• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

All things PKI, HTTPS, SSL, TLS, Digital Certificates

  • Buy SSL Certificates
  • Blog
  • Java Keytool
  • OpenSSL
  • Certificate Decoder
  • Donate

64-bit Serial Number Entropy Recap – SSL/TLS Certificates

April 16, 2019 by Mister PKI Leave a Comment

On February 28, 2019 a CA Compliance bug was filed in the Mozilla NSS product that detailed a flaw where DarkMatter had mis-issued certificates having only 63 bits of entropy, instead of the required 64-bit serial number entropy.

See https://wiki.mozilla.org/CA/Incident_Dashboard for incidents related to CA Compliance and to crawl through any new or remaining incidents related to serial number entropy.

According to the CA Browser Forum Baseline Requirements, beginning September 30, 2016, “CAs SHALL generate Certificate serial numbers greater than zero (0) containing at least 64 bits of output from a CSPRNG.” See https://cabforum.org/baseline-requirements-documents/

In DarkMatter’s case, the serial numbers were 64 bits, but because serial numbers must also be positive, the first bit was always 0 guaranteeing the serial number to only have 63 bits of randomness or entropy. The issue was not in anything intentional DarkMatter was doing, but rather in the EJBCA (https://ejbca.org/) software many CAs use. When the cause was discovered, a sense of urgency broke out across the CA community after millions of certificates across many CAs were discovered to have been mis-issued.

To date, most of the certificates have been revoked and replaced. This has caused an undue burden on many organizations worldwide. Large corporations, higher education institutes, and personal websites have all been affected.

The CA Browser Forum Baseline Requirements also state that “The CA SHOULD revoke a certificate within 24 hours and MUST revoke a Certificate within 5 days.”

In the case of millions of mis-issued certificates, this rule is not scalable. Many CAs asked for an extension which was granted in most if not all cases. The 5-day rule makes sense for a single mis-issued certificate, but not at all for hundreds, thousands, and in this case millions of certificates. The CA Browser Forum should learn from this and introduce a new rule for larger scale noncompliance issues. Nothing was malicious here and no imminent security concerns were present. Money was lost and time was arguably wasted to “comply” with a non-security related incident.

Also worth noting is that it is possible that CAs had previously uncovered “possible” mis-issuance of certificates with less than the required 64-bit serial number entropy before the DarkMatter incident. It is highly likely that because of the scrutiny DarkMatter faced in its attempt to be trusted by Mozilla, that the CA and Browser community was scrutinizing certificates even more closely because of their reluctance to trust DarkMatter. It would be unfortunate if the community was willing to throw a wrench into the daily processes of numerous organizations worldwide just to try to block DarkMatter from being trusted. Again, it is possible that the 64-bit issue had already been brought into question previously, but not acted on until now.

With this said, it is our hope that progress will be made in separating security compliance with non-security related compliance to help improve the usability of a more secure web.

Read all blog content.

Uncategorized

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Posts

PKCS12

openssl s_client

Keytool

Keytool list

ECDSA vs RSA

OpenSSL

PKCS7

Certificate Decoder

Buy SSL Certificates

SSL/TLS Certificate Small Square (200 x 200)

Recent Posts

  • PKCS7
  • PKCS8 (PKCS #8)
  • keytool delete alias – How to delete an alias from a keystore
  • keytool alias -changealias – How to change a private key alias
  • SSL Certificate Expiration and SSL Certificate Renewal

Footer

  • Twitter
  • YouTube

Copyright © 2021 · Designed by North Flow Tech