On 07/30/2014 09:17 PM, Kathleen Wilson wrote: > On 7/28/14, 11:00 AM, Brian Smith wrote: >> I suggest that, instead of including the cross-signing certificates in >> the NSS certificate database, the mozilla::pkix code should be changed >> to look up those certificates when attempting to find them through NSS >> fails. That way, Firefox and other products that use NSS will have a >> lot more flexibility in how they handle the compatibility logic. > > > There's already a bug for fetching missing intermediates: > https://bugzilla.mozilla.org/show_bug.cgi?id=399324 > > I think it would help with removal of roots (the remaining 1024-bit roots, > non-BR-complaint roots, SHA1 roots, retired roots, etc.), and IE has been > supporting this capability for a long time. > > So, Should we do this? > Does it introduce security concerns?
It definitely introduces non-deterministic behavior controlled by a potential MitM attacker, in addition being hard to debug. Example: 1. client requests certificate indicated via AIA over http (common in IE) 2. MitM attacker supplies one that triggers known bug - attacker can control what is being exploited 3. remote code execution or chain validation success that shouldn't happen I personally think that factorization of 1024-bit RSA roots or SHA-1 collisions is much harder than exploiting certificate validation code. Regards, Ondrej _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy