In your rush to judgment you arrived at the wrong conclusions, Ryan. No problem, though, as I'll recap my points in a bit. But first: The cert in question has as its root the utn-userfirst-hardware certificate. That appears to be a 2048-bit cert. If the wildcard cert should not have been issued directly under the 2048-bit root should we ask the folks at UTN (Comodo?) to explain what happened here? Are there any controls which are missing? Just curious how other people feel about this. The broader purpose behind my previous email was to raise awareness within the forum for how certain risks and vulnerabilities get combined to attack the Internet populace. I don't think it hurts to share different perspectives. The salient points I hoped to get across: * The inability to revoke endpoint certs is a major hole in Internet security. In the case of wildcard certs the hole is that much larger because of the damage that can be done when they get compromised. Also, having the same cert installed on multiple servers increases the risk. * When an admin account is compromised a lot of things can go south, especially if the account has access to DNS, server configs, private keys. If the account credentials can be used in some way to issue new certs, that can be a concern. * The scenario described is functionally similar to the NSA program QUANTUMINSERT. If you don't have the funding nor equipment of a nation state to back you up you might try this. For those who are interested I would encourage you to read up on network injection as this style of attack goes well beyond simple MITM. For starters here's a good article, though Wired and The Intercept (and others) have good stuff too. https://citizenlab.org/2014/08/cat-video-and-the-death-of-clear-text/ I hope this perspective is helpful to people. I would like to know how anyone feels about the cert issue, too.
This doesn't add any useful data to the debate, nor is it accurate. Your original complaint is about a certificate with no intermediate. This is permitted (pre-BR), and not (post-BR). Your examples of "doom" that would be caused by this cert apply to all wildcard certs. If you wish to complain about wildcard certs, you're certainly entitled to, but it's entirely orthogonal. | ||
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
