On Sat, Sep 03, 2016 at 01:45:48AM +0200, Patrick Figel wrote: > On 03/09/16 01:15, Matt Palmer wrote: > > On Fri, Sep 02, 2016 at 03:48:13PM -0700, John Nagle wrote: > >> On 09/02/2016 01:04 PM, Patrick Figel wrote: > >>> On 02/09/16 21:14, John Nagle wrote: > >>>> 2. For certs under this root cert, always check CA's > >>>> certificate transparency server. Fail if not found. > >>> > >>> To my knowledge, CT does not have any kind of online check > >>> mechanism. SCTs can be embedded in the certificate (at the time > >>> of issuance), delivered as part of the TLS handshake or via OCSP > >>> stapling. > >> > >> You're supposed to be able to check if a cert is known by querying > >> an OCSP responder. OCSP stapling is just a faster way to do > >> that. > > > > OCSP stapling is also a *privacy preserving* way to do that (also > > more reliable, in addition to faster). I'm not sure that essentially > > snooping (or at least having the ability to snoop) on the browsing > > habits of users who happen to connect to a website that uses the > > certificate of a poorly-trusted CA better serves the user community > > than just pulling the root. I guess at least we're not training > > users to ignore security warnings this way, and since if Mozilla is > > running the OCSP responder (or similar) you're already trusting > > Mozilla not to snoop on your browsing... > > In addition to these concerns, (and assuming Mozilla would even be > willing to go down that route), I'm not sure how reliable a > Mozilla-operated OCSP responder would be given that the majority of > users who visit sites that use WoSign are probably behind the GFW. > > If the answer is somewhere between "unreliable" and "extremely slow", > you might just as well pull the root (just for the sake of this > argument), which would mostly inconvenience site operators (as opposed > to every single Firefox user).
Ryan's earlier treatise against just pulling the root centred around training users to ignore security warnings -- which is, let's face it, exactly what would happen. At least with an OCSP responder, users might get a degraded experience, but at least not *every* Firefox user who visits ones of 100k+ sites gets a lesson in where the "ignore cert error" button is. I suppose for a blacklisted root, Firefox could make it an unfixable error, but that just trains people to go find a different browser -- so unless there's a concerted agreement between browsers (an ugly thing from a legal perspective, at least) to do this together, it's unlikely to be palatable. - Matt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
