Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation
Thank you, ecellent dickussion and conclusion we arrived to. I understand the general consensus is that the statement about unnotified key transmission to Thawte is correct, saying: I know of no way, rather than there is no way. (As Nelson Bolyard wrote). We are all aware that there is no 100% answer (as always in life), but I assume your knowledge has some weight. This answer I think is acceptable and worth posting in other Forums (e.g. Thunderbird and/or Firefox, where this answer yould not be given). If you allow me I would cite some of our conclusions given here. Are there any privacy-concerns about citations ? (I will not post any E-Mail Adress). Please let me know. I will not do any citation if you do not want it. Further: Nelson Bolyard wrote: Fost, You might be able to get some developer who works in a part of the browser unrelated to crypto to make a stronger statement about this. But those folks don't participate in this mailing list/newsgroup, so you'll have to ask the question elsewhere to get such an answer. Who else would you propose asking ? Thanky you, 2009/1/10 Robert Relyea rrel...@redhat.com Fost1954 wrote: Bob wrote: So it turns out even with crmf, escrow does not happen quietly. If the CA requests a key be escrowed, the user is notified: Sorry, Bob, but it becomes too technical for my knowledge, I do not know what crmf is, nor do I know what tokens etc.are, so speaking honestly: I do not understand your conclusion, even though the words escrow does not happen quietly sound positive. Could you or any Firefox developer/programmer answer to my question (see below): I had missed the other thread (catching up on vacation email). My technical answer is pretty much what was described in the thread. 1. Is there a dev-tech-crypto / Firefox developer/programmer who wants to confirm Kaspar Band's idea that running Firefox in Safe Mode when generating the key as well as requesting the Certificate with Thawte does securely prevent unnotified private key transmission ? As a crypto guy, I don't know what hooks Firefox gives pluggins and such. You are certainly safe with getting a certificate from Thawte, however. If they escrowed the key you would know it. In some sense there is little incentive for a CA to hide the fact that they are escrowing keys. They can certainly fake being you without any key you give them (they simply generate their own key and sign a certificate with your name in it). A CA that does escrowing would only do so if it's offering some key recovery service (if you loose your key you can recover it from us). CA's that try to escrow without being up front risk public exposure and loss of market share. Short answer: I personally would worry about it, but I can't give you a definative answer (since the code in question is well outside the crypto code). I do not want to be offending, I don't think asking questions, and trying to get clarification is offending. That's what the list is for. bob but a simple I think so-answer does not satisfy most of the Firefox-Thawte Users,... Thank you ! ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation
Bob wrote: So it turns out even with crmf, escrow does not happen quietly. If the CA requests a key be escrowed, the user is notified: Sorry, Bob, but it becomes too technical for my knowledge, I do not know what crmf is, nor do I know what tokens etc.are, so speaking honestly: I do not understand your conclusion, even though the words escrow does not happen quietly sound positive. Could you or any Firefox developer/programmer answer to my question (see below): 1. Is there a dev-tech-crypto / Firefox developer/programmer who wants to confirm Kaspar Band's idea that running Firefox in Safe Mode when generating the key as well as requesting the Certificate with Thawte does securely prevent unnotified private key transmission ? I do not want to be offending, but a simple I think so-answer does not satisfy most of the Firefox-Thawte Users,... Thank you ! 2009/1/7 Robert Relyea rrel...@redhat.com Eddy Nigg wrote: On 12/27/2008 12:44 AM, Subrata Mazumdar: A related question: Is it possible to configure the NSS Soft-Token associated with the internal slot like smart-card based token so that the private key key cannot be exported out of the token? If not, would it be useful feature to support? Even in the token case, this is only true if the key was generated in the token. If 'key recovery' is turned on, NSS generates the key in softoken and writes it to the token (after wrapping it with the escrow key). So it turns out even with crmf, escrow does not happen quietly. If the CA requests a key be escrowed, the user is notified: http://mxr.mozilla.org/firefox/source/security/manager/ssl/src/nsCrypto.cpp#1905 bob ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation
Is there anybody to answer to my/Kaspar Band's statement below, as to get a final clarification ?: 1. Is there a dev-tech-crypto / Firefox developer/programmer who wants to confirm Kaspar Band's idea that running Firefox in Safe Mode when generating the key as well as requesting the Certificate with Thawte does securely prevent unnotified private key transmission ? I do not want to be offending, but a simple I think so-answer does not satisfy most of the Firefox-Thawte Users, who wish a final and secure response. I would not like to spread a possibly wrong information, as that would not be a benefit for any Firefox user. 2. You (Kaspar) are right, we are running code provided by someone else (Mozilla Corporation, in this case). To my knowledge this code run is open source, right ? If so, I would not know there to be a safer code to use than one openly viewable by the public. (Except of course the one which is completely written by ourself. But the latter is not subject of discussion, I believe...) Thank you, 2009/1/3 Kaspar Brand m...@velox.ch Daniel Veditz wrote: user_pref(capability.policy.default.Crypto.generateCRMFRequest, noAccess); That may work now, but capability control for individual DOM properties is gone in Firefox 3.1 betas for performance reasons. Dan, it's not a DOM property but a method of the Crypto object instead which gets blocked in this case - so your comment probably doesn't apply. I checked this configuration with both Firefox 3.1 (Beta) and trunk, where it worked as expected (throws an exception saying Permission denied for [...] to call method Crypto.generateCRMFRequest). Kaspar ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation
First: A succcessful, healthy and happy new Year ! 1. Is there a dev-tech-crypto / Firefox developer/programmer who wants to confirm Kaspar Band's idea that running Firefox in Safe Mode when generating the key as well as requesting the Certificate with Thawte does securely prevent unnotified private key transmission ? I do not want to be offending, but a simple I think so-answer does not satisfy most of the Firefox-Thawte Users, who wish a final and secure response. I would not like to spread a possibly wrong information, as that would not be a benefit for any Firefox user. 2. You (Kaspar) are right, we are running code provided by someone else (Mozilla Corporation, in this case). To my knowledge this code run is open source, right ? If so, I would not know there to be a safer code to use than one openly viewable by the public. (Except of course the one which is completely written by ourself. But the latter is not subject of discussion, I believe...) Thank you, 2008/12/31 Kaspar Brand m...@velox.ch Fost1954 wrote: 1. Can I spread the message into the world that Running Firefox in Safe Mode when generating the key as well as requesting the Certificate with Thawte does securely prevent unnotified private key transmission ? I think so. Note that Thawte still uses the keygen tag, so disabling crypto.generateCRMFRequest through prefs.js could also be considered sufficient (keygen doesn't provide any escrow mechanism). 2.What do you mean using the words maximum reliability in this context. I am aware that there is no 100% security in life, but the words you use (a maximum of what !?) can mean a broad spectrum from maximum, but poor reliability to maximum and really strong reliability... In the sense that it's the maximum achievable reliability given the fact that you're running code provided by someone else (Mozilla Corporation, in this case). In the end, it's always a question of whom you trust - but this would probably get us too much off-topic. Kaspar ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation
2008/12/29 Kaspar Brand m...@velox.ch Nelson B Bolyard wrote: Fost1954 wrote, On 2008-12-27 06:54: My personal question: Is this warning dialog really ALWAYS the case ? I think the question is: is there any way for a web site to suppress that dialog? [...] But it's relatively easy to completely hide the dialog with an extension For maximum reliability, you should therefore run the browser in safe mode (http://support.mozilla.com/en-US/kb/Safe+Mode). Thank you. The rest of the conversation here gets too technical for someone like me... BUT: 1. Can I spread the message into the world that Running Firefox in Safe Mode when generating the key as well as requesting the Certificate with Thawte does securely prevent unnotified private key transmission ? AND: 2.What do you mean using the words maximum reliability in this context. I am aware that there is no 100% security in life, but the words you use (a maximum of what !?) can mean a broad spectrum from maximum, but poor reliability to maximum and really strong reliability... Thank you, we are coming to a final answer to the initial question, I am happy about that ! ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation
2008/12/28 Nelson B Bolyard nel...@bolyard.me I think the question is: is there any way for a web site to suppress that [private key transmission warning-] dialog? Yes: this should be the point. Having the certainty, that a warning dialog cannot be suppressed when a private key is to be transferred, Firefox Users would feel (and be) on the safe side. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation
Thank you: […] Unfortunately Thawte's enrollment interface does not work without Javascript. […]Thawte could silently change the behaviour of the cert enrollment web interface. […] to be 100% sure [the private key is not transferred] you have to check that every time you go through this process. If this is the final and correct confirmatory response, I thank you very much. The questions, as Nelson B Bolyard stated them for Firefox users, who are not IT experts, but who do want to be 100% sure: What means do we have to check the [Javascript cert enrollment interface] every time [we] go through this process ? *With other words (adapted from N. Bolyard):* b) Is there any way for a Firefox user to detect that his CA has requested [the] private key [to be transmitted] ? *Possible Answer by Kaspar Band: * ...an Encryption Key Copy warning dialog will be presented. My personal question: Is this warning dialog really ALWAYS the case ? c) When requesting a certificate from a CA, what can a Firefox user do to prevent [transmission] of the newly generated private key? Possible Answer by kaspar Band: Not too difficult to achieve, actually. Just add this line to your prefs.js:[...] Is this still necessary (as for an average user this is not easy to achieve) ? Or can I be sure a warning dialog will always be presented by firefox ? A solution to these last two questions is essential if the user wants to be 100% sure and secure. Thank you, 2008/12/27 Kaspar Brand m...@velox.ch Michael Ströder wrote: I'd love to have an option to forbid CRMFRequest calls... Not too difficult to achieve, actually. Just add this line to your prefs.js: user_pref(capability.policy.default.Crypto.generateCRMFRequest, noAccess); I personally don't know whether the current Mozilla implementation of crypto.generateCRMFRequest includes the private key of an encryption cert. Only if you tell it do so, and only if it's a key-exchange-only key. [1] Additionally, an Encryption Key Copy warning dialog will be presented when key escrow is attempted - try the attached demo. [2] But there is some Javascript and the HTML looks like this: select name=spkac challenge=tURRaHXxYBDwCk58option2048 (High Grade)/optionoption1024 (Medium Grade)/option/select What browser were you using in this case, and for what certificate were you applying? I still see keygen elements when enrolling for a new Thawte Freemail certificate with Firefox or Seamonkey (note that when saving an HTML page with the Web Page, complete option, the keygen tag is converted into a select element, so maybe that explains the effect you're seeing). Kaspar [1] https://developer.mozilla.org/en/GenerateCRMFRequest [2] Caveat: may leave you (or your cert DB, more precisely) with a lot of orphan keys, if used generously - i.e. it's probably better to use it with a separate profile. Create CRMF request *with* escrow Create CRMF request w/o escrow ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation
Dear Firefox Developers, I understand that this should be the right place to ask: Using Firefox we would like to generate Thawte X.509 E-Mail Certificates. When generating the Private/Public key pair using Firefox as well as requesting the certificate, we are logged in on the Thawte Website. *Our security relevant question:* Which data is transmitted to Thawte during the Private/Public key pair and certificate generation process using Firefox (and Thawte) ? *Does Firefox send to Thawte any form of private key during this process, or not ?* If the private key was transmitted to Thawte, in theory a Thawte staff member –would he gain access to the private key at thawte- could decrypt emails encrypted by us, or sign an email in our names … We would be happy to understand better the key and certificate generation process using Firefox (and Thawte), considering the security critical point mentioned above. Thank you in advance, Proud Firefox users ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto