Recommend Removing RSA Security 1024 V3 root certificate authority
Kathleen Wilson
I propose that the "RSA Security 1024 V3" root certificate authority be
removed from NSS.
OU = RSA Security 1024 V3
O = RSA Security Inc
Valid From: 2/22/01
Valid To: 2/22/26
SHA1 Fingerprint:
3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76
I have not been able to find the current owner of this root. Both RSA
and VeriSign have stated in email that they do not own this root.
Therefore, to my knowledge this root has no current owner and no current
audit, and should be removed from NSS.
I have also filed a bug for this:
https://bugzilla.mozilla.org/show_bug.cgi?id=549701
I am now opening this proposal up to public discussion. Please respond
to this discussion if you have any knowledge of this root that would
help in making this decision.
By the way, To see the complete list of all of the root certificate
authorities that are included in NSS, and who currently owns/operates
them, go to http://www.mozilla.org/projects/security/certs/ and click on
the "List of all included root certificates" link. This will display the
public and published version of a spreadsheet that I maintain. There is
a column called "Company Website" which indicates the current owner of
each root.
Kathleen
Gen Kanai
On 4/3/10 2:19 AM, Kathleen Wilson wrote:
> I have not been able to find the current owner of this root. Both RSA
> and VeriSign have stated in email that they do not own this root.
>
> Therefore, to my knowledge this root has no current owner and no current
> audit, and should be removed from NSS.
>
Separately, do we know how a root with such a name (if RSA was not the owner) was installed?
--
Gen Kanai
Nelson Bolyard
> All,
>
> I propose that the "RSA Security 1024 V3" root certificate authority be
> removed from NSS.
>
> OU = RSA Security 1024 V3
> O = RSA Security Inc
> Valid From: 2/22/01
> Valid To: 2/22/26
> SHA1 Fingerprint:
> 3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76
>
> I have not been able to find the current owner of this root. Both RSA
> and VeriSign have stated in email that they do not own this root.
>
> Therefore, to my knowledge this root has no current owner and no current
> audit, and should be removed from NSS.
Who owns the cert named "RSA Security 2048 V3"?
It was put into nssckbi at the same time as the 1024 v3 cert.
Is that one also owned by nobody?
If so, let's nuke 'em both together.
Nelson Bolyard
See bugzilla bug 139874
Florian Weimer
> Separately, do we know how a root with such a name (if RSA was not
> the owner) was installed?
They do not own it now, but the company likely created it.
For instance, the Equifax root isn't controlled by Equifax anymore,
and there a couple of such examples. There was a time when roots were
traded heavily.
Gervase Markham
> I have not been able to find the current owner of this root. Both RSA
> and VeriSign have stated in email that they do not own this root.
That's rather worrying. Do we know for certain that one or other created
it originally? Do we know if it's in any other root stores other than
our own?
The lack of transparency in 2002 re: the source of added roots means we
have no idea whether e.g. some malicious actor slipped an extra one into
whatever list they were keeping internally to Netscape, and has been
MITMing people ever since.
Gerv
Kathleen Wilson
> On 02/04/10 18:19, Kathleen Wilson wrote:
>> I have not been able to find the current owner of this root. Both RSA
>> and VeriSign have stated in email that they do not own this root.
>
> That's rather worrying. Do we know for certain that one or other created
> it originally?
Both "RSA Security 1024 V3" and "RSA Security 2048 V3" have the same
validity dates of 2001 Feb 22 to 2026 Feb 22. I believe that both of
these roots were created by RSA. I have not been able to ascertain from
RSA whether the "RSA Security 1024 V3" root has been simply retired by
RSA versus transferred to another company via M&A activity.
The "RSA Security 2048 V3" root is covered under RSA's current audit
statement: https://cert.webtrust.org/SealFile?seal=981&file=pdf
> Do we know if it's in any other root stores other than
> our own?
Both "RSA Security 1024 V3" and "RSA Security 2048 V3" are shown as
valid in Apple's System Roots.
Microsoft's list includes "RSA Security 2048 V3", but not "RSA Security
1024 V3".
Kathleen
wwa...@gmx.de
> Both "RSA Security 1024 V3" and "RSA Security 2048 V3" have the same
> validity dates of 2001 Feb 22 to 2026 Feb 22. I believe that both of
> these roots were created by RSA.
The same validity range is not a proof of any kind. It should really
be
checked if this CA was created by RSA or - which i do hope not - is
a rogue one by someone who just set the same date range in his
certificate and then somehow got it included.
This could be a utter security desaster. Lets hope it isn't.
Gervase Markham
> Both "RSA Security 1024 V3" and "RSA Security 2048 V3" have the same
> validity dates of 2001 Feb 22 to 2026 Feb 22. I believe that both of
> these roots were created by RSA.
Do you believe that based solely on the validity dates?
If I had access to the machine of a Netscape NSS developer who was about
to update the root store, and I wanted to slip in a cert I had the
private key for, I'd add another entry to the store which was very
similar to an existing one but with one obvious difference, so that
people would assume they were a set.
Perhaps this is far-fetched and paranoid. But the fact that RSA know
nothing whatsoever about this root is rather concerning.
> Both "RSA Security 1024 V3" and "RSA Security 2048 V3" are shown as
> valid in Apple's System Roots.
Hmm. Do we have contacts at Apple who we can ask to see if they have
documentation on the provenance of this root?
Gerv
Ronny
their Checkout API authentication too.
see http://checkout.google.com/support/sell/bin/answer.py?hl=en&answer=57856
According to bonsai, the certificate was installed in version 1.17
(http://bonsai.mozilla.org/cvsview2.cgi?
diff_mode=context&whitespace_mode=show&subdir=mozilla/security/nss/lib/
ckfw/
builtins&command=DIFF_FRAMESET&file=certdata.txt&rev1=1.16&rev2=1.17&root=/
cvsroot) by Julien Pierre as part of bug #139874 (https://
bugzilla.mozilla.org/show_bug.cgi?id=139874).
vortex
> Google accepts "RSA Security 1024 V3" and "RSA Security 2048 V3" for
> their Checkout API authentication too.
>
>
> According to bonsai, the certificate was installed in version 1.17
> (http://bonsai.mozilla.org/cvsview2.cgi?
> diff_mode=context&whitespace_mode=show&subdir=mozilla/security/nss/lib/
> ckfw/
> builtins&command=DIFF_FRAMESET&file=certdata.txt&rev1=1.16&rev2=1.17&root=/
> cvsroot) by Julien Pierre as part of bug #139874 (https://
> bugzilla.mozilla.org/show_bug.cgi?id=139874).
Did anyone check with Valicert? Apparently this very issue came up in
2006 in Debian world.
http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/5b33fa29d3d83c66/5a6fe5ca3e2da747?hl=en&ie=UTF-8&q=%22RSA+Security+1024+V3%22#5a6fe5ca3e2da747
wwa...@gmx.de
> Did anyone check with Valicert? Apparently this very issue came up in
You should better reread that message. Valicert has nothing to do with
this. The "RSA Security 1024 V3" CA was only shown as an example of a
CA by RSA in that message.
vortex
You are absolutely correct, I shall return to my corner now (and try
to determine why Google isn't using my real name).
Kathleen Wilson
that RSA did indeed create the "RSA Security 1024 V3" root certificate
that is currently included in NSS (Netscape/Mozilla) and also in Apple's
root cert store.
Rob Stradling
did indeed create this Root Certificate. However, the fact that "Both RSA and
VeriSign have stated in email that they do not own this root" begs the
question:
Who (if anyone) possesses the private key now?
IMHO, this Root Certificate should definitely be removed from NSS unless the
current owner steps forward and:
1. Asks for it to not be removed, and...
2. Provides evidence that it is covered by an appropriate audit, and...
3. Provides evidence that the private key has been kept secure since it was
initially created by RSA Security.
BTW, this "story" has already been picked up by The Reg:
http://www.theregister.co.uk/2010/04/06/mysterious_mozilla_apple_certificate/
> _______________________________________________
> dev-security-policy mailing list
> dev-secur...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
Rob Stradling
Senior Research & Development Scientist
C·O·M·O·D·O - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
Comodo CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender by replying
to the e-mail containing this attachment. Replies to this email may be
monitored by Comodo for operational or business reasons. Whilst every
endeavour is taken to ensure that e-mails are free from viruses, no liability
can be accepted and the recipient is requested to use their own virus checking
software.
Rob Stradling
> Kathleen, I'm glad to hear that you've received confirmation that RSA
> Security did indeed create this Root Certificate. However, the fact that
> Who (if anyone) possesses the private key now?
>
> IMHO, this Root Certificate should definitely be removed from NSS unless
> the current owner steps forward and:
> 1. Asks for it to not be removed, and...
> 2. Provides evidence that it is covered by an appropriate audit, and...
> 3. Provides evidence that the private key has been kept secure since it was
> initially created by RSA Security.
Kathleen, are you satisfied that the private keys for all the other Root
Certificates currently in NSS (especially those added back in the Netscape
era) were created securely and have always been held securely?
Or are there any others that need to be investigated in the same manner that
you've just been doing with "RSA Security 1024 V3"?
> BTW, this "story" has already been picked up by The Reg:
> http://www.theregister.co.uk/2010/04/06/mysterious_mozilla_apple_certificat
> e/
>
> On Tuesday 06 April 2010 20:22:04 Kathleen Wilson wrote:
Eddy Nigg
> BTW, this "story" has already been picked up by The Reg:
> http://www.theregister.co.uk/2010/04/06/mysterious_mozilla_apple_certificate/
>
We are used to quite a bit.... but one wonders what next?
:-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: star...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
Gervase Markham
> Perhaps this is far-fetched and paranoid. But the fact that RSA know
> nothing whatsoever about this root is rather concerning.
In case it's not clear by now, this is not true, RSA did create the
root, and any suggestion that the private key is in the hands of unknown
people was wild speculation on my part utterly unbacked by evidence.
:-|
Gerv
Kathleen Wilson
> On Tuesday 06 April 2010 22:04:07 Rob Stradling wrote:
>> Kathleen, I'm glad to hear that you've received confirmation that RSA
>> Security did indeed create this Root Certificate. However, the fact that
>> "Both RSA and VeriSign have stated in email that they do not own this
>> root" begs the question:
>> Who (if anyone) possesses the private key now?
>>
>> IMHO, this Root Certificate should definitely be removed from NSS unless
>> the current owner steps forward and:
>> 1. Asks for it to not be removed, and...
>> 2. Provides evidence that it is covered by an appropriate audit, and...
>> 3. Provides evidence that the private key has been kept secure since it was
>> initially created by RSA Security.
Email from RSA indicates that this "RSA Security 1024 V3" root is
retired and should be removed from NSS.
> Kathleen, are you satisfied that the private keys for all the other Root
> Certificates currently in NSS (especially those added back in the Netscape
> era) were created securely and have always been held securely?
>
> Or are there any others that need to be investigated in the same manner that
> you've just been doing with "RSA Security 1024 V3"?
This was the only root that I could not get answers from a CA from in
regards to recent audit, state of the root, and recommendation to remove
or disable the root.
Rob Stradling
good idea for you compile that list, so thanks a lot for your hard work!
Eddy Nigg
Errr...RSA and Verisign both indicated that they didn't own the root
NOW...or something like this. RSA probably created it though.
Kathleen Wilson
is still in possession of the private key for the "RSA Security 1024 V3"
root certificate.
RSA has also agreed that the "RSA Security 1024 V3" root certificate
should be removed from NSS.
Kathleen
Eddy Nigg
Excellent, so all is fine then. And the root can be removed.
lix
> On 04/07/2010 01:21 AM, Kathleen Wilson:
a bit faster response would have been better
is there anybody tracking these on the top of the vendor?
just curious...
>
> > An official representative of RSA has sent me email to confirm that
> > RSA is still in possession of the private key for the "RSA Security
> > 1024 V3" root certificate.
>
> > RSA has also agreed that the "RSA Security 1024 V3" root certificate
> > should be removed from NSS.
>
> Excellent, so all is fine then. And the root can be removed.
>
> --
> Regards
>
> Signer: Eddy Nigg, StartCom Ltd.
> XMPP: start...@startcom.org
Eddy Nigg
> On Apr 6, 11:27 pm, Eddy Nigg<eddy_n...@startcom.org> wrote:
>
>> On 04/07/2010 01:21 AM, Kathleen Wilson:
>>
> a bit faster response would have been better
>
> is there anybody tracking these on the top of the vendor?
>
If not, would you like to volunteer?
> just curious...
>
Yeah, me too :-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: star...@startcom.org
Eddy Nigg
>
>> On 04/07/2010 01:21 AM, Kathleen Wilson:
>>
> a bit faster response would have been better
>
> is there anybody tracking these on the top of the vendor?
>
If not, would you like to volunteer?
> just curious...
>
Yeah, me too :-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: star...@startcom.org
lix
> On 04/07/2010 01:58 AM, lix:
>
> > On Apr 6, 11:27 pm, Eddy Nigg<eddy_n...@startcom.org> wrote:
>
> >> On 04/07/2010 01:21 AM, Kathleen Wilson:
>
> > a bit faster response would have been better
>
> > is there anybody tracking these on the top of the vendor?
>
> If not, would you like to volunteer?
definitely, i have this nice striped notebook and my pencil(2B) and
ready to go!
;)
Eddy Nigg
>> If not, would you like to volunteer?
>>
> definitely, i have this nice striped notebook and my pencil(2B) and
> ready to go
Excellent! I'm certain that Kathleen will give you the necessary
instructions. Thanks for joining!
Kurt Seifried
I too would volunteer, I think this is critical enough that it
deserves more than one set of eyeballs (ala code review).
Can Kathleen or Jonathan perhaps set us up with an introductory email
with the various certificate authorities so we know who to talk to,
and they know why we are trying to talk to them.
What information exactly would we be gathering? I imagine:
certificate (serial number, etc.)
owner of certificate
who is in control of the certificate (i.e operational use),
location/affiliations/etc.
what the certificate is used for (in plain English terms)
last time an audit was done (especially if the audit is pre-handover
assuming the certificate has changed hands)
contact information/how to report a stolen/improperly issued cert/etc.
would be a useful start. Then dump this all into a spread sheet online?
I've also been trying to gather a list of methods/etc. used to
validate domains/email addresses by various CAs but it's slow going. I
know such a list would definitely help me and others decide who we can
trust.
-Kurt
Eddy Nigg
>> If not, would you like to volunteer?
>>
> I too would volunteer, I think this is critical enough that it
> deserves more than one set of eyeballs (ala code review).
>
Kathleen, you've got new volunteers :-)
> Can Kathleen or Jonathan perhaps set us up with an introductory email
> with the various certificate authorities so we know who to talk to,
> and they know why we are trying to talk to them.
>
I don't that's necessary at this point. You can gather information that
is publicly available (or should be available). Kathleen can then do the
polishing :-)
> would be a useful start. Then dump this all into a spread sheet online?
>
IIRC that spreadsheet and quite some information exists already.
Unfortunately I don't recall the location now.
> I've also been trying to gather a list of methods/etc. used to
> validate domains/email addresses by various CAs but it's slow going.
Honestly I tried that too at some point. It's quite difficult.
> I know such a list would definitely help me and others decide who we can trust.
>
Yes, it probably would.
Eddy Nigg
I don't think that's necessary at this point.
Kathleen Wilson
> What information exactly would we be gathering? I imagine:
>
> certificate (serial number, etc.)
> owner of certificate
> who is in control of the certificate (i.e operational use),
> location/affiliations/etc.
> what the certificate is used for (in plain English terms)
> last time an audit was done (especially if the audit is pre-handover
> assuming the certificate has changed hands)
> contact information/how to report a stolen/improperly issued cert/etc.
>
> would be a useful start. Then dump this all into a spread sheet online?
Last year I created a spreadsheet with the following information for
each root included in NSS, and I maintain this spreadsheet now.
Approval Bug#
Primary Contact
CA Email Alias
CA Phone Number
Title/Department
Company Website
CP URL
CPS URL
Audit URL
EV Audit URL
Date of Latest Audit
I publish a portion of this spreadsheet as per the following:
To see the complete list of all of the root certificate authorities that
are included in NSS, and who currently owns/operates them, go to
http://www.mozilla.org/projects/security/certs/ and click on the "List
of all included root certificates" link. This will display the public
and published version of a spreadsheet that I maintain. There is a
column called "Company Website" which indicates the current owner of
each root.
Bug #534274 is the bug I used in regards to removal/disablement of the
root certs in NSS for which I did not find a recent audit statement. All
of the owning CAs had communicated with me in regards to those roots,
except for this RSA root. This particular RSA root was the only root
that I could not get information on until today, which is why I had
separated it out in