Re: [gentoo-dev] friendly reminder wrt net virtual in init scripts
Hi, Michael Orlitzky wrote: You should disable OCSP anyway. In Firefox, it's under, Edit - Preferences - Advanced - Encryption - Validation The OCSP protocol is itself is vulnerable to MITM attacks, which is cute when you consider its purpose. Moreover, it sends the address of every website you visit to a third party, which is the real reason to disable it IMO. This is going OT but I cannot leave this statement uncommented, because from my knowledge this is wrong/you are hiding important information everyone should know about: First, if you tell people they should disable OCSP you should also tell these people the consequences: When you disable OCSP in Firefox, there is *no* other way to know if a certificate was revoked or not. This is because Firefox *never* downloaded any CRLs. Furthermore, they removed the possibility to do that [1,2]. If you don't have the possibility to check a certificate for revocation, the whole trust system cannot work because there is no way to tell someone Yes, it is nice that you trust me (=you trust the CA) and I said you can trust this certificate (=the CA you trust has signed the certificate in question) but now I changed my mind (=the CA has revoked the certificate) so please don't trust this certificate anymore. Please read Would you knowingly trust an irrevocable SSL certificate? [3]. And yes, this is a *real* problem, see [7]. Yes, there is a known MITM attacks against OCSP, see [4]. But this is only possible due to bad default settings: Just change your OCSP setting to *require* a valid answer. In Firefox: Edit - Preferences - Advanced - Certificates - Validation Make sure When an OCSP server connection fails, treat the certificate as invalid is checked (or you can just set security.OCSP.require to TRUE). If you are aware about any other know attacks, please share. Regarding your privacy concerns: No, your OCSP-enabled browser won't share the address (URL) with the OCSP responder. Your browser will use the site's certificate serial number to ask the OCSP responder if the certificate is still valid. Yes, the company who is running the OCSP responder is able to log You [IP, UA...] requested status for certificates with the serial number 0x1, 0x2, 0x3 and because the OCSP responder needs some basic knowledge about the certificates it should provide answers for, the operator may know that the certificate with the serial number 0x1 has the Common Name (CN) www.mysecretsite.invalid and 0x2 was issued for www.mydarksecrets.invalid or 0x3 was for www.facebook.com, but the operator doesn't know the URL you visited. I don't say OCSP is perfect. For example an OCSP check will delay the initial SSL handshake, because your browser has to connect to the OCSP responder when it has received the certificate from the server you are connecting to. Depending on your connection and the OCSP responder, this may take some time [5]. But the CRL system doesn't work anymore (and was never working in Firefox, unless you manually added all the CRL distribution points for your CA and Sub CAs...), because VerSign and other big SSL companies are providing 20 MB CRLs. Imagine you would use your phone to visit a website using some kind of mobile connection and it would have to fetch 50+ MBs in CRLs before the website will open... Google for example decided some time ago to disable CRL checks too. They will download CRLs for you and are planing to release these centralized CRLs with normal updates. See [6]. They are improving OCSP. The next big thing is OCSP stapling [8,9] which is now supported by all major browsers and patches are available for most web servers. OCSP stapling was developed to save the extra round trip to the OCSP responder, but OCSP stapling-enabled websites will also increase your privacy, because you don't longer have to tell the OCSP responder the certificate (CN) you want to check. If you are still really concerned about what OCSP may do to your privacy, may I ask if you are also concerned about DNS servers? If not, what's the difference between an OCSP responder which you ask for a serial number, which can be resolved to a CN and a DNS server which you ask for a ... CN? :) Also, you are trusting a CA to secure your connections, but you don't trust the same CA due to privacy concerns? So please, don't just tell anybody to turn off OCSP. Tell them why you may think they should do that. But also tell them about the new risks they have to deal with so that they are able to decide on their own if they want to disable OCSP or not. PS: As long as you are trusting CAs and don't manage the trust of any certificate you are using on your own I recommend to enable OCSP in all your browsers and to treat any kind of invalid OCSP responses as a hard failure, because I want to know if I can trust the certificate used to secure my communication or not. If you don't trust any CA, we don't have to talk about things like OCSP or CRL and revocation...
Re: [gentoo-dev] friendly reminder wrt net virtual in init scripts
On Wed, Nov 06, 2013 at 08:11:52PM +0100, Thomas D. wrote: Hi, Michael Orlitzky wrote: You should disable OCSP anyway. In Firefox, it's under, Edit - Preferences - Advanced - Encryption - Validation The OCSP protocol is itself is vulnerable to MITM attacks, which is cute when you consider its purpose. Moreover, it sends the address of every website you visit to a third party, which is the real reason to disable it IMO. This is going OT but I cannot leave this statement uncommented, because from my knowledge this is wrong/you are hiding important information everyone should know about: First, if you tell people they should disable OCSP you should also tell these people the consequences: When you disable OCSP in Firefox, there is *no* other way to know if a certificate was revoked or not. This is because Firefox *never* downloaded any CRLs. Furthermore, they removed the possibility to do that [1,2]. If you don't have the possibility to check a certificate for revocation, the whole trust system cannot work because there is no way to tell someone Yes, it is nice that you trust me (=you trust the CA) and I said you can trust this certificate (=the CA you trust has signed the certificate in question) but now I changed my mind (=the CA has revoked the certificate) so please don't trust this certificate anymore. Please read Would you knowingly trust an irrevocable SSL certificate? [3]. And yes, this is a *real* problem, see [7]. Yes, there is a known MITM attacks against OCSP, see [4]. But this is only possible due to bad default settings: Just change your OCSP setting to *require* a valid answer. In Firefox: Edit - Preferences - Advanced - Certificates - Validation Make sure When an OCSP server connection fails, treat the certificate as invalid is checked (or you can just set security.OCSP.require to TRUE). If you are aware about any other know attacks, please share. Regarding your privacy concerns: No, your OCSP-enabled browser won't share the address (URL) with the OCSP responder. Your browser will use the site's certificate serial number to ask the OCSP responder if the certificate is still valid. Yes, the company who is running the OCSP responder is able to log You [IP, UA...] requested status for certificates with the serial number 0x1, 0x2, 0x3 and because the OCSP responder needs some basic knowledge about the certificates it should provide answers for, the operator may know that the certificate with the serial number 0x1 has the Common Name (CN) www.mysecretsite.invalid and 0x2 was issued for www.mydarksecrets.invalid or 0x3 was for www.facebook.com, but the operator doesn't know the URL you visited. I don't say OCSP is perfect. For example an OCSP check will delay the initial SSL handshake, because your browser has to connect to the OCSP responder when it has received the certificate from the server you are connecting to. Depending on your connection and the OCSP responder, this may take some time [5]. But the CRL system doesn't work anymore (and was never working in Firefox, unless you manually added all the CRL distribution points for your CA and Sub CAs...), because VerSign and other big SSL companies are providing 20 MB CRLs. Imagine you would use your phone to visit a website using some kind of mobile connection and it would have to fetch 50+ MBs in CRLs before the website will open... Google for example decided some time ago to disable CRL checks too. They will download CRLs for you and are planing to release these centralized CRLs with normal updates. See [6]. They are improving OCSP. The next big thing is OCSP stapling [8,9] which is now supported by all major browsers and patches are available for most web servers. OCSP stapling was developed to save the extra round trip to the OCSP responder, but OCSP stapling-enabled websites will also increase your privacy, because you don't longer have to tell the OCSP responder the certificate (CN) you want to check. If you are still really concerned about what OCSP may do to your privacy, may I ask if you are also concerned about DNS servers? If not, what's the difference between an OCSP responder which you ask for a serial number, which can be resolved to a CN and a DNS server which you ask for a ... CN? :) Also, you are trusting a CA to secure your connections, but you don't trust the same CA due to privacy concerns? So please, don't just tell anybody to turn off OCSP. Tell them why you may think they should do that. But also tell them about the new risks they have to deal with so that they are able to decide on their own if they want to disable OCSP or not. PS: As long as you are trusting CAs and don't manage the trust of any certificate you are using on your own I recommend to enable OCSP in all your browsers and to treat any kind of invalid OCSP responses as a hard failure, because I want to know if I
Re: [gentoo-dev] friendly reminder wrt net virtual in init scripts
Hi, mingdao wrote: Now, if any one of us turned off OCSP as Michael suggested, what should one do after turning it back on? Could there now be certificates trusted there which should not be? Well, only your current browser session can be affected. For Firefox: History - Clear Recent History - Details In the dialog, just check Active logins and click Clear Now. This should clear any existing SSL state cache. For Chrome it is a bit harder, because Chrome doesn't offer such an option AFAIK (see [1]). Also, it depends on the SSL backend you are using. PS: To enable OCSP in Chrome, go to chrome://settings/advanced Security Manage Certificates... Check for server certificate revocation It is disabled by default, due to performance concerns :( See also: = [1] http://code.google.com/p/chromium/issues/detail?id=90454 -- Regards, Thomas signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] friendly reminder wrt net virtual in init scripts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/06/2013 02:11 PM, Thomas D. wrote: This is going OT but I cannot leave this statement uncommented, because from my knowledge this is wrong/you are hiding important information everyone should know about: I figure everyone here is smart enough to google OCSP before unchecking the box. This isn't the place to argue that the CA system is broken, but I will respond to a few points. Yes, there is a known MITM attacks against OCSP, see [4]. But this is only possible due to bad default settings: Just change your OCSP setting to *require* a valid answer. In Firefox: ... If you are aware about any other know attacks, please share. Replay attacks, mentioned in the RFC (or Google). These could be mitigated, but no one has bothered. Regarding your privacy concerns: No, your OCSP-enabled browser won't share the address (URL) with the OCSP responder. Your browser will use the site's certificate serial number to ask the OCSP responder if the certificate is still valid. Yes, the company who is running the OCSP responder is able to log You [IP, UA...] requested status for certificates with the serial number 0x1, 0x2, 0x3 and because the OCSP responder needs some basic knowledge about the certificates it should provide answers for, the operator may know that the certificate with the serial number 0x1 has the Common Name (CN) www.mysecretsite.invalid and 0x2 was issued for www.mydarksecrets.invalid or 0x3 was for www.facebook.com, but the operator doesn't know the URL you visited. This is a long way of saying it sends the address of every website you visit to a third party. They are improving OCSP. The next big thing is OCSP stapling [8,9] which is now supported by all major browsers and patches are available for most web servers. OCSP stapling was developed to save the extra round trip to the OCSP responder, but OCSP stapling-enabled websites will also increase your privacy, because you don't longer have to tell the OCSP responder the certificate (CN) you want to check. That's cool, but it doesn't exist now and won't for years. And as a visitor you have no way of knowing whether the server supports it (== your privacy will be kept). If you are still really concerned about what OCSP may do to your privacy, may I ask if you are also concerned about DNS servers? If not, what's the difference between an OCSP responder which you ask for a serial number, which can be resolved to a CN and a DNS server which you ask for a ... CN? :) Only two DNS servers are involved; mine and those of the domain I'm visiting. Also, you are trusting a CA to secure your connections, but you don't trust the same CA due to privacy concerns? You're conflating two things here. I trust AES to keep my connection safe. I don't send my data to the CA. If you don't trust any CA, we don't have to talk about things like OCSP or CRL and revocation... Well there we agree. Why would you trust the CAs? You don't know them personally and you aren't their customer. Do you trust the governments of the USA and China? (Hint: you shouldn't.) If the answer is no, then you don't trust the CA system. So whether or not you trust them to revoke that authentication is a moot point. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) iQIcBAEBAgAGBQJSeuYkAAoJEBxJck0inpOigpUP/3AqhOXf3D5nPzHZumJw9iv6 /9eXu2MMgoZTdwILAc0GnlSwnstTgaI/WZYFHRsU24DQsCQxCMr8VnJnirRNv0Zz EB+fu3i991e85BloxaZaC3nDcJ5cDB3WjEOfUi4adHVEaY71eAKlwge2P9jG2t9B 60HslYxK9pBhmCzqfpxViunSZV36w4mGOSB9X8ajagkklW4BGzP508czzX0KU/HH zBxhRxowuLKzIKQZ0R996bEk7b0STadNbTllSyF4850Iftm9Aj+smYHXmbO5wT1I lYWJGP11bAZfbObstG+ZepST98FxsZGke80LicydNIvZ13tnqYLYERYdxb9GVMB/ /hO4wi53ltvEtb6/7uy/ec3jg5x8V3e6ZidHu/4ObToYZF4gzsNZ8agLazFEHA54 Xpk3+nh8ypJPBdBiJZuuYQckUFwXzTpEXqpfb5X6c38F6pOxNElexuAa57coIqoy M8ZsMoTr3oCYsRC5lRFmb6uv9WZZDi6iRSTh5z78fzxc3/ynF7SYmJIQEIKzZDnn FxEAjjhLrJtFCkfFWd1GaIJjrwLjcX+laMJrx6zqkjG3BvQRGTvO2md5m7WoX0v9 0MmxfMsjkQpDV7e/w4gxNG6aZzf1kvBZXPhdFuLJM1NEbD40xoJC90E+y9LsENbV ++m0ObSQf+JfCMcqH0BS =PbZR -END PGP SIGNATURE-
Re: [gentoo-dev] friendly reminder wrt net virtual in init scripts
Hi, Michael Orlitzky wrote: If you are aware about any other know attacks, please share. Replay attacks, mentioned in the RFC (or Google). These could be mitigated, but no one has bothered. The OCSP response is signed. The signature contains a time stamp. If your clock is right, replay attacks are only possible for the expected lifespan of the response. But because it is expected that an OCSP response is valid for x hours, it is not a real problem. But sadly there are some CA which are serving pre-generated OCSP responses which are valid for 7 days (like their CRLs). 7 days can be very long... :( This is a long way of saying it sends the address of every website you visit to a third party. See Alex's reply. I wanted to make it clear to everyone, that the address isn't the full URL. If you are still really concerned about what OCSP may do to your privacy, may I ask if you are also concerned about DNS servers? If not, what's the difference between an OCSP responder which you ask for a serial number, which can be resolved to a CN and a DNS server which you ask for a ... CN? :) Only two DNS servers are involved; mine and those of the domain I'm visiting. Again, please see Alex's reply. Also, if you are using your *own* DNS server, you are *special*. But most people will use the DNS server from their ISP. And I wasn't talking about *special* people who are able to run everything in their own trusted environment. Also, you are trusting a CA to secure your connections, but you don't trust the same CA due to privacy concerns? You're conflating two things here. I trust AES to keep my connection safe. I don't send my data to the CA. CAs not only issue certificates. They should also make sure that they only issue secure certificates: - Require a secure signing algorithm - Require a secure key size You could use the best algorithm available. But if the certificate's private key is shared with others, others are able to decrypt the captured secure traffic. The CAB forum for example says that no CA is allowed to create the key used for any issued customer certificate. So when you are using a pre-populated list of trusted CAs you are also expecting that these CAs are doing their jobs right. IF you don't do that, you shouldn't use them. If you don't trust any CA, we don't have to talk about things like OCSP or CRL and revocation... Well there we agree. Why would you trust the CAs? You don't know them personally and you aren't their customer. Do you trust the governments of the USA and China? (Hint: you shouldn't.) If the answer is no, then you don't trust the CA system. So whether or not you trust them to revoke that authentication is a moot point. Well, that's another discussion. As said before, we don't have to talk about these things if you don't trust a system called Web of trust :) But because most people live in this (broken) system (this is reality!), do you still think telling them they should disable OCSP, which will actually disable an important feature (again, without OCSP you are unable to check a certificate for revocation in Firefox) and make them vulnerable to a new threat is a good thing? -- Regards, Thomas signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] friendly reminder wrt net virtual in init scripts
On Mon, Nov 04, 2013 at 09:30:07PM -0600, William Hubbs wrote: All, I would like to remind everyone about the tracker for services that are misusing need net in their OpenRC init scripts [1]. need net should be removed from our init scripts, because it is bogus and breaks things. I also question the value of use net, because the same thinking applies, e.g. the net virtual really doesn't have a strong meaning of any kind. For more details, see the tracker and flameeyes' blog post. Thanks, William [1] https://bugs.gentoo.org/show_bug.cgi?id=439092 In that bug I read: Flameeyes wrote the following blog post concerning this issue: http://blog.flameeyes.eu/2012/10/may-i-have-a-network-connection-please and the link gives me a (Error code: sec_error_ocsp_unknown_cert). -- Happy Penguin Computers ') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ supp...@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
Re: [gentoo-dev] friendly reminder wrt net virtual in init scripts
On Tue, 5 Nov 2013 08:49:15 -0600 mingdao gentoo-...@happypenguincomputers.com wrote: and the link gives me a (Error code: sec_error_ocsp_unknown_cert). The certificate expired; I guess it'll be fixed soon, as he gets back. -- With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : tom...@gentoo.org GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D signature.asc Description: PGP signature
Re: [gentoo-dev] friendly reminder wrt net virtual in init scripts
On 11/05/2013 09:49 AM, mingdao wrote: Flameeyes wrote the following blog post concerning this issue: http://blog.flameeyes.eu/2012/10/may-i-have-a-network-connection-please and the link gives me a (Error code: sec_error_ocsp_unknown_cert). You should disable OCSP anyway. In Firefox, it's under, Edit - Preferences - Advanced - Encryption - Validation The OCSP protocol is itself is vulnerable to MITM attacks, which is cute when you consider its purpose. Moreover, it sends the address of every website you visit to a third party, which is the real reason to disable it IMO.
Re: [gentoo-dev] friendly reminder wrt net virtual in init scripts
On Tue, Nov 05, 2013 at 11:39:10AM -0500, Michael Orlitzky wrote: You should disable OCSP anyway. In Firefox, it's under, Edit - Preferences - Advanced - Encryption - Validation The OCSP protocol is itself is vulnerable to MITM attacks, which is cute when you consider its purpose. Moreover, it sends the address of every website you visit to a third party, which is the real reason to disable it IMO. Thanks for the information, Michael. My Firefox had a slightly different $PATH as shown in the attached screenshot. Edit - Preferences - Advanced - Certificates - Validation www-client/firefox-24.1.0-r1 (didn't do the upgrade to www-client/firefox-25.0-r1 today due to unstable libpng-1.6.6 being pulled with the new subslot philosophy) -- Happy Penguin Computers ') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ supp...@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
Re: [gentoo-dev] friendly reminder wrt net virtual in init scripts
On 11/05/2013 10:39 AM, Michael Orlitzky wrote: On 11/05/2013 09:49 AM, mingdao wrote: Flameeyes wrote the following blog post concerning this issue: http://blog.flameeyes.eu/2012/10/may-i-have-a-network-connection-please and the link gives me a (Error code: sec_error_ocsp_unknown_cert). You should disable OCSP anyway. In Firefox, it's under, Edit - Preferences - Advanced - Encryption - Validation The OCSP protocol is itself is vulnerable to MITM attacks, which is cute when you consider its purpose. Moreover, it sends the address of every website you visit to a third party, which is the real reason to disable it IMO. Thanks for pointing this out! I'm a privacy-minded kind of guy and didn't think to look there for possible violations. Do you know of any other tips for locking down Firefox from prying eyes? I already use NoScript and RequestPolicy, clean non-whitelisted cookies, and disabled web forgery reporting in Preferences.
[gentoo-dev] friendly reminder wrt net virtual in init scripts
All, I would like to remind everyone about the tracker for services that are misusing need net in their OpenRC init scripts [1]. need net should be removed from our init scripts, because it is bogus and breaks things. I also question the value of use net, because the same thinking applies, e.g. the net virtual really doesn't have a strong meaning of any kind. For more details, see the tracker and flameeyes' blog post. Thanks, William [1] https://bugs.gentoo.org/show_bug.cgi?id=439092 signature.asc Description: Digital signature