Saturday, April 25, 2015

Analysis of the "List of available trusted root certificates in OS X Yosemite"

In the OS X Security update 2015-004/Yosemite 10.10.3, Apple updated the Certificate Trust List, or "CTL".  The CTL is the list of Certificate Authority Certificates (CA Certs) that the browser and operating systems trust for establishing secure web connections (SSL/TLS, aka HTTPS).  Apple has been posting the list of certificates in the past few updates, which is a good step toward being more transparent, after all transparency is a critical requirement for Trustworthiness.

https://support.apple.com/en-us/HT202858

However, the list falls short.  For a normal user, it's a bunch of gobbledygook. For technical analysis, it is missing the key element (SHA1 Fingerprint) that is used to uniquely identify a certificate with high certainty.  Additionally the list doesn't explain what changes have occurred since the previous release, and why.  To really analyze it I had to compare extracts of the different certificate trust lists, made available on github by other researchers.

Briefly for the "normal user", the CA Certificates are each controlled by a Certificate Authority (CA).  Each CA may own more than one "Root" Certificate, for example they may have different expiration dates or support different features, or the CA may have acquired other companies and not yet transitioned customers to their own "Root Certificates".  The Apple Certificate trust list determine basically what CAs Safari or Chrome will trust, which means where websites can purchase certificates for secure web sites.  (FireFox has it's own list).

For the "Technical user", including those required to manage their organizations' Certificate Trust Lists, below is a breakdown of the certificates added and removed, and some inference as to why.

Overall this change from 10.10.0 to 10.10.3 includes welcome cleanup and reasonable preparation for future security requirements, but it's hard to tell that from the bulletin.



6 New CA Certificates 4096bit RSA Certificates from 3 existing Certificate Authorities

One new 4096bit CA Certificate for existing CA "ANF Autoridad de Certification" in Spain.
   ANF is a WebTrust audited, CabForum member, with current CPS & Audits
   https://cert.webtrust.org/ViewSeal?id=1833
   https://www.anf.es
   English: https://www.anf.es/en/

Two new 4096bit CA Certificates for existing CA "Identrust", in the United States of America.
   Identrust is a WebTrust audited Certificate authority with current CPS & Audits
   https://cert.webtrust.org/ViewSeal?id=1720
   https://www.identrust.com

Three new 4096bit CA Certificates for existing CA "QuoVadis Limited"
   QuoVadis is a WebTrust audited, CabForum member, with current CPS & Audits, in Bermuda.
   https://cert.webtrust.org/ViewSeal?id=1851
   https://www.quovadisglobal.com
   https://www.quovadisglobal.com/QVRepository.aspx
   
Removed Certificates (16 total)
     8 of these were 1024bit RSA certificates, removed as the industry is transitioning to 2048 or larger RSA Certificates.
     1 was expired.
     1 From SwissSign, 2048bit root retired in favor of 4096bit roots.
     2 from TDC Internet.DK, a Danish CA.  Denmark moved to "OCES" certificates for identifying people, so these companies no longer issue x.509 certificates.
     1 From VAS Latvijas Pasts SSI of Latvia
            Relevent discussion: https://bugzilla.mozilla.org/show_bug.cgi?id=412747
     1 From of AC Ra\xC3\xADz Certic\xC3\xA1mara S.A. of Columbia
     2 from KMD-CA.DK, a Danish CA that stopped issuing certificates in 2003/2004.  Below is their web site as of 2007, the last time the Internet Archive captured it.  I don't know why it took so long to remove, it appears one of the certificates was nearing expiration which triggered a review.  Possibly the CA had issued 10 year SSL Certificates and Apple waited for those to age out, thankfully newer CABForum baseline requirements limit certificates to about three years (39 months).
   



++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
26CAFF09A7AFBAE96810CFFF821A94326D2845AA.pem  (!MSFT!MOZ)
C=ES, ST=Barcelona, L=Barcelona (see current address at http://www.anf.es/es/address-direccion.html ), O=ANF Autoridad de Certificacion, OU=ANF Clase 1 CA/emailAddress=info@anf.es/serialNumber=G63287510, CN=ANF Global Root CA
            Not Before: Jun 10 17:45:38 2013 GMT
            Not After : Jun  5 17:45:38 2033 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)


1B8EEA5796291AC939EAB80A811A7373C0937967.pem  (+MSFT+MOZ)
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3
            Not Before: Jan 12 17:27:44 2012 GMT
            Not After : Jan 12 17:27:44 2042 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)

093C61F38B8BDC7D55DF7538020500E125F5C836.pem   (+MSFT+MOZ)
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
            Not Before: Jan 12 18:59:32 2012 GMT
            Not After : Jan 12 18:59:32 2042 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)

4812BD923CA8C43906E7306D2796E6A4CF222E7D.pem  (+MSFT+MOZ)
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3
            Not Before: Jan 12 20:26:32 2012 GMT
            Not After : Jan 12 20:26:32 2042 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)

BA29416077983FF4F3EFF231053B2EEA6D4D45FD.pem  (+MSFT!MOZ)
C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1
            Not Before: Jan 16 17:53:32 2014 GMT
            Not After : Jan 16 17:53:32 2034 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)

DF717EAA4AD94EC9558499602D48DE5FBCF03A25.pem  (+MSFT!MOZ)
C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
            Not Before: Jan 16 18:12:23 2014 GMT
            Not After : Jan 16 18:12:23 2034 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)

------------------------------------------------------------------------------

KMD-CA.DK ceased operation as a Certificate Authority
4AD44D4D812E42232FE038764C7B0CEB466EEF96
C=DK, O=KMD, OU=KMD-CA, CN=KMD-CA Server/mail=infoca@kmd-ca.dk
            Not Before: Oct 16 19:19:21 1998 GMT
            Not After : Oct 12 19:19:21 2018 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)

B6CA215B836C35101DAF7463900A936880767AA6
C=DK, O=KMD, OU=KMD-CA, CN=KMD-CA Kvalificeret Person
            Not Before: Nov 21 23:24:59 2000 GMT
            Not After : Nov 22 23:24:59 2015 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)

21FCBD8E7F6CAF051BD1B343ECA8E76147F20F8A (!MSFT!MOZ)
C=DK, O=TDC Internet, OU=TDC Internet Root CA
            Not Before: Apr  5 16:33:17 2001 GMT
            Not After : Apr  5 17:03:17 2021 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Not Before: Apr  5 16:33:17 2001 GMT, Not After: Apr  5 17:03:17 2021 GMT

8781C25A96BDC2FB4C65064FF9390B26048A0E01 (+MSFT!MOZ)
C=DK, O=TDC, CN=TDC OCES CA
            Not Before: Feb 11 08:39:30 2003 GMT
            Not After : Feb 11 09:09:30 2037 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Not Before: Feb 11 08:39:30 2003 GMT, Not After: Feb 11 09:09:30 2037 GMT


086418E906CEE89C2353B6E27FBD9E7439F76316  (+MSFT!MOZ)
C=LV, O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790, OU=Sertifikacijas pakalpojumi, CN=VAS Latvijas Pasts SSI(RCA)
            Not Before: Sep 13 09:22:10 2006 GMT
            Not After : Sep 13 09:27:57 2024 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)


CBA1C5F8B0E35EB8B94512D3F934A2E90610D336
C=CO, O=Sociedad Cameral de Certificaci\xC3\xB3n Digital - Certic\xC3\xA1mara S.A., CN=AC Ra\xC3\xADz Certic\xC3\xA1mara S.A.
            Not Before: Nov 27 20:46:29 2006 GMT
            Not After : Apr  2 21:42:02 2030 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)


Removed because it was replaced by
564B6F8C5638DC055BBA2BA1390F7E31954A5550  (!MSFT-MOZ)
C=CH, O=SwissSign, CN=SwissSign CA (RSA IK May 6 1999 18:00:58)/emailAddress=ca@SwissSign.com
            Not Before: Nov 26 23:27:41 2000 GMT
            Not After : Nov 26 23:27:41 2031 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)

Removed because they expired
5F4E1FCF31B7913B850B54F6E5FF501A2B6FC6CF
C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 3
            Not Before: Nov 19 06:39:51 2004 GMT
            Not After : Nov 19 06:39:51 2014 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)

Removed because they are 1024bit (too weak)
209900B63D955728140CD13622D8C687A4EB0085
C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com
            Not Before: Jan  1 00:00:00 1996 GMT
            Not After : Dec 31 23:59:59 2020 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)

23E594945195F2414803B4D564D2A3A3F5D88B8C
C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
            Not Before: Aug  1 00:00:00 1996 GMT
            Not After : Dec 31 23:59:59 2020 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)

627F8D7827656399D27D7F9044C9FEB3F33EFA9A
C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
            Not Before: Aug  1 00:00:00 1996 GMT
            Not After : Dec 31 23:59:59 2020 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)

7E784A101C8265CC2DE1F16D47B440CAD90A1945
C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
            Not Before: Jun 21 04:00:00 1999 GMT
            Not After : Jun 21 04:00:00 2020 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)

85371CA6E550143DCE2803471BDE3A09E8F8770F
C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
            Not Before: May 18 00:00:00 1998 GMT
            Not After : Aug  1 23:59:59 2028 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)

879F4BEE05DF98583BE360D633E70D3FFE9871AF
C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Uzleti (Class B) Tanusitvanykiado
            Not Before: Feb 25 14:10:22 1999 GMT
            Not After : Feb 20 14:10:22 2019 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)

D23209AD23D314232174E40D7F9D62139786633A
C=US, O=Equifax, OU=Equifax Secure Certificate Authority
            Not Before: Aug 22 16:41:51 1998 GMT
            Not After : Aug 22 16:41:51 2018 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)

DA40188B9189A3EDEEAEDA97FE2F9DF5B7D18A41
C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
            Not Before: Jun 21 04:00:00 1999 GMT
            Not After : Jun 21 04:00:00 2020 GMT
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)