Incident i20130810.1
- Incident Number: i20130810.1
- Status: finished
- Incident Manager: name manager
- Date of incident opened: 2013-03-30
- Date of incident closed: 2013-05-09
- Incident title: Potential loss of CAcert Root Certificate credentials
History Log
2014-03-30: Incident i20130810.1 documented, initially documented in private part
- 2014-05-09: Published full incident report
- 2014-07-05: Added link to private part
1. Incident Response Team
- Internal Auditor
- Critical Sys Admins
- Access Engineers
2. Incident Description
An external party informed CAcert about statements claiming to have evidence, that CAcert has "no idea what was happening with their root certificate.", that CAcert's root certificate keys (root keys) have been stolen and are for sale on the black market.
3. Containment Actions
- Critical Sys Admins have been questioned about this claim. They could not remember any incident since 2008 since the root certificates moved from Australia to the Netherlands.
- Access Engineers have been questioned and could prove the Critical Sys Admins' statement right.
The initial Author of the post said he had no other evidence than the statement he found in a mailing list.
4. Root Causes
The statement could not be proven right, it seems to rely on another statement with no clear source. However, the auditor cannot be sure, that the root keys are not copied. What makes it unlikely that an leak happened is, that since 2008 we did not encounter any unauthorized used of the CAcert root keys.
Resolution
The internal auditor cannot see any evidence for this claim. He proposes to create and execute a project to generate new root certificates (see 8.) to keep a clean track record until the End of 2014.
5. Permanent Corrective Actions
No permanent corrective actions apply.
6. Verify Corrective Actions
Obsolete
7. Preventive Actions
To prevent that potentially leaked root keys can be abused, the New Roots & Escrow Project has been started in order to create new root certificates with securely kept root keys.
8. Approval & Closure
Approved by Board |
2014-04-13 in m20140413.5 |
Date closed |
2014-05-09 |