| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Oct 2013 02:11:35 -0400
From: Jason Hellenthal <jhellenthal@...aix.net>
To: "noloader@...il.com" <noloader@...il.com>
Cc: FunSec List <funsec@...uxbox.org>,
Full Disclosure List <full-disclosure@...ts.grok.org.uk>,
BugTraq <bugtraq@...urityfocus.com>
Subject: Re: iOS: List of available trusted root
certificates
You can't install your own certificate chain ? "Profiles" respectively . . . that take place over the relevance of the already in place trust store certs ?
On Sep 30, 2013, at 18:06, Jeffrey Walton <noloader@...il.com> wrote:
From "iOS: List of available trusted root certificates",
http://support.apple.com/kb/HT5012.
There's no reason to allow some of this to occur in 2013. As a
proxy-relying-party, Apple is responsible for this stuff because users
are not allowed to make the decisions or modify the Trust Store.
For reference:
Peter Gutmann, Engineering Security,
www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf
Baseline Certificate Requirements:
https://www.cabforum.org/Baseline_Requirements_V1_1_6.pdf
Extended Validation Certificate Requirements:
https://www.cabforum.org/Guidelines_v1_4_3.pdf
Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c)
1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4
Public Primary Certification Authority - G3
Serial Number: ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
Missing Critical Basic Constraint and CA=TRUE
Subject: C=DK, O=TDC Internet, OU=TDC Internet Root CA
Serial Number: 986490188 (0x3acca54c)
Missing Critical Basic Constraint
Subject: CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet
Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1, C=TR, L=ANKARA, O=(c) 2005
T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim
G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
Serial Number: 1 (0x1)
Missing Critical Basic Constraint
Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref.
(limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure
Server Certification Authority
Serial Number: 927650371 (0x374ad243)
Missing Critical Basic Constraint
Subject: C=CN, O=UniTrust, CN=UCA Root
Serial Number: 9 (0x9)
Missing Critical Basic Constraint
Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
Certification Authority
Serial Number: 70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Missing Critical Basic Constraint and CA=TRUE
Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
Certification Authority
Serial Number: 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Missing Critical Basic Constraint and CA=TRUE
Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert
Class 2 Policy Validation Authority,
CN=http://www.valicert.com//emailAddress=info@valicert.com
Serial Number: 1 (0x1)
Missing Critical Basic Constraint and CA=TRUE
Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For
authorized use only, OU=VeriSign Trust Network
Serial Number: 7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
Missing Critical Basic Constraint and CA=TRUE
Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary
Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For
authorized use only, OU=VeriSign Trust Network
Serial Number: 32:88:8e:9a:d2:f5:eb:13:47:f8:7f:c4:20:37:25:f8
Missing Critical Basic Constraint and CA=TRUE
Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
CN=StartCom Certification Authority
Serial Number: 1 (0x1)
Missing Critical Basic Constraint
Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert
Class 1 Policy Validation Authority,
CN=http://www.valicert.com//emailAddress=info@valicert.com
Serial Number: 1 (0x1)
Missing Critical Basic Constraint and CA=TRUE
Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary
Certification Authority
Serial Number: cd:ba:7f:56:f0:df:e4:bc:54:fe:22:ac:b3:72:aa:55
Missing Critical Basic Constraint and CA=TRUE
Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary
Certification Authority
Serial Number: 3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd
Missing Critical Basic Constraint and CA=TRUE
Subject: C=CN, O=UniTrust, CN=UCA Global Root
Serial Number: 8 (0x8)
Missing Critical Basic Constraint
Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c)
1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2
Public Primary Certification Authority - G3
Serial Number: 61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
Missing Critical Basic Constraint and CA=TRUE
Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD CLASS 3 Root CA
Serial Number: 4 (0x4)
Missing Critical Basic Constraint
Subject: C=KR, O=KISA, OU=Korea Certification Authority Central,
CN=KISA RootCA 3
Serial Number: 2 (0x2)
Missing Critical Basic Constraint and CA=TRUE
Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary
Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For
authorized use only, OU=VeriSign Trust Network
Serial Number: b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
Missing Critical Basic Constraint and CA=TRUE
Subject: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root
Certification Authority
Serial Number: 15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d
Missing Critical Basic Constraint
Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc.,
CN=GTE CyberTrust Global Root
Serial Number: 421 (0x1a5)
Missing Critical Basic Constraint and CA=TRUE
Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2
Certification Authority
Serial Number: 0 (0x0)
Missing Critical Basic Constraint
Subject: C=US, O=Equifax Secure, OU=Equifax Secure eBusiness CA-2
Serial Number: 930140085 (0x3770cfb5)
Missing Critical Basic Constraint
Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert
Class 3 Policy Validation Authority,
CN=http://www.valicert.com//emailAddress=info@valicert.com
Serial Number: 1 (0x1)
Missing Critical Basic Constraint
Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c)
1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1
Public Primary Certification Authority - G3
Serial Number: 8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
Missing Critical Basic Constraint
Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary
Certification Authority
Serial Number: 2d:1b:fc:4a:17:8d:a3:91:eb:e7:ff:f5:8b:45:be:0b
Missing Critical Basic Constraint and CA=TRUE
Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c)
1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3
Public Primary Certification Authority - G3
Serial Number: 9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
Missing Critical Basic Constraint and CA=TRUE
Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2
Certification Authority
Serial Number: 0 (0x0)
Missing Critical Basic Constraint
Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref.
(limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net
Certification Authority (2048)
Serial Number: 946059622 (0x3863b966)
Missing Critical Basic Constraint and CA=TRUE
Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
Serial Number: 10000010 (0x98968a)
Missing Critical Basic Constraint
Subject: C=JP, O=Japanese Government, OU=MPHPT, OU=MPHPT Certification Authority
Serial Number: 0 (0x0)
Missing Critical Basic Constraint
Subject: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center,
CN=Deutsche Telekom Root CA 2
Serial Number: 38 (0x26)
Missing Critical Basic Constraint
Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Serial Number: 903804111 (0x35def4cf)
Missing Critical Basic Constraint
Subject: C=CH, O=SwissSign, CN=SwissSign CA (RSA IK May 6 1999
18:00:58)/emailAddress=ca@...ssSign.com
Serial Number: 437062991678488050 (0x610c279ab773df2)
Missing Critical Basic Constraint
Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary
Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For
authorized use only, OU=VeriSign Trust Network
Serial Number: 4c:c7:ea:aa:98:3e:71:d3:93:10:f8:3d:3a:89:91:92
Missing Critical Basic Constraint and CA=TRUE
Subject: C=FR, O=Certplus, CN=Class 2 Primary CA
Serial Number: 85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
Missing Critical Basic Constraint
Download attachment "smime.p7s" of type "application/pkcs7-signature" (6118 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists