On Mon, Jan 15, 2018 at 2:30 PM, Ryan Sleevi via dev-security-policy < [email protected]> wrote:
> On Mon, Jan 15, 2018 at 1:18 PM, Doug Beattie <[email protected] > > > wrote: > > > > > - The potential risk in maintaining this whitelist, given both the > > statements provided by plans to move to deprecate this method post-haste > > (e.g. no such plans) and the validity period of issued certificates (up > to > > 39 months or, soon, 825 days). > > > > Since LE can continue to renew certificates issued under this method > prior > > to this change, doesn’t that effectively allow longer effective validity > > periods? I recognize there is a difference between renewing and long > > validity certs, but allowing renewal of certs issued under the flawed > > method seems to reduce value of your argument here. > > > > No, it doesn't, because in the event of misissuance, the attacker's ability > is not the full duration (or 5 months, as you suggest), but bounded by the > lifetime of the certificate. These are fundamentally different risks - and > that's why the validity period of the certificate itself is far more > important than the reuse period of the information. A victim can contact an > ACME using CA to invalidate the information, thus preventing renewal, and > the attacker is still bound to the lifetime of the existing certificate. > > Compare this with a certificate issued by 1-3 years by GlobalSign, in which > even if a victim contacts GlobalSign, the most that GlobalSign can do is to > revoke that certificate, which is ineffective at scale. This permits the > attacker a far greater 'attack' window, even though GS might have revoked > it, and is a key and fundamental difference. > I think this may be the key difference of perspective. GlobalSign might view revocation as an effective attack mitigation for a victim, but I don't think (and obviously Chrome doesn't think, given their lack of support for revocation in the common case) that is likely to be effective. If I were a victim, I would contact the ACME-using CA to invalidate the reuse of domain validation information for those hostnames, which would be a reliable technical control. I would also request revocation as a best-effort thing, but I would not feel comfortable with the level of risk I was experiencing (given the lack of effective revocation support in not just Chrome, but also reams of other HTTP clients) until the expiration date of the certificate had past. That said, GlobalSign's offer to cut certificate lifetimes down to X months during the short-term, and to make sure OneClick is disabled within Y months from now, seems like a reasonable compromise that doesn't undercut the incentive for GlobalSign or their customers to rapidly transition to more secure methods. It seems like there should be a value of X and Y that are acceptable. -- Eric -- konklone.com | @konklone <https://twitter.com/konklone> _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
