Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, 11 Sep 2011 22:01:47 EDT, Christopher Morrow said: If I have a thawte cert for valdis.com on host A and one from comodo on host B... which is the right one? You wouldn't have 2 certs for that... I'd have *one* cert for that. And if when you got to the IP address you were trying to reach, the cert didn't validate as matching the hostname, you know something fishy is up. And if you *do* have two certs for it, I'd like to talk to the bozos at Thawte and Comodo who obviously didn't check the paperwork. ;) pgp8spbP9GxtJ.pgp Description: PGP signature
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Hank and everyone, This is a very interesting problem. As it happens, some folks in the IETF have anticipated this one. For those who are interested, Paul Hoffman and Jakob Schlyter have been working within the DANE working group at the IETF to provide for a means to alleviate some of the responsibility of the browser vendors as to who gets to decide what is a valid certificate, by allowing for that burden to be shifted to the subject through the use of secure DNS. A list of hashes is published in the subject's domain indicating what are valid certificates. And so if a CA went rogue, the subject domains would be able to indicate to the browser that something is afoot. For more information, please see http://datatracker.ietf.org/wg/dane/. Eliot On 9/12/11 7:22 AM, Hank Nussbacher wrote: At 13:00 11/09/2011 -0600, Keith Medcalf wrote: Damian Menscher wrote on 2011-09-11: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. And therein is the root of the problem: Trustworthiness is assessed by what you refer to as the browser vendors. Unfortunately, there is no Trustworthiness assessment of those vendors. The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. It is nothing more than theatre and provides no actual security benefit whatsoever. Anyone believing otherwise is operating under a delusion. The problem is about lack of pen-testing and a philosphy of security. In order to run a CA, one not only has to build the infrastructure but also have constant external pen-testing and patch management in place. Whether it be Comodo or RSA or now Diginotar, unless an overwhelming philosphy of computer and network security is paradigmed into the corporate DNA, this will keep happening - and not only to CAs but to the likes of Google, Cisco, Microsoft, etc. (read - APT attacks). If 60% of your employees will plug in a USB drive they find in the parking lot, then you have failed: http://www.bloomberg.com/news/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html The problem for us as a community if to find a benchmark of which company does have a clue vs those that don't. Until then, it will just be whack-a-mole/CA. -Hank --- Keith Medcalf () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
Mike, On Sun, Sep 11, 2011 at 8:44 PM, Mike Jones m...@mikejones.in wrote: It will take a while to get updated browsers rolled out to enough users for it do be practical to start using DNS based self-signed certificated instead of CA-Signed certificates, so why don't any browsers have support yet? are any of them working on it? Chrome v 14 works with DNS stapled certificates, sort of a hack. ( http://www.imperialviolet.org/2011/06/16/dnssecchrome.html ) There are other proposals/ideas out there, completely different to DANE / DNSSEC, like http://perspectives-project.org/ / http://convergence.io/ . Regard, Martin
RE: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
-Original Message- From: Gregory Edigarov [mailto:g...@bestnet.kharkov.ua] I.e. instead of a set of trusted CAs there will be one distributed net of servers, that act as a cert storage? I do not see how that could help... Well, I do not even see how can one trust any certificate that is issued by commercial organization. There should be a government body to issue certificates then ;-) But Gregory is right, you cannot really trust anybody completely. Even the larger and more respectable commercial organisations will be unable to resist insert intel organisation here when they ask for dodgy certs so they can intercept something.. No, as soon as you have somebody who is not yourself in control without any third party verifiably independent oversight then you have to carefully define what you mean by trust. -- Leigh Porter __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Steinar, On Sun, Sep 11, 2011 at 8:12 PM, sth...@nethelp.no wrote: To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? I'd say we have every reason to believe that something similar *will* happen again :-( Something similar, including use of purchased (not only limited to stolen certs), is ongoing already, all of the time. (I had a fellow IRC-chat-friend report from a certain very western-allied middle eastern country that there's ISP/state-scale SSL-MITM ongoing there, for all https traffic.) The comment on starting out with an empty /etc/ssl is valid. Most of the normally included CA's you almost never run into on the wild web anyway. There were some blog postings about this last time a CA was busted. Shave off 90% of them and you have at least come a bit on the way (goal 100%). The absence of proof is *not* proof of absence, and in this particular case it's pretty safe to assume some abuse is ongoing somewhere, 24/7. Cheers, Martin
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sep 11, 2011, at 11:06 PM, Hughes, Scott GRE-MG wrote: Companies that wrap their services with generic domain names (paymybills.com and the like) have no one to blame but themselves when they are targeted by scammers and phishing schemes. Even EV certificates don't help when consumers are blinded by subsidiary companies and sister companies daily (Motorola Mobility a.k.a. Google vs. Motorola Solutions.) GE Money Bank is notorious for this… from a retail store's main page they redirect you to https://www3.onlinecreditcenter6.com. (No-EV certificate, either.) -cjp
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Except that this just shifts the burden of trust on to DNSSEC, which also necessitates a central authority of 'trust'. Unless there's an explicitly more secure way of storing DNSSEC private keys, this just moves the bullseye from CAs to DNSSEC signers. Jason On Mon, Sep 12, 2011 at 5:30 AM, Eliot Lear l...@cisco.com wrote: Hank and everyone, This is a very interesting problem. As it happens, some folks in the IETF have anticipated this one. For those who are interested, Paul Hoffman and Jakob Schlyter have been working within the DANE working group at the IETF to provide for a means to alleviate some of the responsibility of the browser vendors as to who gets to decide what is a valid certificate, by allowing for that burden to be shifted to the subject through the use of secure DNS. A list of hashes is published in the subject's domain indicating what are valid certificates. And so if a CA went rogue, the subject domains would be able to indicate to the browser that something is afoot. For more information, please see http://datatracker.ietf.org/wg/dane/. Eliot On 9/12/11 7:22 AM, Hank Nussbacher wrote: At 13:00 11/09/2011 -0600, Keith Medcalf wrote: Damian Menscher wrote on 2011-09-11: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. And therein is the root of the problem: Trustworthiness is assessed by what you refer to as the browser vendors. Unfortunately, there is no Trustworthiness assessment of those vendors. The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. It is nothing more than theatre and provides no actual security benefit whatsoever. Anyone believing otherwise is operating under a delusion. The problem is about lack of pen-testing and a philosphy of security. In order to run a CA, one not only has to build the infrastructure but also have constant external pen-testing and patch management in place. Whether it be Comodo or RSA or now Diginotar, unless an overwhelming philosphy of computer and network security is paradigmed into the corporate DNA, this will keep happening - and not only to CAs but to the likes of Google, Cisco, Microsoft, etc. (read - APT attacks). If 60% of your employees will plug in a USB drive they find in the parking lot, then you have failed: http://www.bloomberg.com/news/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html The problem for us as a community if to find a benchmark of which company does have a clue vs those that don't. Until then, it will just be whack-a-mole/CA. -Hank --- Keith Medcalf () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
But Gregory is right, you cannot really trust anybody completely. Even the larger and more respectable commercial organisations will be unable to resist insert intel organisation here when they ask for dodgy certs so they can intercept something.. No, as soon as you have somebody who is not yourself in control without any third party verifiably independent oversight then you have to carefully define what you mean by trust. i am having trouble with all this. i am supposed to only trust myself to identify citibank's web site? and what to i smoke to get that knowledge? let's get real here. with dane, i trust whoever runs dns for citibank to identify the cert for citibank. this seems much more reasonable than other approaches, though i admit to not having dived deeply into them all. randy
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
Randy Bush wrote: But Gregory is right, you cannot really trust anybody completely. Even the larger and more respectable commercial organisations will be unable to resist insert intel organisation here when they ask for dodgy certs so they can intercept something.. No, as soon as you have somebody who is not yourself in control without any third party verifiably independent oversight then you have to carefully define what you mean by trust. i am having trouble with all this. i am supposed to only trust myself to identify citibank's web site? and what to i smoke to get that knowledge? let's get real here. with dane, i trust whoever runs dns for citibank to identify the cert for citibank. this seems much more reasonable than other approaches, though i admit to not having dived deeply into them all. It seems to me that this depends a lot on how much you can tolerate single points of failure. The current de-trusting is certainly going to cause trouble for whoever used that CA, but the internet didn't roll over and die either. If the root DNS keys were compromised in an all DNS rooted world... unhappiness would ensue in great volume. Mike, poison and choices...
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
with dane, i trust whoever runs dns for citibank to identify the cert for citibank. this seems much more reasonable than other approaches, though i admit to not having dived deeply into them all. If the root DNS keys were compromised in an all DNS rooted world... unhappiness would ensue in great volume. as eliot pointed out, to defeat dane as currently written, you would have to compromise dnssec at the same time as you compromised the CA at the same time as you ran the mitm. i.e. it _adds_ dnssec assurance to CA trust. randy
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
as eliot pointed out, to defeat dane as currently written, you would have to compromise dnssec at the same time as you compromised the CA at the same time as you ran the mitm. i.e. it _adds_ dnssec assurance to CA trust. Yes, I saw that. It also drives up complexity too and makes you wonder what the added value of those cert vendors is for the money you're forking over. Especially when you consider the criticality of dns naming for everything except web site host names using tls. And how long would it be before browsers allowed self-signed-but-ok'ed-using-dnssec-protected-cert-hashes? agree
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Mon, Sep 12, 2011 at 5:09 PM, Michael Thomas m...@mtcc.com wrote: And how long would it be before browsers allowed self-signed-but-ok'ed-using-dnssec-protected-cert-hashes? As previously mentioned, Chrome = v14 already does. Regards, Martin
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Mon, Sep 12, 2011 at 4:39 AM, valdis.kletni...@vt.edu wrote: On Sun, 11 Sep 2011 22:01:47 EDT, Christopher Morrow said: If I have a thawte cert for valdis.com on host A and one from comodo on host B... which is the right one? You wouldn't have 2 certs for that... I'd have *one* cert for that. And if when you got to the IP address you were trying to reach, the cert didn't validate as matching the hostname, you know something fishy is up. And if you *do* have two certs for it, I'd like to talk to the bozos at Thawte and Comodo who obviously didn't check the paperwork. ;) this has already happened with mozilla.com, google.com, microsoft.com my point was that as a user, and as a service operator, what in today's CA world helps me know that the service operator's certificate is what my user-client sees? some 'trust' in the fact that thawte/comodo/verisign/cnnic didn't issue a cert for the service-operator's service incorrectly? I think I need a method that the service operator can use to signal to my user-client outside the certificate itself that the certificate #1234 is the 'right' one.
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
Martin Millnert wrote: On Mon, Sep 12, 2011 at 5:09 PM, Michael Thomas m...@mtcc.com wrote: And how long would it be before browsers allowed self-signed-but-ok'ed-using-dnssec-protected-cert-hashes? As previously mentioned, Chrome = v14 already does. The perils of coming in late in a thread :) Mike
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On 13/09/11 01:12, Randy Bush wrote: as eliot pointed out, to defeat dane as currently written, you would have to compromise dnssec at the same time as you compromised the CA at the same time as you ran the mitm. i.e. it _adds_ dnssec assurance to CA trust. Yes, I saw that. It also drives up complexity too and makes you wonder what the added value of those cert vendors is for the money you're forking over. Especially when you consider the criticality of dns naming for everything except web site host names using tls. And how long would it be before browsers allowed self-signed-but-ok'ed-using-dnssec-protected-cert-hashes? agree I would have thought that was a perfectly acceptable end point. The multiple CA's go away (oops), replaced with everyone being able to publish and authenticate their own certificates. The DNS has to be compromised to publish certificates, but if they've managed to do that, it doesn't matter what certificate you had in the first place. There are already public keys in the DNS for DKIM which work quite well. It lowers the cost for getting an SSL cert for your domain, but certainly not the security. Getting a cert for a domain is laughable these days. It's either too easy, or stupendously hard and ridiculous. EV certs are a joke as demonstrated by the thousands of people still getting phished since end users don't look at the address bar anyway. So long as it's encrypted and in some way secured against the domain, it's good enough isn't it?
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Mon, Sep 12, 2011 at 7:09 AM, Martin Millnert milln...@gmail.com wrote: Something similar, including use of purchased (not only limited to stolen certs), is ongoing already, all of the time. (I had a fellow IRC-chat-friend report from a certain very western-allied middle eastern country that there's ISP/state-scale SSL-MITM ongoing there, for all https traffic.) If this were true, don't you think your friend would provide an SSL cert? Damian -- Damian Menscher :: Security Reliability Engineer :: Google
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Mon, Sep 12, 2011 at 1:39 PM, Robert Bonomi bon...@mail.r-bonomi.com wrote: Date: Mon, 12 Sep 2011 11:22:11 -0400 Subject: Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates From: Christopher Morrow morrowc.li...@gmail.com I think I need a method that the service operator can use to signal to my user-client outside the certificate itself that the certificate #1234 is the 'right' one. A certificate that cdrtifies the crertificate is valid, maybe? so the DANE work does this, sort of... you sign (with dnssec) your cert fingerprint, the client does a lookup (requiring dnssec signed responses) to verify that the cert FP matches that which is in DNS. And why would you trust that any more than the origial certificate? at least in this case the domain owner (presumably the service owner in question) has signed (with their private key) the DNS content you get back. There are failure modes, but it's more in line with the service-owner/service-user level not some oddball thirdparty. Seriously, about the only way I see to ameliorate this kind of problem is for people to use self-signed certificates that are then authenticated by _multiple_ 'trust anchors'. If the end-user world raises warnings for a certificate 'authenticated' by say, less than five separate entities. then the compomise of any _single_ anchor is of pretty much 'no' value. Even better, let the user set the 'paranoia' level -- how many different 'trusted' authorities have to have authenticated the self-signed certificate before the user 'really trusts' it. this almost sounds like GPS position fixing... 'require 4 satellites in view', or something along those lines. Interesting as an idea though. -chris
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On 12 September 2011 18:39, Robert Bonomi bon...@mail.r-bonomi.com wrote: Seriously, about the only way I see to ameliorate this kind of problem is for people to use self-signed certificates that are then authenticated by _multiple_ 'trust anchors'. If the end-user world raises warnings for a certificate 'authenticated' by say, less than five separate entities. then the compomise of any _single_ anchor is of pretty much 'no' value. Even better, let the user set the 'paranoia' level -- how many different 'trusted' authorities have to have authenticated the self-signed certificate before the user 'really trusts' it. So if I want my small website to support encryption, I now have to pay 5 companies, and hope that all my users have those 5 CAs in their browser? Much better to use the existing DNS infrastructure (that all 5 of them would likely be using for their validation anyway), and not have to pay anyone anything. - Mike
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
Mike Jones m...@mikejones.in wrote: DNSSEC deployment is advanced enough now to do that automatically at the client. Sadly not quite. DNSSEC does have the potential to provide an alternative public key infrastructure, and I'm keen to see that happen. But although it works well between authoritative servers and recursive resolvers, there are a lot of shitty DNS forwardersin CPE and captive portals and so on which do not understand DNSSEC. And DNSSEC does not work unless all the forwarders and recursors that you are using support it. So DNSSEC on the client has a long way to go. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Hebrides, Southeast Bailey: Westerly 5 to 7 until later in south Hebrides, otherwise northwesterly 3 or 4, increasing 5 to 7. Rough or very rough, occasionally high in south Hebrides. Rain or showers. Good, occasionally poor.
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote: On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: I like this response; instant CA death penalty seems to put the incentives about where they need to be. I wouldn't necessarily count them dead just yet; although their legit customers must be very unhappy waking up one day to find their legitimate working SSL certs suddenly unusable So DigiNotar lost their browser trusted root CA status. That doesn't necessarily mean they will be unable to get other root CAs to cross-sign CA certificates they will make in the future, for the right price. A cross-sign with CA:TRUE is just as good as being installed in users' browser. The problem here wasn't just that DigiNotar was compromised, but that they didn't have an audit trail and attempted a coverup which resulted in real harm to users. It will be difficult to re-gain the trust they lost. Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. Damian -- Damian Menscher :: Security Reliability Engineer :: Google
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Damian Menscher wrote: The problem here wasn't just that DigiNotar was compromised, but that they didn't have an audit trail and attempted a coverup which resulted in real harm to users. It will be difficult to re-gain the trust they lost. Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. Damian I'd be interested in hearing what you have to say about the hacker's claim at: http://pastebin.com/85WV10EL d) I'm able to issue windows update, Microsoft's statement about Windows Update and that I can't issue such update is totally false! I already reversed ENTIRE windows update protocol, how it reads XMLs via SSL which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API, and... Simply I can issue updates via windows update! Thanks, --Michael
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Cameron Byrne cb.li...@gmail.com writes: Yep. The CA business is one of trust. If the CA is not trusted, they are out of business. You can rewrite that: Trust is the CA business. Trust has a price. If the CA is not trusted, the price increases. Yes, they may end up out of business because of that price jump, but you should not neglect the fact that trust is for sale here. Bjørn
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On 9/10/11 23:30 , Damian Menscher wrote: On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote: On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: I like this response; instant CA death penalty seems to put the incentives about where they need to be. I wouldn't necessarily count them dead just yet; although their legit customers must be very unhappy waking up one day to find their legitimate working SSL certs suddenly unusable So DigiNotar lost their browser trusted root CA status. That doesn't necessarily mean they will be unable to get other root CAs to cross-sign CA certificates they will make in the future, for the right price. A cross-sign with CA:TRUE is just as good as being installed in users' browser. The problem here wasn't just that DigiNotar was compromised, but that they didn't have an audit trail and attempted a coverup which resulted in real harm to users. It will be difficult to re-gain the trust they lost. Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? Damian
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? I'd say we have every reason to believe that something similar *will* happen again :-( Steinar Haug, Nethelp consulting, sth...@nethelp.no
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
2011/9/11, Joel jaeggli joe...@bogus.com: On 9/10/11 23:30 , Damian Menscher wrote: On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote: On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: I like this response; instant CA death penalty seems to put the incentives about where they need to be. I wouldn't necessarily count them dead just yet; although their legit customers must be very unhappy waking up one day to find their legitimate working SSL certs suddenly unusable So DigiNotar lost their browser trusted root CA status. That doesn't necessarily mean they will be unable to get other root CAs to cross-sign CA certificates they will make in the future, for the right price. A cross-sign with CA:TRUE is just as good as being installed in users' browser. The problem here wasn't just that DigiNotar was compromised, but that they didn't have an audit trail and attempted a coverup which resulted in real harm to users. It will be difficult to re-gain the trust they lost. Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? Damian -- Enviado do meu celular Luciano P.Gomes http://lgomes00.blogspot.com/
Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote: You can rewrite that: Trust is the CA business. Trust has a price. If the CA is not trusted, the price increases. Yes, they may end up out of business because of that price jump, but you should not neglect the fact that trust is for sale here. The CA model is fundamentally flawed in the fact that you have CAs whose sole trustworthiness is the fact that they paid for an audit (for Microsoft, lower requirements for others), they then issue intermediate certificates to other companies (many web hosts and other minor companies have them) whose sole trustworthiness is the fact that they paid for an intermediate certificate, all of those companies/organisations/people are then considered trustworthy enough to confirm the identity of my web server despite the fact that none of them have any connection at all to me or my website. There is already a chain of trust down the DNS tree, if that is compromised then my SSL is already compromised (if they control my domain, they can verify they are me and get a certificate), what happened to RFC4398 and other such proposals? EV certificates have a different status and probably still need the CA model, however with standard SSL certificates the only validation done these days is checking someone has control over the domain. DNSSEC deployment is advanced enough now to do that automatically at the client. We just need browsers to start checking for certificates in DNS when making a HTTPS connection (and if one is found do client side DNSSEC validation - I don't trust my ISPs DNS servers to validate something like that, considering they are the ones likely to be intercepting my connections in the first place!). It will take a while to get updated browsers rolled out to enough users for it do be practical to start using DNS based self-signed certificated instead of CA-Signed certificates, so why don't any browsers have support yet? are any of them working on it? - Mike
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
There's an app^W^Wa Working Group for that. http://tools.ietf.org/wg/dane/ On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote: On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote: You can rewrite that: Trust is the CA business. Trust has a price. If the CA is not trusted, the price increases. Yes, they may end up out of business because of that price jump, but you should not neglect the fact that trust is for sale here. The CA model is fundamentally flawed in the fact that you have CAs whose sole trustworthiness is the fact that they paid for an audit (for Microsoft, lower requirements for others), they then issue intermediate certificates to other companies (many web hosts and other minor companies have them) whose sole trustworthiness is the fact that they paid for an intermediate certificate, all of those companies/organisations/people are then considered trustworthy enough to confirm the identity of my web server despite the fact that none of them have any connection at all to me or my website. There is already a chain of trust down the DNS tree, if that is compromised then my SSL is already compromised (if they control my domain, they can verify they are me and get a certificate), what happened to RFC4398 and other such proposals? EV certificates have a different status and probably still need the CA model, however with standard SSL certificates the only validation done these days is checking someone has control over the domain. DNSSEC deployment is advanced enough now to do that automatically at the client. We just need browsers to start checking for certificates in DNS when making a HTTPS connection (and if one is found do client side DNSSEC validation - I don't trust my ISPs DNS servers to validate something like that, considering they are the ones likely to be intercepting my connections in the first place!). It will take a while to get updated browsers rolled out to enough users for it do be practical to start using DNS based self-signed certificated instead of CA-Signed certificates, so why don't any browsers have support yet? are any of them working on it? - Mike
RE: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Damian Menscher wrote on 2011-09-11: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. And therein is the root of the problem: Trustworthiness is assessed by what you refer to as the browser vendors. Unfortunately, there is no Trustworthiness assessment of those vendors. The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. It is nothing more than theatre and provides no actual security benefit whatsoever. Anyone believing otherwise is operating under a delusion. --- Keith Medcalf () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, 11 Sep 2011 10:19:39 PDT, Joel jaeggli said: To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? I'm sure at least one of the other 250-odd certificates from 100-ish CA's trusted by most browsers now are actually trustworthy. There is no evidence at all that the average CA is any less trustworthy than the average DNS registrar. However, this isn't as big a problem as one might think - the *only* thing that an SSL sert gives you is you reached the host your browser tried to reach. It does *not* validate the host you intended to reach, or whether you should trust this host with your data, or any of a long set of interesting security issues. And that one question - did you reach the host your browser tried to reach doesn't really mean much unless you have DNS and routing security in place as well. After all, if the IP you get for www.my-bank.com is incorrect, or the route has been hijacked, what the cert says is pretty meaningless. Considering that we seem to muddle along just fine with a DNS that doesn't really do DNSSEC yet(*), and a lot of black and grey hat registrars out there, and no real BGP security either, maybe it isn't the sky is falling scenario that a lot of people want to make it. Or maybe we should all be even more worried. ;) (*) Has anybody actually enabled only accept DNSSEC-signed A records on an end user system and left it enabled for more than a day before giving up in disgust? ;) pgpC5Xn96bOYF.pgp Description: PGP signature
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, 11 Sep 2011 13:00:09 MDT, Keith Medcalf said: The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. Not strictly true. The current system at least gives you you have reached the hostname your browser tried to reach. A self-signed cert doesn't even give you that. pgpYXYAiRvyEY.pgp Description: PGP signature
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
I'm pretty fond of the idea proposed by gpgAuth.One key to rule them all (and one password) combined with the client verifying the server.It's still in its infancy, but it works. -A (Full disclosure: I work with the creator of gpgAuth in our day jobs) On Sun, Sep 11, 2011 at 11:47, Richard Barnes richard.bar...@gmail.com wrote: There's an app^W^Wa Working Group for that. http://tools.ietf.org/wg/dane/ On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote: On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote: You can rewrite that: Trust is the CA business. Trust has a price. If the CA is not trusted, the price increases. Yes, they may end up out of business because of that price jump, but you should not neglect the fact that trust is for sale here. The CA model is fundamentally flawed in the fact that you have CAs whose sole trustworthiness is the fact that they paid for an audit (for Microsoft, lower requirements for others), they then issue intermediate certificates to other companies (many web hosts and other minor companies have them) whose sole trustworthiness is the fact that they paid for an intermediate certificate, all of those companies/organisations/people are then considered trustworthy enough to confirm the identity of my web server despite the fact that none of them have any connection at all to me or my website. There is already a chain of trust down the DNS tree, if that is compromised then my SSL is already compromised (if they control my domain, they can verify they are me and get a certificate), what happened to RFC4398 and other such proposals? EV certificates have a different status and probably still need the CA model, however with standard SSL certificates the only validation done these days is checking someone has control over the domain. DNSSEC deployment is advanced enough now to do that automatically at the client. We just need browsers to start checking for certificates in DNS when making a HTTPS connection (and if one is found do client side DNSSEC validation - I don't trust my ISPs DNS servers to validate something like that, considering they are the ones likely to be intercepting my connections in the first place!). It will take a while to get updated browsers rolled out to enough users for it do be practical to start using DNS based self-signed certificated instead of CA-Signed certificates, so why don't any browsers have support yet? are any of them working on it? - Mike
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
https://bugzilla.mozilla.org/show_bug.cgi?id=647959 --- SNIP --- This is a request to add the CA root certificate for Honest Achmed's Used Cars and Certificates. The requested information as per the CA information checklist is as follows: 1. Name Honest Achmed's Used Cars and Certificates 2. Website URL www.honestachmed.dyndns.org 3. Organizational type Individual (Achmed, and possibly his cousin Mustafa, who knows a bit about computers). 4. Primary market / customer base Absolutely anyone who'll give us money. 5. Impact to Mozilla Users Achmed's business plan is to sell a sufficiently large number of certificates as quickly as possible in order to become too big to fail (see regulatory capture), at which point most of the rest of this application will become irrelevant. --- SNIP --- On Sun, Sep 11, 2011 at 5:20 PM, Aaron C. de Bruyn aa...@heyaaron.com wrote: I'm pretty fond of the idea proposed by gpgAuth.One key to rule them all (and one password) combined with the client verifying the server.It's still in its infancy, but it works. -A (Full disclosure: I work with the creator of gpgAuth in our day jobs) On Sun, Sep 11, 2011 at 11:47, Richard Barnes richard.bar...@gmail.com wrote: There's an app^W^Wa Working Group for that. http://tools.ietf.org/wg/dane/ On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote: On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote: You can rewrite that: Trust is the CA business. Trust has a price. If the CA is not trusted, the price increases. Yes, they may end up out of business because of that price jump, but you should not neglect the fact that trust is for sale here. The CA model is fundamentally flawed in the fact that you have CAs whose sole trustworthiness is the fact that they paid for an audit (for Microsoft, lower requirements for others), they then issue intermediate certificates to other companies (many web hosts and other minor companies have them) whose sole trustworthiness is the fact that they paid for an intermediate certificate, all of those companies/organisations/people are then considered trustworthy enough to confirm the identity of my web server despite the fact that none of them have any connection at all to me or my website. There is already a chain of trust down the DNS tree, if that is compromised then my SSL is already compromised (if they control my domain, they can verify they are me and get a certificate), what happened to RFC4398 and other such proposals? EV certificates have a different status and probably still need the CA model, however with standard SSL certificates the only validation done these days is checking someone has control over the domain. DNSSEC deployment is advanced enough now to do that automatically at the client. We just need browsers to start checking for certificates in DNS when making a HTTPS connection (and if one is found do client side DNSSEC validation - I don't trust my ISPs DNS servers to validate something like that, considering they are the ones likely to be intercepting my connections in the first place!). It will take a while to get updated browsers rolled out to enough users for it do be practical to start using DNS based self-signed certificated instead of CA-Signed certificates, so why don't any browsers have support yet? are any of them working on it? - Mike -- ^[:wq^M
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sun, 11 Sep 2011 15:20:51 PDT, Aaron C. de Bruyn said: I'm pretty fond of the idea proposed by gpgAuth.One key to rule them all (and one password) combined with the client verifying the server.It's still in its infancy, but it works. Yes, but it needs to be something that either (a) Joe Sixpack never sees, or (b) Joe Sixpack actually understands. Are either of those true? pgpgCroNNWNdf.pgp Description: PGP signature
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, Sep 11, 2011 at 1:30 AM, Damian Menscher dam...@google.com wrote: On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the I am not engaging in speculation that DigiNotar plans to continue to operate, they have already stated so much. http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx VASCO does not expect that the DigiNotar security incident will have a significant impact on the company’s future revenue or business plans. So long as DigiNotar can show what they are required to show when they would request re-signing, and another CA can legitimately cross-sign their cert, following that CA's official correct certification practices; it's unlikely to lead to the signer being revoked. As far as we know, DigiNotar is not dead, it is just a really great example showing how broken TLS security model is. The trust model hard-coded into the protocol is much weaker than the cryptography. Since the browsers already approved that root CA's certification practices. Particularly not if the cross-signer is one of the larger CAs such as Thawte or Verisign --- the browser might as well remove SSL support altogether, if they will perform a revokation that renders 40% of internet web server SSL certs invalid. -- -JH
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, Sep 11, 2011 at 4:02 PM, Jimmy Hess mysi...@gmail.com wrote: On Sun, Sep 11, 2011 at 1:30 AM, Damian Menscher dam...@google.com wrote: On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the I am not engaging in speculation that DigiNotar plans to continue to operate, they have already stated so much. http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx VASCO does not expect that the DigiNotar security incident will have a significant impact on the company’s future revenue or business plans. I think you are misinterpreting that statement -- I interpret it as meaning VASCO will continue to exist, and possibly buy another root CA to continue their business plans. (They had only recently acquired DigiNotar.) Damian -- Damian Menscher :: Security Reliability Engineer :: Google
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
In message 146102.1315769...@turing-police.cc.vt.edu, valdis.kletni...@vt.edu writes: (*) Has anybody actually enabled only accept DNSSEC-signed A records on an end user system and left it enabled for more than a day before giving up in disgust? ;) No. But I run with reject anything that doesn't validate and have for several years now and that doesn't suck. We will never be in a world where all DNS records validate unless we do DNSng and that DNSng requires that all answers be signed. Except as a academic exercise, I would never expect anyone would configure a validator to require that all answers validate as secure. DNSSEC gives you provable secure, provable insecure and bogus. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
somewhat rhetorically... On Sun, Sep 11, 2011 at 2:30 AM, Damian Menscher dam...@google.com wrote: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. given a list of ca's and certs to invalidate ... how large a list would be practical in a browser? (baked in I mean) (not very, relative to the size of the domain system today) Is this scalable? (no) Is this the only answer we have left? (no) -chris (I'm not sure what better answers there are to the situation we are in today, I do like the work in DANE-WG though... it'll be a while before it's practical to use though, I fear)
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, Sep 11, 2011 at 3:37 PM, valdis.kletni...@vt.edu wrote: On Sun, 11 Sep 2011 13:00:09 MDT, Keith Medcalf said: The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. Not strictly true. The current system at least gives you you have reached the hostname your browser tried to reach. A self-signed cert doesn't even give you that. really? even in the face of CA's that have signed certs for existing domains (to not the domain owners)? If I have a thawte cert for valdis.com on host A and one from comodo on host B... which is the right one?
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote: EV certificates have a different status and probably still need the CA model what's the real benefit of an EV cert? (to the service owner, not the CA, the CA benefit is pretty clearly $$) -chris (I've never seen the value in EV or even DV certs really... so I'm actually curious what the value other see in them is)
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow morrowc.li...@gmail.com wrote: what's the real benefit of an EV cert? (to the service owner, not the CA, the CA benefit is pretty clearly $$) The benefit is to the end user. They see a green address bar with the company's name displayed. Yeah, company's name displayed -- individuals cannot apply for EVSSL certs. With normal certs, the end user doesn't see a green address bar, and instead of the company's name displayed (unknown) is displayed and This web site does not supply ownership information. is displayed. If you ask me, hiding the company's name even when present on a non-EVSSL cert is tantamount to saying Only EV-SSL certs are really trusted anyways. So maybe instead of these shenanigans browser makers should have just started displaying a don't trust this site warning for any non-EVSSL cert. -- -JH
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sun, Sep 11, 2011 at 10:23 PM, Jimmy Hess mysi...@gmail.com wrote: On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow morrowc.li...@gmail.com wrote: what's the real benefit of an EV cert? (to the service owner, not the CA, the CA benefit is pretty clearly $$) The benefit is to the end user. They see a green address bar with the company's name displayed. Yeah, company's name displayed -- individuals cannot apply for EVSSL certs. this isn't really a benefit though, is it? isn't the domain-name in the location bar doing the same thing?
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sep 11, 2011, at 9:44 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Sun, Sep 11, 2011 at 10:23 PM, Jimmy Hess mysi...@gmail.com wrote: On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow morrowc.li...@gmail.com wrote: what's the real benefit of an EV cert? (to the service owner, not the CA, the CA benefit is pretty clearly $$) The benefit is to the end user. They see a green address bar with the company's name displayed. Yeah, company's name displayed -- individuals cannot apply for EVSSL certs. this isn't really a benefit though, is it? isn't the domain-name in the location bar doing the same thing? No. As a counter example... How may domain names do Wells Fargo and Citibank (Citi Corp? Citi Group?) operate respectively? I'm a customer, and I can't keep it straight. Companies that wrap their services with generic domain names (paymybills.com and the like) have no one to blame but themselves when they are targeted by scammers and phishing schemes. Even EV certificates don't help when consumers are blinded by subsidiary companies and sister companies daily (Motorola Mobility a.k.a. Google vs. Motorola Solutions.) NOTICE TO RECIPIENT: The information contained in this message from Great River Energy and any attachments are confidential and intended only for the named recipient(s). If you have received this message in error, you are prohibited from copying, distributing or using the information. Please contact the sender immediately by return email and delete the original message.
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sun, Sep 11, 2011 at 11:06 PM, Hughes, Scott GRE-MG shug...@grenergy.com wrote: Companies that wrap their services with generic domain names (paymybills.com and the like) have no one to blame but themselves when they are targeted by scammers and phishing schemes. Even EV certificates don't help when consumers are blinded by subsidiary companies and sister companies daily (Motorola Mobility a.k.a. Google vs. Motorola Solutions.) So, part of my point here about ev/dv/etc certs is that in almost all cases of consumer fraud and protection, HTTPS is never used. Hell, half the spams I get are http://IP_ADDRESS/somethign/something/something.php ... Falling back on the 'well ev certs are there to provide protection to the consumer' is just FUD (I think). again, not seeing a benefit here... -chris
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On 9/11/11 11:28 PM, Christopher Morrow wrote: On Sun, Sep 11, 2011 at 11:06 PM, Hughes, Scott GRE-MG shug...@grenergy.com wrote: Companies that wrap their services with generic domain names (paymybills.com and the like) have no one to blame but themselves when they are targeted by scammers and phishing schemes. Even EV certificates don't help when consumers are blinded by subsidiary companies and sister companies daily (Motorola Mobility a.k.a. Google vs. Motorola Solutions.) So, part of my point here about ev/dv/etc certs is that in almost all cases of consumer fraud and protection, HTTPS is never used. Hell, half the spams I get are http://IP_ADDRESS/somethign/something/something.php ... Falling back on the 'well ev certs are there to provide protection to the consumer' is just FUD (I think). again, not seeing a benefit here... Normally, I heart my Mac. But Apple in its infinite wisdom decided that EV certificates are so much better, they refused to honor my edit of my own system keychain! So, negative benefit for the consumer.
RE: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
At 13:00 11/09/2011 -0600, Keith Medcalf wrote: Damian Menscher wrote on 2011-09-11: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. And therein is the root of the problem: Trustworthiness is assessed by what you refer to as the browser vendors. Unfortunately, there is no Trustworthiness assessment of those vendors. The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. It is nothing more than theatre and provides no actual security benefit whatsoever. Anyone believing otherwise is operating under a delusion. The problem is about lack of pen-testing and a philosphy of security. In order to run a CA, one not only has to build the infrastructure but also have constant external pen-testing and patch management in place. Whether it be Comodo or RSA or now Diginotar, unless an overwhelming philosphy of computer and network security is paradigmed into the corporate DNA, this will keep happening - and not only to CAs but to the likes of Google, Cisco, Microsoft, etc. (read - APT attacks). If 60% of your employees will plug in a USB drive they find in the parking lot, then you have failed: http://www.bloomberg.com/news/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html The problem for us as a community if to find a benchmark of which company does have a clue vs those that don't. Until then, it will just be whack-a-mole/CA. -Hank --- Keith Medcalf () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: I like this response; instant CA death penalty seems to put the incentives about where they need to be. I wouldn't necessarily count them dead just yet; although their legit customers must be very unhappy waking up one day to find their legitimate working SSL certs suddenly unusable So DigiNotar lost their browser trusted root CA status. That doesn't necessarily mean they will be unable to get other root CAs to cross-sign CA certificates they will make in the future, for the right price. A cross-sign with CA:TRUE is just as good as being installed in users' browser. -- -JH
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sat, Sep 10, 2011 at 3:47 AM, Heinrich Strauss heinr...@hstrauss.co.za wrote: On 2011/09/10 05:06, Michael DeMan wrote: I though wildcards were limited to having a domain off a TLD - like '*.mydomain.tld'. The root CAs are have no technical limitation in regards to what kind of certificates they can issue. There is no inherent reason that technical limitations cannot be imposed... there are mechanisms available to do this, if the original CA certificates were issued with restrictions: http://tools.ietf.org/html/rfc3280#section-4.2.1.11 Special limitations or security warnings can be raised by individual browsers above and beyond the certificate validation rules. I would be in favor of each root CA certificate being name constrained to CNs of one TLD per CA certificate, so that root CA orgs would need a separate CA cert and separate private key for each TLD that CA is authorized to issue certificates in. It would be useful if the name restriction would be extended further to allow 2nd level wildcards to be prohibited such as CN=*.com or CN=*.*.com Browsers will honor * in hostname components of the CN field as required by the RFCs.. however a *.mydomain.tld certificate does not match www.mydomain.tld, *.*.mydomain.tld does. Some CAs have partaken in problematic practices such as issuing SSL certificates with RFC1918 IP addresses, or unofficial TLDs in the CN or subject alternative names section. see https://wiki.mozilla.org/CA:Problematic_Practices#Issuing_SSL_Certificates_for_Internal_Domains If all the root CA certificates become name constrained, such problematic practices should cease. -- -JH
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: FYI!!! http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee ms_all_diginotar_certificates_untrust.html Google and Mozilla have also updated their browsers to block all DigiNotar certificates, while Apple has been silent on the issue, a emblematic zombie response! Apple has sent out a notification saying that they are removing DigiNotar from their list of trusted root certs. I like this response; instant CA death penalty seems to put the incentives about where they need to be. Marcus
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Sorry for being ignorant here - I have not even been aware that it is possible to buy a '*.*.com' domain at all. I though wildcards were limited to having a domain off a TLD - like '*.mydomain.tld'. Is it true that the my browser on a windows, mac, or linux desktop may have listed as trusted authorities, an outfit that sells '*.*.tld' ? Thanks, - Mike On Sep 9, 2011, at 2:54 PM, Paul wrote: On 09/09/2011 11:48 AM, Marcus Reid wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: FYI!!! http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee ms_all_diginotar_certificates_untrust.html Google and Mozilla have also updated their browsers to block all DigiNotar certificates, while Apple has been silent on the issue, a emblematic zombie response! Apple has sent out a notification saying that they are removing DigiNotar from their list of trusted root certs. I like this response; instant CA death penalty seems to put the incentives about where they need to be. Marcus Instant? This has been going on for over a week, and a lot of damage could have been done in that time, especially given certs for *.*.com were signed against Diginotar. Most cell phones are unable to update their certificates without an upgrade and you know how long it takes to get them through Cell Phone carriers. A number of alternative android builds are adding the ability to control accepted root certs to their builds in the interest of speeding this up. The CA system is fundamentally flawed. Paul
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On 09/09/11 20:06 -0700, Michael DeMan wrote: Sorry for being ignorant here - I have not even been aware that it is possible to buy a '*.*.com' domain at all. I though wildcards were limited to having a domain off a TLD - like '*.mydomain.tld'. Is it true that the my browser on a windows, mac, or linux desktop may have listed as trusted authorities, an outfit that sells '*.*.tld' ? The issue is that a trusted third party's (Diginotar) trusted signing certificate was stolen, allowing the holder to create and sign whatever certificates he wished, which don't necessarily need to be wildcard certs to be effective. Certificate signers are not restricted to any domain hierarchy (a design feature of x.509 pki), which means that *any* trusted stolen signing certificate can wreak havok on the trusted nature of x.509. Even the hint that the claimed Diginotar cracker has gotten her hands on several other signing certificates may be significant motivation to find a replacement for the existing x.509 based pki. On Sep 9, 2011, at 2:54 PM, Paul wrote: On 09/09/2011 11:48 AM, Marcus Reid wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: FYI!!! http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee ms_all_diginotar_certificates_untrust.html Google and Mozilla have also updated their browsers to block all DigiNotar certificates, while Apple has been silent on the issue, a emblematic zombie response! Apple has sent out a notification saying that they are removing DigiNotar from their list of trusted root certs. I like this response; instant CA death penalty seems to put the incentives about where they need to be. Marcus Instant? This has been going on for over a week, and a lot of damage could have been done in that time, especially given certs for *.*.com were signed against Diginotar. Most cell phones are unable to update their certificates without an upgrade and you know how long it takes to get them through Cell Phone carriers. A number of alternative android builds are adding the ability to control accepted root certs to their builds in the interest of speeding this up. The CA system is fundamentally flawed. Paul -- Dan White
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Wednesday 07 Sep 2011 17:17:10 Network IP Dog wrote: FYI!!! http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee ms_all_diginotar_certificates_untrust.html Google and Mozilla have also updated their browsers to block all DigiNotar certificates, while Apple has been silent on the issue, a emblematic zombie response! Cheers. It would be really nice if the folk at Twitter would fix their images servers (i.e si*.twimg.com) to use a non-evil CA (i.e. not Comodo or DigiNotar or Bubba Gump's Bait, Firearms Crypto Verification). Not that user pics are a great loss, but if you use Tweetdeck/Seesmic/whatever, the constant SSL cert warnings from dozens- to-hundreds of user pics are noisy. This is trivial whining on my part but it is operational. -- The only thing worse than e-mail disclaimers...is people who send e-mail to lists complaining about them signature.asc Description: This is a digitally signed message part.