Awesome use of load balancing for request retry across multiple backend servers:<p>> This was caused by the CMS (Certificate Management System), when it sent the signing request of the certificate to the signing server A, which had no response, then the CMS sent it to the other newly added signing server B. After a while the signing server A signed the certificate and sent to the CMS and also to the subscriber, then the subscriber installed the cert in its website and hat's why Censys recorded this certificate; in the
meantime, the signing server B also signed this certificate
some time later (in seconds) and sent it to the CMS, the CMS accepted it and rewrote it in the DB.<p>> This issue happened after adding another signing server on Jan 5th 2015, and found it on April 9th 2015. When had the two signing servers added a load balancer, but the configuration was not properly done because it didn't lock the request.<p>Mind you, that's a perfectly legit technical bug. Maybe they were using nginx for load balancing POST requests? :)<p><a href="https://news.ycombinator.com/item?id=11217477" rel="nofollow">https://news.ycombinator.com/item?id=11217477</a>
Cross linking the earlier WoSign scandal reports:
<a href="https://news.ycombinator.com/item?id=12389573" rel="nofollow">https://news.ycombinator.com/item?id=12389573</a>
<a href="https://news.ycombinator.com/item?id=12582534" rel="nofollow">https://news.ycombinator.com/item?id=12582534</a>
<a href="https://news.ycombinator.com/item?id=12617659" rel="nofollow">https://news.ycombinator.com/item?id=12617659</a><p>So if I get it right, WoSign will cease to exist as a CA given the 1y probation proposed by Mozilla and the general distrust that will follow?
> "Many customers in China find it important to use a domestic CA for purposes of security."<p>That's not how the CA system works. Your security is unaffected by what CA you choose; it is invariably the minimum of all trusted CAs.
Interesting aside that came out of this case is the issue of cross-signing intermediary and root certs and it not being disclosed.<p>The WoSign roots were cross-signed by[0] Comodo and StartCom (owned by WoSign, but we didn't know that), so even with WoSign roots being revoked, there would still be a verification path.<p>Nice to see that now there is an effort to disclose all of these[2][3], and[1]:<p>> Mozilla now requires the disclosue of all intermedidate certificates, including those cross-certificates.<p>[0] <a href="https://wiki.mozilla.org/CA:WoSign_Issues#Cross_Signing" rel="nofollow">https://wiki.mozilla.org/CA:WoSign_Issues#Cross_Signing</a><p>[1] <a href="https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/5c1c6L7JFwAJ" rel="nofollow">https://groups.google.com/d/msg/mozilla.dev.security.policy/...</a><p>[2] <a href="https://crt.sh/mozilla-disclosures" rel="nofollow">https://crt.sh/mozilla-disclosures</a><p>[3] <a href="https://secure.comodo.com/products/publiclyDisclosedSubCACerts" rel="nofollow">https://secure.comodo.com/products/publiclyDisclosedSubCACer...</a>
When you have a business that effectively prints money, why do something this stupid?<p>I also wonder how much more effort they thought it was to write the code to backdate the certs (rather than use "now") v.s. code for upgrading to SHA-256.
A shame. WoSign were super generous with their free certificate offering long before LetsEncrypt was a thing. They were a a handy alternative.<p>We should be thanking them for their free certs, and thanking them again now for giving us another example of how the PKI is a farce. The chances are there are a bunch other 'reputable' CAs out there playing these games.
This story is a bit of a mess to make sense of coming in cold and reading a Google Groups summary. Here's my read, which may help clarify the story for others.<p>Mozilla have an excellent explanation document covering the backdated certs in detail here: <a href="https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview" rel="nofollow">https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBG...</a><p>(Thanks to @xnyhps for the link in a reply to this comment.)<p>WoSign, described elsewhere as China's largest certificates authority, are a CA who have been found to have backdated SHA1 ceritificates to work around browser restrictions on SHA1 cert issueances. SHA1 is no longer considered secure. Resolution of that issue is discussed in new mozilla.dev.security.policy Usenet group peered by Google Groups: <a href="https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/1XI3Y7PJ1Uc/qc9PvezXFwAJ" rel="nofollow">https://groups.google.com/forum/#!msg/mozilla.dev.security.p...</a><p>A better source for WoSign's update to the story is in the PDF posted to the newsgroup, here: <a href="https://www.wosign.com/report/WoSign_Incident_Report_Update_07102016.pdf" rel="nofollow">https://www.wosign.com/report/WoSign_Incident_Report_Update_...</a><p>Titled "WoSign Incidents Report Update". Which is even less descriptive than the title presently given on this HN post, though perhaps what HN posting guidelines prefer. I'll let @dang wrestle his conscience on that one.<p>In that document are several issues listed, the one relevant to this HN post appears to be:<p>"9. Issue S: Backdated SHA-1 Certs (January 2016)<p>"WoSign has issued certificates after January 1st 2016 but backdated the notBefore date to be in December 2015.
This has the effect of avoiding the blocks in browsers regarding SHA-1 certs issued after January 1st 2016. The
number of certs affected is probably 67, but may be a few more or less."<p>Following down from there, several corporate restructuring steps are mentioned, including:<p><i>360’s Corporate Development team has been notified to execute the process to legally separate Wosign and Startcom and to begin executing personnel reassignments. StartCom’s chairman will be Xiaosheng Tan (Chief Security Officer of Qihoo 360). StartCom’s CEO will be Inigo Barreira (formerly GM of StartCom Europe). Richard Wang will be relieved of his duties as CEO of WoSign.</i><p>There is background on the story from:<p>"WoSign Mis-Issued SHA-1 SSL Certificates [Updated]" (August 24, 2016)
<a href="https://www.thesslstore.com/blog/wosign-mis-issued-sha-1-ssl/" rel="nofollow">https://www.thesslstore.com/blog/wosign-mis-issued-sha-1-ssl...</a><p>"Mozilla Ready to Ban WoSign Certificates for One Year After Shady Behavior" (September 26, 2016)<p>The second article details Mozilla's issues with WoSign, including purchase of an Israeli CA, StartCom
<a href="http://news.softpedia.com/news/mozilla-ready-to-ban-wosign-certificates-for-one-year-after-shady-behavior-508674.shtml" rel="nofollow">http://news.softpedia.com/news/mozilla-ready-to-ban-wosign-c...</a><p>I'm not claiming anything other than a 15 minute familiarity with the situation here. I may have heard earlier rumblings but really haven't followed this at all and wasn't consciously aware of particulars.
Mirror of the PDF version of the incident report if they take down the original or it goes down: <a href="http://clicky.strapr.com/3g1s1y1k0Y2J" rel="nofollow">http://clicky.strapr.com/3g1s1y1k0Y2J</a>
Direct link to PDF report: <a href="https://www.wosign.com/report/WoSign_Incident_Report_Update_07102016.pdf" rel="nofollow">https://www.wosign.com/report/WoSign_Incident_Report_Update_...</a>
So much money they are making and they can't hire anybody who can write English properly or write a PDF that is not composed of a handful of font faces and sizes.<p>I also find it funny they have fired the CEO (the PDF does not say he stepped down voluntarily) but he's the one sending that link to the mailing list. I call bs.
So I am wondering how this mess got started<p>Is it just incredible incompetence on WoSign's part or is there a stronger reason why China's largest CA is trying to keep issuing weak certificates? Is is tinfoil-hattery to assume that the Chinese government is not ready for SSL to start getting unreadable again?