Accountapprovers, antispam, confirm, emeritus
4,925
edits
Changes
Add Incident S
As well as any issues there may be with the disclosure of the transfer of ownership, the relationship between WoSign and StartCom is also relevant when determining the scope of any sanctions.
==Incident S: Backdated SHA-1 Certs (January 2016)==
WoSign has issued certificates after January 1st 2016 but backdated the notBefore date to be in December 2015. This has the effect of avoiding the blocks in browsers regarding SHA-1 certs issued after January 1st 2016. The number of certs affected is unknown but probably at least 50.
The three certificates below have notBefore dates in Dec 2015, have signatures over SHA-1 hashes and have embedded SCTs which are dated after January 1, 2016.
{| class="wikitable"
!Domain
!notBefore
!notAfter
!SCT Timestamp
|-
|[https://crt.sh/?id=30773667 yffsc.com]
|Dec 19 20:37:06 2015 GMT
|Dec 29 16:00:00 2016 GMT
|Jan 4 10:11:27 2016 GMT
|-
|[https://crt.sh/?id=30773528 congfubao.com]
|Dec 20 08:29:51 2015 GMT
|Dec 29 16:00:00 2016 GMT
|Jan 5 05:52:47 2016 GMT
|-
|[https://crt.sh/?id=30773532 my.xbniao.com]
|Dec 20 07:48:31 2015 GMT
|Dec 29 16:00:00 2016 GMT
|Jan 18 05:33:21 2016 GMT
|}
Because these SCTs are embedded, they must have been created before the final certificate was signed, and therefore the final certificate must have been signed in January - on or after January 18th, for the third one.
These are the only certs for which cryptographic proof of backdating is available. However, note that the above certs all have the same notAfter date, which is not exactly 1 year (or any other standard time period) after the notBefore. And the notBefore date is some time between midnight and midnight on December 20th 2015, China time (+0800). (This pattern fits a system where code adjusted the date, but not the time, prior to issuance.) If we look for other certs matching this pattern, we find a total of 62 certificates in crt.sh and other sources. Here are five more examples: [https://crt.sh/?id=30741722 1], [https://crt.sh/?id=30741724 2], [https://crt.sh/?id=30773614 3], [https://crt.sh/?id=30773616 4], [https://crt.sh/?id=30773644 5].
Of those 62, there are three more certs with embedded SCTs where the gap between the notBefore date and the SCT date is multiple days (i.e. they were backdated) but where the SCT date is nevertheless before 1st January 2016, which means the backdating does not have the effect of avoiding browser blocks.
{| class="wikitable"
!Domain
!notBefore
!notAfter
!SCT Timestamp
|-
|[https://crt.sh/?id=30629282 passport.huayingjuhe.com]
|Dec 20 03:40:31 2015 GMT
|Dec 29 16:00:00 2016 GMT
|Dec 31 10:24:34 2015 GMT
|-
|[https://crt.sh/?id=30629285 puxbao.com]
|Dec 20 07:49:25 2015 GMT
|Dec 29 16:00:00 2016 GMT
|Dec 31 10:30:03 2015 GMT
|-
|[https://crt.sh/?id=30629275 modai.cc]
|Dec 20 12:02:09 2015 GMT
|Dec 29 16:00:00 2016 GMT
|Dec 31 10:20:17 2015 GMT
|}
The issuance of backdated certificates is not forbidden by Mozilla policy, but is included in [https://wiki.mozilla.org/CA:Problematic_Practices#Backdating_the_notBefore_date Mozilla's list of Problematic Practices]. It says "Minor tweaking for technical compatibility reasons is accepted, but backdating certificates in order to avoid some deadline or code-enforced restriction is not."
The Baseline Requirements, section 7.1.3, say:
<blockquote><i>
Effective 1 January 2016, CAs MUST NOT issue any new Subscriber certificates or Subordinate CA certificates using the SHA‐1 hash algorithm.
</i></blockquote>
==WoSign Response==
This incident has not yet been officially drawn to the attention of WoSign.
==Incident T: alicdn.com Misissuance (June 2016)==
