04 Kathleen Wilson wrote:
We are used to quite a bit.... but one wonders what next?
In case it's not clear by now, this is not true, RSA did create the
root, and any suggestion that the private key is in the hands of unknown
people was wild speculation on my part utterly unbacked by evidence.
Email from RSA indicates that this "RSA Security 1024 V3" root is
retired and should be removed from NSS.
> Kathleen, are you satisfied that the private keys for all the other Root
> Certificates currently in NSS (especially those added back in the Netscape
> era) were created securely and have always been held securely?
> Or are there any others that need to be investigated in the same manner that
> you've just been doing with "RSA Security 1024 V3"?
This was the only root that I could not get answers from a CA from in
regards to recent audit, state of the root, and recommendation to remove
or disable the root.
Errr...RSA and Verisign both indicated that they didn't own the root
NOW...or something like this. RSA probably created it though.
RSA has also agreed that the "RSA Security 1024 V3" root certificate
should be removed from NSS.
Excellent, so all is fine then. And the root can be removed.
a bit faster response would have been better
is there anybody tracking these on the top of the vendor?
> > An official representative of RSA has sent me email to confirm that
> > RSA is still in possession of the private key for the "RSA Security
> > 1024 V3" root certificate.
> > RSA has also agreed that the "RSA Security 1024 V3" root certificate
> > should be removed from NSS.
> Excellent, so all is fine then. And the root can be removed.
> Signer: Eddy Nigg, StartCom Ltd.
> XMPP: start...@startcom.org
If not, would you like to volunteer?
> just curious...
Yeah, me too :-)
Signer: Eddy Nigg, StartCom Ltd.
If not, would you like to volunteer?
> just curious...
Yeah, me too :-)
Signer: Eddy Nigg, StartCom Ltd.
definitely, i have this nice striped notebook and my pencil(2B) and
ready to go!
Excellent! I'm certain that Kathleen will give you the necessary
instructions. Thanks for joining!
I too would volunteer, I think this is critical enough that it
deserves more than one set of eyeballs (ala code review).
Can Kathleen or Jonathan perhaps set us up with an introductory email
with the various certificate authorities so we know who to talk to,
and they know why we are trying to talk to them.
What information exactly would we be gathering? I imagine:
certificate (serial number, etc.)
owner of certificate
who is in control of the certificate (i.e operational use),
what the certificate is used for (in plain English terms)
last time an audit was done (especially if the audit is pre-handover
assuming the certificate has changed hands)
contact information/how to report a stolen/improperly issued cert/etc.
would be a useful start. Then dump this all into a spread sheet online?
I've also been trying to gather a list of methods/etc. used to
validate domains/email addresses by various CAs but it's slow going. I
know such a list would definitely help me and others decide who we can
Kathleen, you've got new volunteers :-)
> Can Kathleen or Jonathan perhaps set us up with an introductory email
> with the various certificate authorities so we know who to talk to,
> and they know why we are trying to talk to them.
I don't that's necessary at this point. You can gather information that
is publicly available (or should be available). Kathleen can then do the
> would be a useful start. Then dump this all into a spread sheet online?
IIRC that spreadsheet and quite some information exists already.
Unfortunately I don't recall the location now.
> I've also been trying to gather a list of methods/etc. used to
> validate domains/email addresses by various CAs but it's slow going.
Honestly I tried that too at some point. It's quite difficult.
> I know such a list would definitely help me and others decide who we can trust.
Yes, it probably would.
I don't think that's necessary at this point.
Last year I created a spreadsheet with the following information for
each root included in NSS, and I maintain this spreadsheet now.
CA Email Alias
CA Phone Number
EV Audit URL
Date of Latest Audit
I publish a portion of this spreadsheet as per the following:
To see the complete list of all of the root certificate authorities that
are included in NSS, and who currently owns/operates them, go to
http://www.mozilla.org/projects/security/certs/ and click on the "List
of all included root certificates" link. This will display the public
and published version of a spreadsheet that I maintain. There is a
column called "Company Website" which indicates the current owner of
Bug #534274 is the bug I used in regards to removal/disablement of the
root certs in NSS for which I did not find a recent audit statement. All
of the owning CAs had communicated with me in regards to those roots,
except for this RSA root. This particular RSA root was the only root
that I could not get information on until today, which is why I had
separated it out into its own bug.
Obviously AOL/Netscape had back then some other document than the
content of this bug to follow the certs that needed to be added.
Julien Pierre intervened in the bug
https://bugzilla.mozilla.org/show_bug.cgi?id=549701#c4 to confirm the
cert was verified at least 3 times before the checkin.
Thank you to all of you who participated in this discussion.
I am now closing this discussion, and I will update the bug to indicate
that this root should be removed from NSS. Any further follow-up should
be added directly to the bug.
Kathleen's job is to keep track of this. She found a deficiency in
her records, and acted to correct it.
That she has received official communication from VeriSign that they
wish to remove the 1024-bit root short-circuits the discovery phase,
and since the owner of the private key doesn't want it supported in
Mozilla anymore, I think we should simply remove it (per the
discussion of "what happens when a vendor wants to remove their
certificate" we had a few months ago).
It's already done in the source tree.