>Browsing crt.sh, I found this: https://crt.sh/?id=1902422627
>
>It's a certificate for api.pillowz.kz with the public key of Let's Encrypt
>Authority X1 and X3 CAs.
How could that have been issued? Since a (PKCS #10) request has to be self-
signed, does this mean Digicert aren't validating signatures on requests?
Peter.
>There is no requirement to submit a PKCS#10 CSR.
Hmm, so what sort of issue process allows you to obtain a certificate for a key you don't control?
Peter.
>Certificate renewal that uses the existing certificate as input, rather than
>a CSR. The (presumably expiring) certificate supplies the domains,
>organization info, and the public key for the renewal certificate request. In
>this case there is no proof of key possession absent some out-of-band process
>(TLS handshake with the web server, etc).
But if it's a renewal based on an existing cert, meaning that someone already
had a cert for a key they don't control, that means that at some point in the
past the CA turned a CSR for a key the requester doesn't control into a cert.
In particular, there must have been some authorisation carried out at some
point, or perhaps that wasn't carried out, that indicates who requested the
cert. What I'm trying to discover is where the gap was, and what's required
to fix it in the future.
Peter.
>What gap, exactly? There’s not a risk here.
There are attacks possible, but this stuff was covered more than twenty years
ago by PKIX and I can't remember the specifics. It was around various ways of
fooling a victim that you'd signed something that you hadn't based on the two
different certs.
>I don’t think it’s been codified that private key possession or control has
>to be demonstrated.
All the PKIX cert-enrolment protocols (CMP, CMC, and plain PKCS #10) as well
as the non-PKIX SCEP require proof-of-possession in order to deal with these
problems. Unfortunately in the PKIX tradition the spec just says "In order to
prevent certain attacks" without ever saying what they are.
I assume this is ACME that allows a key to be certified without any proof that
the entity requesting the certificate controls it? I don't know that any of
the PKIX protocols allow it.
Peter.
>For those interested, the short of what happened is that we had an old
>service where you could replace existing certificates by having DigiCert
>connect to a site and replace the certificate with a key taken from the site
>after a TLS connection. No requirement for a CSR since we obtained proof of
>key control through a TLS connection with the website. Turned out the
>handshake didn't actually take the key, but allowed the customer to submit a
>different public key without a CSR. We took down the service a while ago -
>back in November I think. I plan to put it back up when we work out the kink
>with it not forcing the key to match the key used in the handshake.
Thanks, that was the info I was after: was this a general problem that we need
to check other systems for as well, or a situation-specific issue that
affected just one site/system but no others. Looks like other systems are
unaffected.
Peter.
If there's no requirement to verify that this is the case by CAs issuing
certificates, doesn't this make what they're producing a non-certificate?
This isn't snark, it's a genuine question: If the CA isn't checking that the
entity they're certifying controls the key they're certifying, aren't they
then not acting as CAs any more?
Peter.
>The standard use of the most common way of communicating the public key and
>the purported proof-of-possession of the private key to the CA, the CSR, does
>not provide replay protection and yet is frequently NOT treated as a security
>impacting element should it be disclosed post-issuance. As such, one must
>question if an arbitrary CSR which contains a valid signature produced using
>the private key which corresponds to the subject public key in same said CSR
>is really qualified to be considered proof-of-possession (or proof of control)
>of said private key. I submit that it is not.
All of the cert management protocols I referenced earlier, CMP, CMC, and SCEP
but not ACME which I haven't implemented so I'm not sure about, have liveness
constraints. In other words you can't replay an old CSR to get a new cert.
Even if there is a bare-CSR way to get a cert, the only thing you could do
with it is get the same cert issued with a more recent expiry date. Since
everyone clicks past expired certs anyway and when they're used for things
like code signing they're countersigned by a TSA to give them an indefinite
lifetime, I'm not sure that it gets an attacker much.
Having said that, it's another one of the many PKI things that just get done a
certain way without anyone ever presenting a threat model that justifies it,
so it could be a threat in some manner.
Peter.