Re: dropping the root is useless
Uhm... how did you arrive at the tens of thousands of other Comodo customers figure? I don't believe that Comodo has disclosed the number of unique domain names served by certificates that it has issued. And since the number one reason for having a CA in the root list is for Mozilla-software user security, how do you arrive at punish [...] millions of users? TLS is geared very obviously toward security-of-the-user (among other things, a server that does not provide a certificate cannot ask for client authentication), and the user is who we're trying to protect (since the user is the one who interacts with Mozilla apps) -- NOT the server. As far as I can tell, there is no easy way for users to self-identify whether the web sites that they're going to are using Comodo certificates. As far as I can tell, there is no reporting of what CAs are used by sites browsed to by any given installation of Mozilla software. This leads me to believe that there are three possibilities: 1) You have communication from Robin about the number of certificates that Comodo has issued that the rest of us are not privy to, OR 2) You have some way of knowing what CAs are in use by the servers that users of the Mozilla applications use (which concept rather scares me, since it hasn't been disclosed as part of the software operations), OR 3) You're pulling numbers out of thin air. -Kyle H On Sun, Dec 28, 2008 at 11:41 PM, Grey Hodge g...@burntelectrons.org wrote: On 12/28/2008 9:42 AM Eddy Nigg cranked up the brainbox and said: On 12/28/2008 04:24 PM, Ian G: No, I'm afraid there is an agreement to list the root, under a policy. Once listed, Mozilla has to operate according to its side of the bargain. Apparently you are reading something I haven't. Apparently, but that doesn't mean it's invalid. Mozilla can't act arbitrarily and without cause and expect to retain any shred of respect or trustworthiness. A policy not adhered to is worthless. That's for the specific certstar case. Domain validation isn't performed by Comodo on a wide scale apparently and perhaps no validation is performed at all. Yes, perhaps, and perhaps they send out certs to anyone who asks nicely, but we have little evidence to support these suppositions. Rather than having a kneejerk reaction of removing Comodo from the root list, why don't we examine the situation. This reseller was not acting according to proper procedure. Comodo immediately revoked their reseller status, and reviewed their certs. Further, they've said they're reviewing their policies to ensure this doesn't happen again. Given their candor and quick response, what more do you require that you feel you're not getting that justified removing them as a root CA? I really think you're going overboard. Form what I see, I'm not alone in that assessment. You did a good job in bringing this to light. Having the issues you uncovered addressed and fixed should be sufficient. Why do we need to take punitive action that will do nothing but punish tens of thousands of other Comodo customers and millions of users? -- Grey Hodge email [ grey @ burntelectrons.org ] web [ http://burntelectrons.org ] tag [ Don't touch that! You might mutate your fingers! ] motto [ Make everything as simple as possible, but no simpler. - Einstein ] ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 29/12/08 09:47, Kyle Hamilton wrote: Uhm... how did you arrive at the tens of thousands of other Comodo customers figure? I don't believe that Comodo has disclosed the number of unique domain names served by certificates that it has issued. http://www.securityspace.com/s_survey/sdata/200611/certca.html Security Space figures are now sold not openly published, that is 2 years old. To save the click, December 2006, Security Space reports that Comodo had 13,715 certs in live. 1. I'll leave to others to address the various fudge factors. 2. If anyone has any view on a new, current report, they could help reduce the FUD by letting us know that CA's current numbers. And since the number one reason for having a CA in the root list is for Mozilla-software user security, how do you arrive at punish [...] millions of users? In my earlier post, I took the certs and multiplied by 100. It's a finger in the air, a hand waving. I have no idea, but it is probably more than 10. If it was 10, the server would likely go for a SSC. :) 2) You have some way of knowing what CAs are in use by the servers that users of the Mozilla applications use (which concept rather scares me, since it hasn't been disclosed as part of the software operations), OR As above. 3) You're pulling numbers out of thin air. Yes, start with what we know. 13,715 two years back. Then add some estimates of what we don't know. Call it 20k now. Multiply by 100 users to get 2m. The number at the end is flaky, but it is better than no number. Refine as more info comes to hand. iang ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/29/2008 09:41 AM, Grey Hodge: Apparently, but that doesn't mean it's invalid. Mozilla can't act arbitrarily and without cause and expect to retain any shred of respect or trustworthiness. Nobody suggested that I think. There is however real cause for concern. Yes, perhaps, and perhaps they send out certs to anyone who asks nicely, but we have little evidence to support these suppositions. Please read the other thread Facts about Comodo Resellers and RAs at http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/e2755401a7dec203 Please do not add comments to that thread without relevance, thanks. Rather than having a kneejerk reaction of removing Comodo from the root list, why don't we examine the situation. This reseller was not acting according to proper procedure. Comodo immediately revoked their reseller status, and reviewed their certs. Further, they've said they're reviewing their policies to ensure this doesn't happen again. Given their candor and quick response, what more do you require that you feel you're not getting that justified removing them as a root CA? I really think you're going overboard. Form what I see, I'm not alone in that assessment. You did a good job in bringing this to light. Having the issues you uncovered addressed and fixed should be sufficient. Why do we need to take punitive action that will do nothing but punish tens of thousands of other Comodo customers and millions of users? -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/29/2008 07:40 AM, David E. Ross: On 12/28/2008 3:45 PM, Kyle Hamilton wrote [in part]: CertStar was found out, only due to the diligence of someone on this list. How many other RAs haven't been found out yet? We can't know, because Comodo won't say. This affects the confidence I have in their system (i.e., it removes ALL confidence that Mozilla extended on my behalf). Actually, Eddy discovered the problem only through the fortuitous receipt of spam from CertStar. If he had not received the spam -- even if others had received it -- it is possible the problem would never have been discovered. This is why the discovery is so frightening. I will suggest that Mozilla allocate some funds for random checking of the performance of CAs. Now that it is known that a subordinate reseller operating under one CA issued certificates without authenticating the identity of the subscribers, we know that the theoretical concern expressed (before all this) about resellers is no longer theoretical. NOW is the time to require that all CAs supervise the operations of their RAs and resellers. This must be done in a way that independent audits of the CAs examine the implementation of such supervision, which can be accomplished by requiring (at least with respect to the Mozilla database) that CPs explicitly address how that supervision is performed. Either a CA's CP must explicitly state that there are NO external RAs or resellers, or else the CP must describe how external subordinates are monitored. Without this, a CA's request to have its root certificate included in the Mozilla database should be denied. Since an audit will generally report on the implementation of such a policy but not necessarily on the policy's adequacy, the internal and public reviews of CA requests must examine the adequacy of the CA's policy for monitoring external subordinates. +1 -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/29/2008 3:47 AM Kyle Hamilton cranked up the brainbox and said: And since the number one reason for having a CA in the root list is for Mozilla-software user security, how do you arrive at punish [...] millions of users? If all of Comodo's certs cease to be trusted, millions of web surfers will see errors on potentially thousands of sites. This leads me to believe that there are three possibilities: 1) You have communication from Robin about the number of certificates that Comodo has issued that the rest of us are not privy to, OR 2) You have some way of knowing what CAs are in use by the servers that users of the Mozilla applications use (which concept rather scares me, since it hasn't been disclosed as part of the software operations), OR The fact you think these are even reasonably conclusions tells me a lot about your reasoning skills. 3) You're pulling numbers out of thin air. Indeed, I am, as an educated guess. Comodo is a root CA. You don't get root status by having a handful of customers. It's hard business to break into, and Comodo has been around a while. I find it hard to believe a company of their size and age has any fewer than ten thousand certs out there, and that's a lowball guess. There are many hundreds of millions of web users, and millions of websites. Do you really find it hard to believe at least 1% of those secure sites might be using a Comodo cert? -- Grey Hodge email [ grey @ burntelectrons.org ] web [ http://burntelectrons.org ] tag [ Don't touch that! You might mutate your fingers! ] motto [ Make everything as simple as possible, but no simpler. - Einstein ] ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/29/2008 8:45 AM Eddy Nigg cranked up the brainbox and said: Please do not add comments to that thread without relevance, thanks. Excuse me, I've had enough or your arrogant attitude. I've seen the way you've been treating people and I can name half a dozen off the top of my head you've been rude to. Knock it off, you're not in any position to tell anyone where to post and not to post. Further, I've been following the threads for a while now, thank you very much. I'll thank you to treat people with more respect or kindly shove off. You did a good deed unveiling Certstar, don't blow that good will with obnoxiousness. -- Grey Hodge email [ grey @ burntelectrons.org ] web [ http://burntelectrons.org ] tag [ Don't touch that! You might mutate your fingers! ] motto [ Make everything as simple as possible, but no simpler. - Einstein ] ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/29/2008 10:23 PM, Grey Hodge: Indeed, I am, as an educated guess. Comodo is a root CA. You don't get root status by having a handful of customers. The amount of customers never was a known criteria of CAs business practices ever. It's hard business to break into, and Comodo has been around a while. I find it hard to believe a company of their size and age has any fewer than ten thousand certs out there, and that's a lowball guess. There are many hundreds of millions of web users, and millions of websites. Isn't the responsibility of a CA this size much greater and breach of trust going to affect many? Is a breach of trust justified and acceptable because of the size of a CA or shouldn't that CA provide extra care? (For your knowledge, Netcraft confirms these days about one million secured web sites altogether, 10-15 percent belonging to Comodo I think, which is of course still a lot. But it's not millions of web sites. Additionally Comodo has many different roots and as I understood from Kyle, he suggested to look at the affected ones.) -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/29/2008 12:23 PM, Grey Hodge wrote: On 12/29/2008 3:47 AM Kyle Hamilton cranked up the brainbox and said: And since the number one reason for having a CA in the root list is for Mozilla-software user security, how do you arrive at punish [...] millions of users? If all of Comodo's certs cease to be trusted, millions of web surfers will see errors on potentially thousands of sites. This leads me to believe that there are three possibilities: 1) You have communication from Robin about the number of certificates that Comodo has issued that the rest of us are not privy to, OR 2) You have some way of knowing what CAs are in use by the servers that users of the Mozilla applications use (which concept rather scares me, since it hasn't been disclosed as part of the software operations), OR The fact you think these are even reasonably conclusions tells me a lot about your reasoning skills. 3) You're pulling numbers out of thin air. Indeed, I am, as an educated guess. Comodo is a root CA. You don't get root status by having a handful of customers. It's hard business to break into, and Comodo has been around a while. I find it hard to believe a company of their size and age has any fewer than ten thousand certs out there, and that's a lowball guess. There are many hundreds of millions of web users, and millions of websites. Do you really find it hard to believe at least 1% of those secure sites might be using a Comodo cert? For my own installation of SeaMonkey, I disabled all Comodo roots as soon as I understood the problem. I disabled all UserTrust roots some years ago, for reasons I don't remember. I have yet to encounter a problem with any Web site because of this. The several financial institutions where I access accounts via the Web -- the Web sites for which I'm most concerned -- all seem to use either VeriSign or Equifax for their SSL site certificates. My ISP's Web-mail interface uses Equifax as does the domain registry where I maintain two domains. Amazon.com uses VeriSign. I'm beginning to wonder what important Web sites do use Comodo. -- David E. Ross http://www.rossde.com/ Go to Mozdev at http://www.mozdev.org/ for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 29.12.2008 07:59, Nelson B Bolyard wrote: Perhaps the policy should even go so far, as Kai has suggested, as to require that whatever entity performs the verification of subject identity for the CA must be audited. Yes. Not perhaps. The verification is one of the two core operations of the CA (the other is to sign the certs and keep the key secure). The verifications are what the audit is all about. Of course the verifications, and whoever does that, have to be audited. That means watching the actual, real people, who do the verifications. That's what we need - we need *somebody* (preferably many, even) independent to verify that the CA actually does what it says it does, actually, in real world, everyday business. A paper is useless, if nobody verifies that it's actually followed. Everything else is just talk, hot air. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/29/2008 4:46 PM Eddy Nigg cranked up the brainbox and said: The amount of customers never was a known criteria of CAs business practices ever. I also don't know how many Credit cards Bank of America issues, but I can guess with reasonable accuracy. Isn't the responsibility of a CA this size much greater and breach of trust going to affect many? Is a breach of trust justified and acceptable because of the size of a CA or shouldn't that CA provide extra care? Considering the KNOWN size of the breach, a maximum of 111 certs, less than ten percent of which could not be verified in 2 days, only 2 of which were confirmed to be fraudulent (both your attempts), I don't think this requires a revocation. If we /can/ resolve this issue without revoking, why shouldn't we? (For your knowledge, Netcraft confirms There's a reason netcraftconfirmsit is a tag on Slashdot, and it's not because Netcraft is a bastion of statistical rigor. My point still stands. Revoking Comodo certs would be a needlessly messy and painful endeavour, and should be avoided if the situation can be resolved elsewise. So far, I have no reason to believe Comodo can't tighten up their practices without nuking millions of web surfers. -- Grey Hodge email [ grey @ burntelectrons.org ] web [ http://burntelectrons.org ] tag [ Don't touch that! You might mutate your fingers! ] motto [ Make everything as simple as possible, but no simpler. - Einstein ] ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
I would LOVE for Comodo to clean up its practices. Including decertifying the CA that does not adhere to financial levels of control that is certified by a CA that does. -Kyle H On Mon, Dec 29, 2008 at 5:44 PM, Grey Hodge g...@burntelectrons.org wrote: On 12/29/2008 4:46 PM Eddy Nigg cranked up the brainbox and said: The amount of customers never was a known criteria of CAs business practices ever. I also don't know how many Credit cards Bank of America issues, but I can guess with reasonable accuracy. Isn't the responsibility of a CA this size much greater and breach of trust going to affect many? Is a breach of trust justified and acceptable because of the size of a CA or shouldn't that CA provide extra care? Considering the KNOWN size of the breach, a maximum of 111 certs, less than ten percent of which could not be verified in 2 days, only 2 of which were confirmed to be fraudulent (both your attempts), I don't think this requires a revocation. If we /can/ resolve this issue without revoking, why shouldn't we? (For your knowledge, Netcraft confirms There's a reason netcraftconfirmsit is a tag on Slashdot, and it's not because Netcraft is a bastion of statistical rigor. My point still stands. Revoking Comodo certs would be a needlessly messy and painful endeavour, and should be avoided if the situation can be resolved elsewise. So far, I have no reason to believe Comodo can't tighten up their practices without nuking millions of web surfers. -- Grey Hodge email [ grey @ burntelectrons.org ] web [ http://burntelectrons.org ] tag [ Don't touch that! You might mutate your fingers! ] motto [ Make everything as simple as possible, but no simpler. - Einstein ] ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/30/2008 03:44 AM, Grey Hodge: Considering the KNOWN size of the breach, a maximum of 111 certs, less than ten percent of which could not be verified in 2 days, only 2 of which were confirmed to be fraudulent (both your attempts), I don't think this requires a revocation. If we /can/ resolve this issue without revoking, why shouldn't we? Well Grey, this is only what we know for an almost certainty. There is a big question about what we don't know. There are contradicting practice statements and one of them suggests that there might be more (unvalidated certs), the other one suggest that validation isn't performed by Comodo, even if required as per their policy. There's a reason netcraftconfirmsit is a tag on Slashdot, and it's not because Netcraft is a bastion of statistical rigor. Still, it gives a better indication. So far, I have no reason to believe Comodo can't tighten up their practices without nuking millions of web surfers. That would be great, this is really, really what we want here. There is no fun in pulling a root, that's for emergencies. I'm certain, whatever Comodo is going to do in this respect will influence any decision taken at Mozilla. Hopefully Robin will tell us soon more... -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/28/2008 02:46 PM, Ian G: 1. Certs: All end-users who rely on these certs will lose. That probably numbers in the millions. All subscribers will lose, probably in the thousands. The CA will lose; potentially it will lose its revenue stream, or have it sliced in half (say), which is what we would call in business circles a plausible bankrupcy event. Not relevant. 2. Mozo: Mozilla will lose because of all the undelivered security (all those good certs and subscribers and end-users). It may be sued by the CA and the CA's investors and/or the receiver/liquidator for a bad decision. I suggest to you refrain from now on to give legal advice on these matters, Mozilla has a legal department and lawyers for that. But if we are at it, Mozilla has no legal or any other requirement (as far as I know) to include or keep a root. The Mozilla CA Policy clearly reserves the right to remove any of the roots (including all of them) at any time. If this isn't the case we all should know about it. Additionally it's Mozilla which also has the right to sue the CA and not the other way around. Just for your knowledge, Microsoft and other vendors reserve the same right. 3. Industry: All other CAs will lose because they will now have to include in their business plans the possibility of a root being dropped by a bad decision. Very good! Even though I'm not the proponent of the proposal to remove Comodo's root (instead work towards a real improvement, with the removal as a stick), this is exactly what possible removal should achieve. Refrain CAs from making bad decisions. More than that, some CAs are on disadvantage when competing with CAs which are willing to take high risks. This must be clearly recognized and I'm all in favor of having to compete on equal footing. This isn't the case today. 4. Security will go down, because less certs are delivered and in use. (It's hard to calculate the secondary losses here, but not impossible.) That's easy to revert, I'm certain there are a bunch of CAs ready to issue new certs to them. 1. Against that you can weigh the damages done so far and the harm to protect against. We know it is down to 11 or so certs, all revoked. That's absolutely not correct. Right now nobody knows - including Comodo - how many certs are really unvalidated because of the lack thereof. This is what I know at the moment and it would be good if Comodo could dispute that claim and advice differently or confirm it. 2. There is the possible benefit to the other CAs as a punishment tool, in the case where the decision is good (see 3. above). There could be a knock-on effect in convincing CAs to tighten their game. Right! I'm all in favor of that, lets go for it! However, this needs to be balanced against other costs and loss of certs, and in practice, the dominant factor is this: more certs is more security, less certs is less security. Less unvalidated certs is more security, not less. An unknown number of unvalidated certs is no security at all. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
(following is just for the record so as to deal with the response. No new info is in here for other readers.) On 28/12/08 14:21, Eddy Nigg wrote: On 12/28/2008 02:46 PM, Ian G: 1. Certs: All end-users who rely on these certs will lose. That probably numbers in the millions. All subscribers will lose, probably in the thousands. The CA will lose; potentially it will lose its revenue stream, or have it sliced in half (say), which is what we would call in business circles a plausible bankrupcy event. Not relevant. Well! If they are not relevant, then perhaps we can turn SSL off, with no consequences? I suggest to you refrain from now on to give legal advice on these matters, Mozilla has a legal department and lawyers for that. But if we are at it, Let's deal with this self-contradictory statement. To ignore the obvious legal ramifications (agreements in RPAs, disclaimers to end-users, potential lawsuits ...) would be negligence, IMHO. We know the ramifications exist. We know they may be serious. We know that assertations of security are being made to end-users. Hence to continue making these assertations, and not treat them seriously would be negligence. I personally choose not to follow that path into negligence, and will continue to consider the legal ramifications, which leads to the question of how we consider them. We could simply refer them to the legal department, as you suggest. Mozilla has a legal department, as you kindly point out, but they are silent. They may have entirely good reasons for being silent, but that makes them more or less useless for the work of this forum. So referring them to that legal department is not an option for now. We could simply refer them to our own legal department. But, we are all here as volunteers, and while some of the businesses may like to put their counsel at the service of this group, this won't work because of conflicts of interest. This is therefore not an option. Which leaves the final option: we have to deal with it, ourselves, and we have to work with the known and understood caveats that none of us are lawyers. Others may have other views, but I would suggest that in this forum, we have to consider the legal ramifications. Mozilla has no legal or any other requirement (as far as I know) to include or keep a root. No, I'm afraid there is an agreement to list the root, under a policy. Once listed, Mozilla has to operate according to its side of the bargain. This is a general consequence of business, there is nothing special about it. Ask any experienced business person. The Mozilla CA Policy clearly reserves the right to remove any of the roots (including all of them) at any time. If this isn't the case we all should know about it. The problem being, that even if it reserves the right to make a choice for any reason, this does not give Mozilla carte blanche. If it makes a bad choice, a judge can imply a reasonableness test. This is one of those areas where we really do need lawyers in the conversation, but I will short circuit that with a prediction of mine, only: the lawyers will likely say, we will find out in court. Great answer, huh? It sure keeps the lawyers in work, and it provides little help for us. See earlier analysis. Additionally it's Mozilla which also has the right to sue the CA and not the other way around. Just for your knowledge, Microsoft and other vendors reserve the same right. Everyone has the right to walk into court. That point is empty of practical value. 3. Industry: All other CAs will lose because they will now have to include in their business plans the possibility of a root being dropped by a bad decision. Very good! Even though I'm not the proponent of the proposal to remove Comodo's root (instead work towards a real improvement, with the removal as a stick), this is exactly what possible removal should achieve. Please read it carefully. a root being dropped by a BAD decision. Refrain CAs from making bad decisions. Oh, ok. No, I meant MOZILLA making a bad decision. E.g., a mistake. More than that, some CAs are on disadvantage when competing with CAs which are willing to take high risks. This must be clearly recognized and I'm all in favor of having to compete on equal footing. This isn't the case today. Indeed. You won't achieve it by dropping a root, and you won't achieve it by _threatening_ to drop a root. I suggest you will achieve precisely the reverse, because some CAs will have an advantage in that negotiation, and they will overcome any positive benefit in a way that has little bearing on security for the users. Standard business stuff, really. 4. Security will go down, because less certs are delivered and in use. (It's hard to calculate the secondary losses here, but not impossible.) That's easy to revert, I'm certain there are a bunch of CAs ready to issue new certs to them.
Re: dropping the root is useless
On 12/28/2008 04:24 PM, Ian G: 1. Certs: All end-users who rely on these certs will lose. That probably numbers in the millions. All subscribers will lose, probably in the thousands. The CA will lose; potentially it will lose its revenue stream, or have it sliced in half (say), which is what we would call in business circles a plausible bankrupcy event. Not relevant. Well! If they are not relevant, then perhaps we can turn SSL off, with no consequences? I was clearly replying to the later part: The CA will lose; potentially it will lose its revenue stream, or have it sliced in half (say), which is what we would call in business circles a plausible bankrupcy event. It's not relevant. No, I'm afraid there is an agreement to list the root, under a policy. Once listed, Mozilla has to operate according to its side of the bargain. Apparently you are reading something I haven't. The problem being, that even if it reserves the right to make a choice for any reason, this does not give Mozilla carte blanche. Mozilla can make a bad decision, no doubt. This case is most likely not one of those you are referring to. Please read it carefully. a root being dropped by a BAD decision. A root isn't removed before careful considerations. A bad decision doesn't warrant not to remove any roots at all if necessary. Mozilla can also reinstate a root. They stated how many, IIRC. I recall it was something like 111 certs issued and 11 outstanding that had not been re-verified within around 48 hours (these numbers are not accurate, but indicative) and were therefore revoked. That's for the specific certstar case. Domain validation isn't performed by Comodo on a wide scale apparently and perhaps no validation is performed at all. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 28/12/08 15:42, Eddy Nigg wrote: On 12/28/2008 04:24 PM, Ian G: I was clearly replying to the later part: The CA will lose; potentially it will lose its revenue stream, or have it sliced in half (say), which is what we would call in business circles a plausible bankrupcy event. It's not relevant. Well, that part may not be a loss that effects a security discussion. But I've made the point before that economic interests are much more important and may be dominant. See below the discussion of lawyers. So perhaps you won't mind if I keep bringing them up. We might simply disagree as to their practical relevance to the real world discussion. No, I'm afraid there is an agreement to list the root, under a policy. Once listed, Mozilla has to operate according to its side of the bargain. Apparently you are reading something I haven't. Statements (policy, etc) plus actions gives rise to an agreement. The agreement doesn't have to be written in one document to exist, it can exist without anything to read, or with many things to read. The problem being, that even if it reserves the right to make a choice for any reason, this does not give Mozilla carte blanche. Mozilla can make a bad decision, no doubt. This case is most likely not one of those you are referring to. Well, who is going to warrant that for Mozilla? Please read it carefully. a root being dropped by a BAD decision. A root isn't removed before careful considerations. A bad decision doesn't warrant not to remove any roots at all if necessary. Mozilla can also reinstate a root. If in court, we can be sure that the CA will argue that the decision is bad. The judge will bend over backwards to let the CA make that case; that's what the court is there for. (This then turns on who has the burden, and what question has to be answered. Er, now we need the lawyers.) What I'm about here is that: in any wider business analysis, the answer is that, short of total collapse, do not remove the root. And if there is total collapse, you will be wrong regardless, so it doesn't really matter what you do. I am not saying I *like* it. In fact, I don't like it. I'm saying the tool is bankrupt. Think of other tools, this one will not work for you. Let me put it another way: one phone call from the CA's lawyer to Mozo's lawyer is probably sufficient to solve this problem *for the CA*. Ask yourself whether you have a lawyer. Ask your lawyer whether he can make the phone call. Ask your lawyer how the phone call will go (he doesn't need to make it). Let us know what he says, for the education of us all. They stated how many, IIRC. I recall it was something like 111 certs issued and 11 outstanding that had not been re-verified within around 48 hours (these numbers are not accurate, but indicative) and were therefore revoked. That's for the specific certstar case. Domain validation isn't performed by Comodo on a wide scale apparently and perhaps no validation is performed at all. Oh, that's a new claim, beyond this reseller. Is there any evidence? If so, then maybe there should likely be a new investigation, and widespread revocations by the CA of the non-verified certs. OK, as discussed earlier, actual investigations are outside scope of here (which begs the important question of where it is in scope of!) so let's not speculate further on Comodo's exact position. Back to the damages estimate: we still need to form an estimate of how many certificates were issued to people of malintent. Without that, we are still left with a damages estimate of zero, albeit one multiplied by a much larger number of users, with a much greater range of possible error. iang ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/28/2008 4:46 AM, Ian G wrote [in part]: On 28/12/08 12:13, Kai Engert wrote: If we'd like to be strict, we could remove CAs from our approved list if they have shown to be non-conforming in the above way. Yes, we could! But this is what we call a blunt weapon. It is also a dangerous weapon. Consider (all) the consequences in the current case. First, losses we will incur, regardless: 1. Certs: All end-users who rely on these certs will lose. That probably numbers in the millions. All subscribers will lose, probably in the thousands. The CA will lose; potentially it will lose its revenue stream, or have it sliced in half (say), which is what we would call in business circles a plausible bankrupcy event. So when a CA behaves badly, we should still be concerned that the CA might lose money? Because a CA might go bankrupt, we should do nothing? How about the users of Mozilla products who might lose money or even go bankrupt because they trusted a root certificate from such a CA? No, such losses are not known (yet). What did happen, however, indicates that such losses are indeed possible and not only through Certstar. -- David E. Ross http://www.rossde.com/ Go to Mozdev at http://www.mozdev.org/ for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On Sun, Dec 28, 2008 at 6:24 AM, Ian G i...@iang.org wrote: (following is just for the record so as to deal with the response. No new info is in here for other readers.) I would very much appreciate it if you would stop using fear, uncertainty, and doubt to manipulate the audience into believing your and only your viewpoint. Unlike you, Eddy actually runs a certifying authority. This means that he has operational experience with not only the technical sides of things, but also the legal sides of things. Just because you also happen to be an advocate for CAcert (and -- unlike Eddy -- feel the urge to hide that affiliation) does not mean that you actually run it, or have the depth or breadth of knowledge necessary to do so. This message shows me that you honestly don't care about what security actually is, you just care about the end-user experience. This is NOT the same thing. As such, my opinion of your authority on the subject matter has diminished severely. True security involves knowing what the risks are. Mozilla's policy for root inclusion tries to reduce the uncertainty for end-users; unfortunately, as has been pointed out repeatedly, there is still far too much uncertainty for end-users in Comodo's operations. They have lost my trust, the same way that you have. On 28/12/08 14:21, Eddy Nigg wrote: On 12/28/2008 02:46 PM, Ian G: 1. Certs: All end-users who rely on these certs will lose. That probably numbers in the millions. All subscribers will lose, probably in the thousands. The CA will lose; potentially it will lose its revenue stream, or have it sliced in half (say), which is what we would call in business circles a plausible bankrupcy event. Not relevant. Well! If they are not relevant, then perhaps we can turn SSL off, with no consequences? If Nelson can upbraid me for ad hominem attacks, I'm going to upbraid you for ad absurdem arguments. TLS (can we PLEASE stop using SSL, since the last version of SSL that got ratified by any standards organization was SSLv2, and SSLv3 is a hack that reached internet-draft phase but was never formally recognized?) has the option of negotiating a secure connection without the use of any certificates at all. (Further, SSLv3 also had the same mechanism.) There's still the endpoint confidentiality concept -- nobody between the client and the server that the client is talking to can hear what's being said between them. The problem that certificates (or key continuity management) is designed to solve is the problem where the client thinks it's talking to one server, when it's really talking to another (the fraudulent endpoint attack in the case where the server-endpoint doesn't pass any data to the real server, and the man in the middle attack in the case it does). To ignore the obvious legal ramifications (agreements in RPAs, disclaimers to end-users, potential lawsuits ...) would be negligence, IMHO. We know the ramifications exist. We know they may be serious. We know that assertations of security are being made to end-users. Hence to continue making these assertations, and not treat them seriously would be negligence. I personally choose not to follow that path into negligence, and will continue to consider the legal ramifications, which leads to the question of how we consider them. In my mind (and this is not legal advice, merely a statement of thought presented for the purposes of argument), Mozilla has a duty to me as an end-user to uphold the letter and spirit of its CA Certificate Policy. I've already presented my thought on how a full tort could be brought against Mozilla by the operator of any CA already in the trust list. If a Comodo-issued certificate causes any user damage after the initial disclosure on the list, a tort could be brought against Mozilla by that end-user. Mozilla has no legal or any other requirement (as far as I know) to include or keep a root. No, I'm afraid there is an agreement to list the root, under a policy. Once listed, Mozilla has to operate according to its side of the bargain. The policy explicitly provides for Mozilla removing a root, at its option. Section 4 of the CA Certificate Policy: We reserve the right to not include a particular CA certificate in our software products, to discontinue including a particular CA certificate in our products, or to modify the trust bits for a particular CA certificate included in our products, at any time and for any reason. It gives examples of the situations that it could do so in, but it also explicitly states that its appropriate reasons for doing so ARE NOT LIMITED TO those examples. Please also recognize that the right and protection of the many tends, at least in the US court system that Mozilla and Comodo are subject to, outweighs the right and protection of the few or one (the company which operates the CA). This is a general consequence of business, there is nothing special about it. Ask any experienced
Re: dropping the root is useless
On Sun, Dec 28, 2008 at 9:28 AM, Ian G i...@iang.org wrote: On 28/12/08 17:06, David E. Ross wrote: How about the users of Mozilla products who might lose money or even go bankrupt because they trusted a root certificate from such a CA? No, such losses are not known (yet). What did happen, however, indicates that such losses are indeed possible and not only through Certstar. Yes, indeed. That's a big question. What I am suggesting is that dropping the root will not address that question. It is too blunt a weapon to be used reliably. Considering that trustability is viewed as a binary state, it's the only weapon that Mozilla has. -Kyle H ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 29/12/08 00:37, Kyle Hamilton wrote: On Sun, Dec 28, 2008 at 9:28 AM, Ian Gi...@iang.org wrote: On 28/12/08 17:06, David E. Ross wrote: How about the users of Mozilla products who might lose money or even go bankrupt because they trusted a root certificate from such a CA? No, such losses are not known (yet). What did happen, however, indicates that such losses are indeed possible and not only through Certstar. Yes, indeed. That's a big question. What I am suggesting is that dropping the root will not address that question. It is too blunt a weapon to be used reliably. Considering that trustability is viewed as a binary state, it's the only weapon that Mozilla has. Yes. This is reason for concern. iang ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On Sun, Dec 28, 2008 at 3:42 PM, Ian G i...@iang.org wrote: On 29/12/08 00:37, Kyle Hamilton wrote: Considering that trustability is viewed as a binary state, it's the only weapon that Mozilla has. Yes. This is reason for concern. FWIW, I agree. Alright, I propose that, in a new thread, we open the table for discussion of the problems inherent in the binary-state model, and ways to mitigate these problems? -Kyle H ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 29/12/08 00:36, Kyle Hamilton wrote: On Sun, Dec 28, 2008 at 6:24 AM, Ian Gi...@iang.org wrote: Unlike you, Eddy actually runs a certifying authority. This means that he has operational experience with not only the technical sides of things, but also the legal sides of things. I support your right to an opinion, but can you please ground your criticisms in facts of relevance, rather than ad hominims. Just because you also happen to be an advocate for CAcert Strawman. An Auditor is perhaps an advocate in the sense that he writes an opinion. I have not done that, and won't for another 6 months at current progress. Here's *just* the local dirt: https://bugzilla.mozilla.org/show_bug.cgi?id=215243#c158 I think the advocacy claim looks a little silly, no? Absurd, even. (and -- unlike Eddy -- feel the urge to hide that affiliation) does not mean that you actually run it, or have the depth or breadth of knowledge necessary to do so. This message shows me that you honestly don't care about what security actually is, you just care about the end-user experience. This is NOT the same thing. As such, my opinion of your authority on the subject matter has diminished severely. You are entitled to your opinion, but I would ask you to consider that this is a policy forum, not an ad hominem shooting match. True security involves knowing what the risks are. Mozilla's policy for root inclusion tries to reduce the uncertainty for end-users; unfortunately, as has been pointed out repeatedly, there is still far too much uncertainty for end-users in Comodo's operations. The point I have made is that the discussion of Comodo's operations is outside scope of this forum. You may feel that you have an opinion, and you have a right to it. However, this forum is not for the investigation of breaches or failures to comply with policies. If you dislike that, don't start a war against me. Suggest a policy change to Mozilla. If you want wordings, try this: x. Any breaches of security or failures to comply will be discussed in the policy forum of Mozilla, a ruling by consensus delivered, and will be binding on the CA. Don't disagree with me in a post, do something. Write the proposal, change the policy. Words are less important than acts. They have lost my trust, the same way that you have. Now over to you. Act, not talk. Make a dispute resolution forum happen. On 28/12/08 14:21, Eddy Nigg wrote: On 12/28/2008 02:46 PM, Ian G: 1. Certs: All end-users who rely on these certs will lose. That probably numbers in the millions. All subscribers will lose, probably in the thousands. The CA will lose; potentially it will lose its revenue stream, or have it sliced in half (say), which is what we would call in business circles a plausible bankrupcy event. Not relevant. Well! If they are not relevant, then perhaps we can turn SSL off, with no consequences? If Nelson can upbraid me for ad hominem attacks, I'm going to upbraid you for ad absurdem arguments. TLS (can we PLEASE stop using SSL, since the last version of SSL that got ratified by any standards organization was SSLv2, and SSLv3 is a hack that reached internet-draft phase but was never formally recognized?) has the option of negotiating a secure connection without the use of any certificates at all. (Further, SSLv3 also had the same mechanism.) There's still the endpoint confidentiality concept -- nobody between the client and the server that the client is talking to can hear what's being said between them. The problem that certificates (or key continuity management) is designed to solve is the problem where the client thinks it's talking to one server, when it's really talking to another (the fraudulent endpoint attack in the case where the server-endpoint doesn't pass any data to the real server, and the man in the middle attack in the case it does). Er, Kyle, you are off on a tangent here. My point with Eddy was fully addressed by him pointing out that he was only dealing with the last sentance, I thought he was referring to the earlier sentances. A reasonable clarification. To ignore the obvious legal ramifications (agreements in RPAs, disclaimers to end-users, potential lawsuits ...) would be negligence, IMHO. We know the ramifications exist. We know they may be serious. We know that assertations of security are being made to end-users. Hence to continue making these assertations, and not treat them seriously would be negligence. I personally choose not to follow that path into negligence, and will continue to consider the legal ramifications, which leads to the question of how we consider them. In my mind (and this is not legal advice, merely a statement of thought presented for the purposes of argument), Mozilla has a duty to me as an end-user to uphold the letter and spirit of its CA Certificate Policy. I've already presented my thought on how a full tort could be
Re: dropping the root is useless
On 12/29/2008 03:09 AM, Ian G: The point I have made is that the discussion of Comodo's operations is outside scope of this forum. You may feel that you have an opinion, and you have a right to it. However, this forum is not for the investigation of breaches or failures to comply with policies. If you dislike that, don't start a war against me. Suggest a policy change to Mozilla. If you want wordings, try this: x. Any breaches of security or failures to comply will be discussed in the policy forum of Mozilla, a ruling by consensus delivered, and will be binding on the CA. I don't think you are entirely correct, Ian. The community has its say, is free to discuss, suggest, propose, vent its anger and more. The ultimate decision lies with Frank and Mozilla's management, however discussions, suggestions, opinions, proposals are an important part of shaping those decisions I think. I'm saying this from experience as many times the mentioned above influenced decisions and/or resulted directly in actions. I think this is what makes Mozilla incredible unique. Not every objection, suggestion or proposal results in a standing ovation obviously, but overall I'm quite pleased. And it's a two way street many times, as members of Mozilla and the community made suggestions or voiced their opinion, which directly lead to changes at the company *I* run. Sometimes this happened in the public forums, sometimes in private. The decisions are taken obviously elsewhere, however this forum directly influenced some them. In that respect I disagree that this forum isn't the right place to discuss, disclose, propose, exchange thoughts and even investigate. I wouldn't know a better place. And in the same time, I'd disagree that the community should make the ultimate decision, the responsibility is clearly with the Mozilla Foundation (?) and must be decided there. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/28/2008 3:45 PM, Kyle Hamilton wrote [in part]: CertStar was found out, only due to the diligence of someone on this list. How many other RAs haven't been found out yet? We can't know, because Comodo won't say. This affects the confidence I have in their system (i.e., it removes ALL confidence that Mozilla extended on my behalf). Actually, Eddy discovered the problem only through the fortuitous receipt of spam from CertStar. If he had not received the spam -- even if others had received it -- it is possible the problem would never have been discovered. This is why the discovery is so frightening. Now that it is known that a subordinate reseller operating under one CA issued certificates without authenticating the identity of the subscribers, we know that the theoretical concern expressed (before all this) about resellers is no longer theoretical. NOW is the time to require that all CAs supervise the operations of their RAs and resellers. This must be done in a way that independent audits of the CAs examine the implementation of such supervision, which can be accomplished by requiring (at least with respect to the Mozilla database) that CPs explicitly address how that supervision is performed. Either a CA's CP must explicitly state that there are NO external RAs or resellers, or else the CP must describe how external subordinates are monitored. Without this, a CA's request to have its root certificate included in the Mozilla database should be denied. Since an audit will generally report on the implementation of such a policy but not necessarily on the policy's adequacy, the internal and public reviews of CA requests must examine the adequacy of the CA's policy for monitoring external subordinates. -- David E. Ross http://www.rossde.com/ Go to Mozdev at http://www.mozdev.org/ for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
David E. Ross wrote, On 2008-12-28 21:40 PST: Now that it is known that a subordinate reseller operating under one CA issued certificates without authenticating the identity of the subscribers, we know that the theoretical concern expressed (before all this) about resellers is no longer theoretical. NOW is the time to require that all CAs supervise the operations of their RAs and resellers. This must be done in a way that independent audits of the CAs examine the implementation of such supervision, which can be accomplished by requiring (at least with respect to the Mozilla database) that CPs explicitly address how that supervision is performed. Either a CA's CP must explicitly state that there are NO external RAs or resellers, or else the CP must describe how external subordinates are monitored. Without this, a CA's request to have its root certificate included in the Mozilla database should be denied. +1 Perhaps the policy should even go so far, as Kai has suggested, as to require that whatever entity performs the verification of subject identity for the CA must be audited. Section 6 of the policy requires that all CAs whose certificates are distributed with our software products must prior to issuing certificates, verify certificate signing requests in a manner that we deem acceptable, and provide attestation of their conformance to the stated verification requirements and other operational criteria by a competent independent party or parties with access to details of the CA's internal operations. I think that last part clearly assumed that the verification requirements were part of the CA's internal operations, an assumption that we now know is untrue. So, I would suggest changing it from access to details of the CA's internal operations to access to the details of the operations that verify the certificate signing requests, whether internal or external Since an audit will generally report on the implementation of such a policy but not necessarily on the policy's adequacy, the internal and public reviews of CA requests must examine the adequacy of the CA's policy for monitoring external subordinates. Yes. Agreed. I think the policy should define some parameters (bounds) for determining the adequacy of CSR verification. It is acceptable to have hundreds of parties each responsible for verifying CSRs for a single CA (single issuer)? If not, what limit should apply? I'd like to see any statements made by Mozilla at the beginning of the week of public review to explicitly speak to the CSR verification process, and whether it is internal or external, and how many RAs (or parties entrusted with verifying CSRs) exist for the particular CA (organization), and the number of CSR verification parties per subordinate CA. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: dropping the root is useless
On 12/28/2008 9:42 AM Eddy Nigg cranked up the brainbox and said: On 12/28/2008 04:24 PM, Ian G: No, I'm afraid there is an agreement to list the root, under a policy. Once listed, Mozilla has to operate according to its side of the bargain. Apparently you are reading something I haven't. Apparently, but that doesn't mean it's invalid. Mozilla can't act arbitrarily and without cause and expect to retain any shred of respect or trustworthiness. A policy not adhered to is worthless. That's for the specific certstar case. Domain validation isn't performed by Comodo on a wide scale apparently and perhaps no validation is performed at all. Yes, perhaps, and perhaps they send out certs to anyone who asks nicely, but we have little evidence to support these suppositions. Rather than having a kneejerk reaction of removing Comodo from the root list, why don't we examine the situation. This reseller was not acting according to proper procedure. Comodo immediately revoked their reseller status, and reviewed their certs. Further, they've said they're reviewing their policies to ensure this doesn't happen again. Given their candor and quick response, what more do you require that you feel you're not getting that justified removing them as a root CA? I really think you're going overboard. Form what I see, I'm not alone in that assessment. You did a good job in bringing this to light. Having the issues you uncovered addressed and fixed should be sufficient. Why do we need to take punitive action that will do nothing but punish tens of thousands of other Comodo customers and millions of users? -- Grey Hodge email [ grey @ burntelectrons.org ] web [ http://burntelectrons.org ] tag [ Don't touch that! You might mutate your fingers! ] motto [ Make everything as simple as possible, but no simpler. - Einstein ] ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
