Thorsten Glaser skrev 2014-04-10 17:48: > Pontus Engblom | DigiSSL AB dixit: > >> Now they do not charge the certificate in anyway for revocation, it's >> merely a handling fee, i.e the guys that work there need to get paid >> to do their job. > > I do not disagree with people needing to get their money. > I’d happily pay 5 € for certificates, and possibly a handling > fee for a revocation “on my whim”, but not acting in the face > of a security breach like this one is inacceptable (and, as > Rob Stradling pointed out, a violation of their obligations). > Yes, I can agree the timing of this is bad, but a company have its policies to follow, if they have a fee for revocation it's quite hard to step away from it. Now when we know the extent of this bug we can just wait and see what happends, but as you mention further down, the best way would be to either reboot the system or either do something and try to implement a new system.
>> I can agree that some certificates _MIGHT_ be compromised and need > > No. We must assume that all private keys ever used in vulnerable > systems have been compromised; there is evidence that this has > been exploited as early as November 2013. > I do agree with you that its been around for a while and that we should treat every system compromised that had thoose vulnerabilities. But I know plenty of people that just upgraded their OpenSSL and restarted apache and think their good. Also alot of thoose systems are extremely lowlevel traffic or no traffic domains either. I'm just pointing out that if all CAs were to remove ALL suspected compromised certs (which would require alot of time and effort to track down all systems that the admin doesnt know about this), there would be no Class 1 certificates left untouched, every single Class 1 cert should in that case be revocated. And this can cause a bit of a problem on alot of websites. >> revocation, but as StartSSL stated earlier, if you got no intention of >> paying $24.90 you could also create a _NEW_ certificate with a >> different subdomain and replace yours, that would cost you.. nothing? > > This would help absolutely nobody because the attacker *still* > can use the private key (which they stole from you) and the > StartCom-signed certificate (which they get during the handshake > anyway) to do an MITM attack on your visitors, with StartCom > saying that the MITM attacker is “the genuine thing”. > > The only option is, for example, if you have www.foo.org as > StartCom certificate, to remove A and AAAA records for both > www.foo.org. and foo.org. from the DNS, and get a certificate > for www2.foo.org – good luck getting any traffic there. And > even then, an attacker can just redirect their target’s DNS, > making the attack once again successful. > > No, no matter what, those StartCom/StartSSL-issued certificates > *must* be revoked, or StartCom/StartSSL *must* be removed from > the trusted root store, no later than this Friday. > This assumes that the domain has been targeted yes and that a evil person would want to harm users using that domain yes. If we go in an event like this, it's not actually the CAs fault, neither the system administrators fault, this was a bug. Who should we really blame? If we are to blame the CA for not revocating, why aren't there a proposal for a explicit policy that forces CAs to remove certs that users ask for, but it's up to the CA to then either charge the client for a new certificate or not do business with that client. I am not really sure about this, but I never said that I support not revocating, all I say is that this is one way for StartSSL to actually earn some income. Which I must say can not be easy when everyone just want the stuff for free and not pay at all for security. >> But I can not for the life of me see why we can't pay $24.90, they >> have given us a service for free and now when we need to do something >> we think its wrong of them to charge us? Compare it to the real world, > > It’s an obligation. CAs have an oligopoly and as such, they have > certain social responsibilities, for the good of the SSL ecosy- > stem as a whole. > Yes, they have no obligation to give us free certificates either. They could start charging us like any other CA, that would just end up in lots of unsecured domains. Most people that holds a Class 1 I doubt would want to pay for SSL, at the current price ranges, but what do I know. >> have been compromised but theres a possibility, in this case there is >> no way to get reasonable evidence of a subscriber loosing its private >> key. And to suspect every cert has been compromised well, then all CAs >> would need to make a huge CRL and pretty much revoke any certificate > > Yes. (It would probably be easier to reboot the system…) But for all > we know, they need to act. > > (Note that I am currently running a StartCom certificate that was > never compromised (due to only using OpenSSL 0.x) on one system, > a compromised one (which they refuse to revoke) on another system, > and a healthy mix of GoDaddy-rekeyed ones on most other systems.) > I am not defending any actions by anyone here, I just pointed out that this is a business model of StartSSL to survive as a company. What if they would go bankrupt for not getting any income at all? Then what? Now I do think they got their revenue stream under control but, a company cost, servers cost, facilities cost, audits cost. Somewhere you need to get that money, now this is a ill place I agree but hopefully Mozilla and StartCom could come to a meeting point in this matter. >>> If the servers in your SSL environment do not use OpenSSL, if your >> servers >>> use OpenSSL 1.0.0 or earlier, if your servers do not use OpenSSL >>> 1.0.2-beta1, or if your servers are compiled without the heartbeat >> extension >>> enabled, then your environment is not vulnerable to the Heartbleed >>> Bug attack. > > Right, there’s still two years of certificates, and a stable release > of Debian, two releases of OpenBSD, and other OSes, to cover. Since > responsible admins would contact StartCom and ask for rekey/revoke > Right Now™ (or after getting back from vacation, i.e. this month, > probably), it would not be bad for them to waive their fees this > month to people citing this vulnerability. Just revoking *every* > certificate is probably a bit too much. > > The important thing is to do that *right now*, and issue a statement > that they accept their responsibility for the ecosystem and will > waive fees for everyone affected. (I fully understand they will > want handling fees for “at-will” revocals normally. But this is > an exceptional situation!) > I have to agree to that, but normally a Class 1 certificate has a lifespan of 1 year, which means that StartSSL should have a year of certificates to revoke, this can brake alot of websites. >> cost. IMHO this removing of StartCom is just bogus. Maybe that Mozilla > > Are you speaking for DigiSSL AB here, or just privately? > > bye, > //mirabilos > I am speaking for myself. The DigiSSL isn't anything active or current, its just a domain I use for mailing but no business from. -- Sincerely, *Pontus Engblom* [email protected] <mailto:[email protected]> _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
