Re: [Wikitech-l] private key compromise OCSP declarations per RFC 5280

2017-02-02 Thread Brian Wolff 
On Thursday, February 2, 2017, James Salsman  wrote:
> Bryan Davis wrote:
>>
>> The HTTPS tag ()
>> and the Traffic component
>> () would both
>>seem reasonable.
>
> Thanks Brian, will do. I'm working on a fail-over method which won't
> allow the kind of MITM attacks which WhatsApp is vulnerable to under
> default settings. In the mean time, the White House web site
> apparently has a certificate which was working last week but now
> indicates it was revoked last May:
>
> https://crt.sh/?q=60a5d3648459f4eb88700db0d08cda7f6139359c
>
> Would it be a good idea to have HTTP ready to go in case HTTPS becomes
unstable?
>

No. We are comitted to https due to hsts. It is not something that can just
be turned off without downtime.

Also im pretty sure we already have redundant certificates ready to go in
case of a revokation incident since its (accidentally) happened in the
past. (See https://phabricator.wikimedia.org/T148131 and
https://wikitech.wikimedia.org/wiki/Incident_documentation/20161013-GlobalSign
for the original context).

Last of all, the whatsapp key changing issue is not relavent to  us.
Whatsapp is using a different trust model than web pki does.
--
bawolff
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] private key compromise OCSP declarations per RFC 5280

2017-02-02 Thread James Salsman 
Bryan Davis wrote:
>
> The HTTPS tag ()
> and the Traffic component
> () would both
>seem reasonable.

Thanks Brian, will do. I'm working on a fail-over method which won't
allow the kind of MITM attacks which WhatsApp is vulnerable to under
default settings. In the mean time, the White House web site
apparently has a certificate which was working last week but now
indicates it was revoked last May:

https://crt.sh/?q=60a5d3648459f4eb88700db0d08cda7f6139359c

Would it be a good idea to have HTTP ready to go in case HTTPS becomes unstable?


On Mon, Jan 30, 2017 at 10:06 AM, James Salsman  wrote:
> I have been informed off-list that the answer to my question is no,
> and asked to open a phabricator task to allow for fail-over alternate
> certificate utilization in the case of revocations via OCSP or
> revocation list-based revocation.
>
> I am strongly in favor of doing so, but I don't know how to categorize
> such a task or the group to assign it to. Any ideas?
>
>
> On Sun, Jan 29, 2017 at 8:32 PM, James Salsman  wrote:
>> Are Foundation servers able to withstand Online Certificate Status
>> Protocol certificate revocations, such as might occur according to RFC
>> 5280 when a government agency declares a private key compromised
>> because of secret evidence?

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] private key compromise OCSP declarations per RFC 5280

2017-01-30 Thread Bryan Davis 
On Mon, Jan 30, 2017 at 10:06 AM, James Salsman  wrote:
> I have been informed off-list that the answer to my question is no,
> and asked to open a phabricator task to allow for fail-over alternate
> certificate utilization in the case of revocations via OCSP or
> revocation list-based revocation.
>
> I am strongly in favor of doing so, but I don't know how to categorize
> such a task or the group to assign it to. Any ideas?

The HTTPS tag ()
and the Traffic component
() would both
seem reasonable.

Bryan
-- 
Bryan Davis  Wikimedia Foundation
[[m:User:BDavis_(WMF)]]  Sr Software EngineerBoise, ID USA
irc: bd808v:415.839.6885 x6855

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] private key compromise OCSP declarations per RFC 5280

2017-01-30 Thread James Salsman 
I have been informed off-list that the answer to my question is no,
and asked to open a phabricator task to allow for fail-over alternate
certificate utilization in the case of revocations via OCSP or
revocation list-based revocation.

I am strongly in favor of doing so, but I don't know how to categorize
such a task or the group to assign it to. Any ideas?


On Sun, Jan 29, 2017 at 8:32 PM, James Salsman  wrote:
> Are Foundation servers able to withstand Online Certificate Status
> Protocol certificate revocations, such as might occur according to RFC
> 5280 when a government agency declares a private key compromised
> because of secret evidence?

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l