Hacker News new | ask | show | jobs
by f0rgot 1105 days ago
Thank you for sharing your knowledge here.

A few questions:

If applying the algorithm to (1) produced (3), what produced (2)?

How can "no duplicate serial numbers" be enforced by any browser without having a store of all certificates? Is it simply a best-effort? Will the browser have a mapping from <serial number> to <certificate>, and whenever it sees a certificate, it will check this map to see if it has seen that serial number on a separate certificate?
2 comments
agwa 1105 days ago
> If applying the algorithm to (1) produced (3), what produced (2)?

I believe the root of the problem is that Let's Encrypt is creating certificates and precertificates independently, instead of creating a precertificate and then applying the algorithm to create the corresponding certificate. Since their processes for certificates and precertificates got out-of-sync, they ended up producing (2) instead of (3).

> How can "no duplicate serial numbers" be enforced by any browser without having a store of all certificates?

Browser software doesn't enforce this. It can only be enforced by scanning Certificate Transparency logs looking for violations.

link
tialaramex 1105 days ago
Indeed, although the de jure requirement in the policy isn't actually important per se, the only practical way to obey the policy is to do the thing we want you to do, so that's what you'll actually do, but the way the policy is phrased makes enforcement practical.

This is different from a "Brown M&M" policy where the purpose of the policy is to easily check that you are actually reading and obeying the policy document. Here the policy is worded in a way that doesn't directly achieve what we want, but is measurable, whereas what we want isn't, but the only practical way to achieve policy compliance is to do what we wanted anyway.

link
mcpherrinm 1101 days ago
Firefox does incidentally error if it sees duplicate serial numbers from the same issuer, though it wouldn't detect this case since the browser won't see precertificates in a TLS handshake.

https://support.mozilla.org/en-US/kb/Certificate-contains-th...

I don't think this is intended to be a security feature, but simply an error from the depths of NSS where some code uses (issuer, serial) as a unique index.

link
johncolanduoni 1105 days ago
Requiring Certificate Transparency in the browser doesn’t directly prevent this, but (as in this instance) it ensures there is public data anyone can check to see if this situation has occurred.
link