Accountapprovers, antispam, confirm, emeritus
4,925
edits
Changes
Update Issue L
==Issue L: Cross-Signing the US Federal Bridge (February 2011 - July 2016)==
The US Government has an [https://fpki-graph.fpki-lab.gov extremely complicated ] PKI called the Federal PKI. It has [https://bugzilla.mozilla.org/show_bug.cgi?id=478418 applied for inclusion] in the Mozilla root store but that application seemed unlikely ever to be successful due to the difficulty of bringing the entire FPKI in line with Mozilla's policies. At During the time of this incidentperiod in question, it had a number of non-audited subordinate CAs.
Since February 2011, Symantec has regularly had a valid cross-sign for one or both of "[https://crt.sh/?caid=1324 Federal Bridge CA]" and "[https://crt.sh/?caid=1410 Federal Bridge CA 2013]", which are both part of the FPKI, thereby making (as far as I can tell) all certificates below those roots in the chain of trust FPKI be publicly trusted, and technically making Symantec responsible to Mozilla for all certificates issued in the covered part of the FPKI, including any BR violations. The intermediate CA certificate(s) concerned were not disclosed in the CCADB, as Mozilla practice at the time required. This was [https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/0wSUJKnH5MY/PGhVbV-UBQAJ reported in m.d.s.policy].
Symantec is not the only CA to have done this; IdenTrust [https://crt.sh/?id=9114292 also did it on multiple occasions] from 2011-01-14 onwards. I don't believe there are any unexpired unrevoked (by OneCRL) links between the FPKI and the Mozilla trust store any more, via any CA.
Symantec [https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/KKqGmzQIOno claim] that the problem is with browsers not processing certificate policy extensions which are used within the FPKI. When they realised the problem, they negotiated with the FPKI to allow the relevant cross-cert to expire rather than renewing it.
===Further Comments and Conclusions===
There are three possibilities here:
* Symantec didn't realise that what they did had the effect of making the entirety of the FPKI trusted in Mozilla browsers; or
* Symantec knew that they had taken actions to make the entirety of the FPKI trusted in Mozilla browsers and didn't realise the implications; or
* Symantec knew that they had taken actions to make the entirety of the FPKI trusted in Mozilla browsers and did realise the implications, but didn't see fit to tell us.
None of these possibilities reflects well on Symantec. Symantec should have known that certificate policy extensions are not sufficient protection for the WebPKI (which doesn't use or recognise them). Symantec should realise the full implications of any cross-signing they do. And Symantec should have revealed to Mozilla that they had made it possible for a massive hierarchy of non-BR- and non-Mozilla-policy-compliant certificates to be trusted in our browser.
==Issue N: Premature Manual Signing Using SHA-1 (July 2016)==
