Re: Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours

Fri, 20 Mar 2020 19:40:44 -0700 

On Sat, Mar 21, 2020 at 01:53:31AM +0000, Nick Lamb wrote:
> On Sat, 21 Mar 2020 09:25:26 +1100
> Matt Palmer via dev-security-policy
> <[email protected]> wrote:
> 
> > These two certificates:
> > 
> >     https://crt.sh/?id=2602048478&opt=ocsp
> >     https://crt.sh/?id=2601324532&opt=ocsp
> > 
> > Were issued by Let's Encrypt more than 24 hours ago, and remain
> > unrevoked, despite the revocation of the below two certificates,
> > which use the same private key, for keyCompromise prior to the above
> > two certificates being issued:
> > 
> >     https://crt.sh/?id=2602048478&opt=ocsp    
> >     https://crt.sh/?id=2599226028&opt=ocsp
> > 
> > As per recent discussions here on m.d.s.p, I believe this is a breach
> > of BR s4.9.1.1.
> 
> I haven't looked at the substance of your concern yet, but the 1st and
> 3rd links you gave above both look identical to me whereas your text
> implies they should differ. Perhaps this is a copy-paste error?

Oh the facepalm, it burns (probably too much hand sanitizer)... let me try
that again.

Recently issued and as-yet-unrevoked certificate, the first:

    https://crt.sh/?id=2602048478&opt=ocsp

Previously revoked certificate for the same key:

    https://crt.sh/?id=2599363087&opt=ocsp

Recently issued and as-yet-unrevoked certificate, the second:

    https://crt.sh/?id=2601324532&opt=ocsp

Previously revoked certificate for the same key:

    https://crt.sh/?id=2599226028&opt=ocsp

I've also, since my initial report, come across some more keys that have
been successfully re-used by Let's Encrypt customers after being revoked for
key compromise.  You can pull the details out of the recent history:

    
https://crt.sh/?spkisha256=c5b2c5acc5a35409cb18c7f820b93a3d53e2fd17d99df165875881d60ff91ca2
    
https://crt.sh/?spkisha256=35e61785dc449d235568dc5919f9f4bca31a234f0768e6c057f1d9e39491d76d
    
https://crt.sh/?spkisha256=bb84a7d81dafd4e59877bb31595545eb5a205a4cc7db881b027fa499c5086c1c

There's also this one, which is another reuse-after-revocation, but the
prior history of this key suggests that there's something *far* more
interesting going on, given the variety of CAs and domain names it has been
used for (and its current residence, on a Taiwanese traffic stats server):

    
https://crt.sh/?spkisha256=69fc5edbd904577629121b09c49b711e201c46213e5b175bbee08a4d1d30b3c7

If anyone figures out the story with that last key, I'd be most pleased to
hear about it.

- Matt

_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to