There could be multiple reasons for xcerts from internal policies to controlled trust stores. It depends on the root and the company. Part of the reason the FPKI has xcerts is for both those reasons. Companies may only want to use their root. They may not want to rely on the trust bundle approach or have internal policies that there must be mutual trust. I think this group has seen some examples of questionable audits.
Ken Message: 4 Date: Tue, 6 Sep 2016 14:10:19 +00 From: Peter Gutmann <pgut...@cs.auckland.ac.nz> To: Peter Bowen <pzbo...@gmail.com>, Gervase Markham <g...@mozilla.org> Cc: Richard Wang <rich...@wosign.com>, "mozilla-dev-security-pol...@lists.mozilla.org" <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: [FORGED] Re: Incidents involving the CA WoSign Message-ID: <1473170991071.38...@cs.auckland.ac.nz> Content-Type: text/plain; charset="iso-8859-1" Peter Bowen <pzbo...@gmail.com> writes: >In addition to the direct impact, I note that WoSign is the subject of cross- >signatures from a number of other CAs that chain back to roots in the Mozilla >program (or were in the program). This is incredible, it's like a hydra. Do the BRs say anything about this type of cross-certification, or is it just "find as many other CAs as you can to cross-certify you so you can't be killed". Why would a public CA even need cross-certification from other CAs? Peter. Ken -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+kenneth.myers=protiviti....@lists.mozilla.org] On Behalf Of dev-security-policy-requ...@lists.mozilla.org Sent: Tuesday, September 6, 2016 10:19 To: dev-security-policy@lists.mozilla.org Subject: dev-security-policy Digest, Vol 93, Issue 34 Send dev-security-policy mailing list submissions to dev-security-policy@lists.mozilla.org To subscribe or unsubscribe via the World Wide Web, visit https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.mozilla.org_listinfo_dev-2Dsecurity-2Dpolicy&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=3DxgIVrE6qM1HU21hDF7kWz-URTpSuAa2CzJ9fhbisw&e= or, via email, send a message with subject or body 'help' to dev-security-policy-requ...@lists.mozilla.org You can reach the person managing the list at dev-security-policy-ow...@lists.mozilla.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dev-security-policy digest..." Today's Topics: 1. Re: Sanctions short of distrust (Jakob Bohm) 2. Re: Sanctions short of distrust (Kurt Roeckx) 3. Re: Incidents involving the CA WoSign (Peter Gutmann) 4. Re: [FORGED] Re: Incidents involving the CA WoSign (Peter Gutmann) 5. Re: Sanctions short of distrust (Jakob Bohm) 6. Re: Incidents involving the CA WoSign (Jakob Bohm) ---------------------------------------------------------------------- Message: 1 Date: Tue, 6 Sep 2016 14:16:32 +0200 From: Jakob Bohm <jb-mozi...@wisemo.com> To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Sanctions short of distrust Message-ID: <rvydna3-rae8llpknz2dnuu7-lxnn...@mozilla.org> Content-Type: text/plain; charset=utf-8; format=flowed On 06/09/2016 10:25, Kurt Roeckx wrote: > On 2016-09-06 10:13, Nick Lamb wrote: >> Quality of implementation for OCSP stapling seems to remain poor in >> at least apache and nginx, two of the most popular servers. Apache's >> in particular gives me that OpenSSL "We read this standards document >> and implemented everything in it as a series of config options >> without any understanding" feeling, rather than Apache's maintainers >> taking it upon themselves to figure out what will actually work best >> for most servers and implementing that. > > If you think there is something we can do in OpenSSL to improve this, > please let us know. > > Here are a list of software where I have personally observed bad OCSP stapling support: OpenSSL 1.0.x itself: There are hooks to provide stapled leaf OCSP responses in sessions, but no meaningful sample code to do this right (e.g. caching, error handling etc.) I am working on my own add-on code for this, but it is not complete and not deployed. There is no builtin support for multistapling and no clear documentation on how to add arbitrary TLS extensions (such as this) to an OpenSSL application. OpenSSL 1.1.x itself: This is a heavily rewritten library and very new at this time, basic reliability procedures suggest waiting a few patch levels before deployment. Stunnel stand alone SSL/TLS filter (used with e.g. Varnish reverse proxies): OCSP stapling is on their TODO-list, but not yet included. Pound light-weight reverse proxy with SSL/TLS front end: No OCSP stapling support in the standard version. IIS for Windows Server 2008 (latest IIS supporting pure 32 bit configurations): No obvious (if any) OCSP stapling support. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://urldefense.proofpoint.com/v2/url?u=https-3A__www.wisemo.com&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=6fqktmkS-VMGXPnE5Am_4CIFFk0921lO5fh4HUxVxMc&e= Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ------------------------------ Message: 2 Date: Tue, 6 Sep 2016 15:37:50 +0200 From: Kurt Roeckx <k...@roeckx.be> To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Sanctions short of distrust Message-ID: <06kdnukjkjcyw1pknz2dnuu7-annn...@mozilla.org> Content-Type: text/plain; charset=utf-8; format=flowed On 2016-09-06 14:16, Jakob Bohm wrote: > On 06/09/2016 10:25, Kurt Roeckx wrote: >> If you think there is something we can do in OpenSSL to improve this, >> please let us know. > > Here are a list of software where I have personally observed bad OCSP > stapling support: > > OpenSSL 1.0.x itself: There are hooks to provide stapled leaf OCSP > responses in sessions, but no meaningful sample code to do this right > (e.g. caching, error handling etc.) I am working on my own add-on code > for this, but it is not complete and not deployed. As far as I know the functions for that are: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_manmaster_ssl_SSL-5Fset-5Ftlsext-5Fstatus-5Ftype.html&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=3XfGC0sf6JNBNjhp2OUj-Vo5am2mA-e_v-80wDHGmGE&e= > There is no builtin support for multistapling and no clear > documentation on how to add arbitrary TLS extensions (such as this) to > an OpenSSL application. SSL_CTX_add_server_custom_ext() was added in 1.0.2, see https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_manmaster_ssl_SSL-5FCTX-5Fadd-5Fserver-5Fcustom-5Fext.html&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=l7DjxqeCNx20l6TmHoxv_N--WwDVJlh7u1mCeHXG2L4&e= PS: I just found: https://urldefense.proofpoint.com/v2/url?u=https-3A__istlsfastyet.com_&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=2yhWRWfJwOCRJW_0w037OyfK_nrac9UkepMQGW4eYBo&e= This is probably also getting a little off topic. Kurt ------------------------------ Message: 3 Date: Tue, 6 Sep 2016 13:58:40 +0000 From: Peter Gutmann <pgut...@cs.auckland.ac.nz> To: Matt Palmer <mpal...@hezmatt.org>, "dev-security-policy@lists.mozilla.org" <dev-security-policy@lists.mozilla.org> Subject: Re: Incidents involving the CA WoSign Message-ID: <1473170291507.10...@cs.auckland.ac.nz> Content-Type: text/plain; charset="iso-8859-1" Matt Palmer <mpal...@hezmatt.org> writes: >Our of curiosity, is anyone keeping a tally of the number of times WoSign has >said, "yep, they're all logged now", only to have more unlogged certificates >turn up? This is starting to feel like a bit of a repeat of DigiNotar, We apologise for the fault in the CA. Those responsible have been sacked. Mynd you, m??se bites Kan be pretti nasti... We apologise again for the fault in the CA. Those responsible for sacking the people who have just been sacked have been sacked. M??se trained by YUTTE HERMSGERV?RDENBR?TB?RDA Special M??se Effects OLAF PROT M??se Costumes SIGGI CHURCHILLM??se Choreographed by HORST PROT III. The directors of the CA hired to continue the credits after the other people had been sacked, wish it to be known that they have just been sacked. The credits have been completed in an entirely different CA, definitely not StartCom or StartSSL, no really, just WoSign, pay no attention to the shell company in the UK, it's only WoSign not StartCom, at great expense and with legal threats. Executive Producer Eddy Nigg and Gaohua^H^H^H^H^HRichard Wang. Peter. ------------------------------ Message: 4 Date: Tue, 6 Sep 2016 14:10:19 +0000 From: Peter Gutmann <pgut...@cs.auckland.ac.nz> To: Peter Bowen <pzbo...@gmail.com>, Gervase Markham <g...@mozilla.org> Cc: Richard Wang <rich...@wosign.com>, "mozilla-dev-security-pol...@lists.mozilla.org" <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: [FORGED] Re: Incidents involving the CA WoSign Message-ID: <1473170991071.38...@cs.auckland.ac.nz> Content-Type: text/plain; charset="iso-8859-1" Peter Bowen <pzbo...@gmail.com> writes: >In addition to the direct impact, I note that WoSign is the subject of cross- >signatures from a number of other CAs that chain back to roots in the Mozilla >program (or were in the program). This is incredible, it's like a hydra. Do the BRs say anything about this type of cross-certification, or is it just "find as many other CAs as you can to cross-certify you so you can't be killed". Why would a public CA even need cross-certification from other CAs? Peter. ------------------------------ Message: 5 Date: Tue, 6 Sep 2016 16:14:43 +0200 From: Jakob Bohm <jb-mozi...@wisemo.com> To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Sanctions short of distrust Message-ID: <kqydnxo2x-jjulpknz2dnuu7-lpnn...@mozilla.org> Content-Type: text/plain; charset=utf-8; format=flowed On 06/09/2016 15:37, Kurt Roeckx wrote: > On 2016-09-06 14:16, Jakob Bohm wrote: >> On 06/09/2016 10:25, Kurt Roeckx wrote: >>> If you think there is something we can do in OpenSSL to improve this, >>> please let us know. >> >> Here are a list of software where I have personally observed bad OCSP >> stapling support: >> >> OpenSSL 1.0.x itself: There are hooks to provide stapled leaf OCSP >> responses in sessions, but no meaningful sample code to do this right >> (e.g. caching, error handling etc.) I am working on my own add-on code >> for this, but it is not complete and not deployed. > > As far as I know the functions for that are: > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_manmaster_ssl_SSL-5Fset-5Ftlsext-5Fstatus-5Ftype.html&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=3XfGC0sf6JNBNjhp2OUj-Vo5am2mA-e_v-80wDHGmGE&e= > >> There is no builtin support for multistapling and no clear >> documentation on how to add arbitrary TLS extensions (such as this) to >> an OpenSSL application. > > SSL_CTX_add_server_custom_ext() was added in 1.0.2, see > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_manmaster_ssl_SSL-5FCTX-5Fadd-5Fserver-5Fcustom-5Fext.html&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=l7DjxqeCNx20l6TmHoxv_N--WwDVJlh7u1mCeHXG2L4&e= > Neither of those calls (which I know) provide the lacking functionality. Specifically, the _tlsext_ OCSP calls require each server to design and build its own OCSP response acquisition and caching code. While the _server_custom_ functions seemingly lack the functionality to implement multistapling, at least as I read them. > > PS: I just found: > https://urldefense.proofpoint.com/v2/url?u=https-3A__istlsfastyet.com_&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=2yhWRWfJwOCRJW_0w037OyfK_nrac9UkepMQGW4eYBo&e= > > This is probably also getting a little off topic. > But yes, the details of OpenSSL are off-topic in this newsgroup, this was merely two entries in a long list of HTTPS server implementations that cannot be easily configured to send the OCSP stapling responses that some other posters suggested would be an appropriate workaround for half-bad CAs. The point of the list was simply to explain why requiring OCSP stapling would not work on the current Internet. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://urldefense.proofpoint.com/v2/url?u=https-3A__www.wisemo.com&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=6fqktmkS-VMGXPnE5Am_4CIFFk0921lO5fh4HUxVxMc&e= Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ------------------------------ Message: 6 Date: Tue, 6 Sep 2016 16:18:08 +0200 From: Jakob Bohm <jb-mozi...@wisemo.com> To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Incidents involving the CA WoSign Message-ID: <v6-dnznapeq8tvpknz2dnuu7-ffnn...@mozilla.org> Content-Type: text/plain; charset=windows-1252; format=flowed On 06/09/2016 15:58, Peter Gutmann wrote: > Matt Palmer <mpal...@hezmatt.org> writes: > >> Our of curiosity, is anyone keeping a tally of the number of times WoSign has >> said, "yep, they're all logged now", only to have more unlogged certificates >> turn up? This is starting to feel like a bit of a repeat of DigiNotar, > > We apologise for the fault in the CA. Those responsible have been sacked. Mynd > you, m??se bites Kan be pretti nasti... We apologise again for the fault in > the CA. Those responsible for sacking the people who have just been sacked > have been sacked. M??se trained by YUTTE HERMSGERV?RDENBR?TB?RDA Special M??se > Effects OLAF PROT M??se Costumes SIGGI CHURCHILLM??se Choreographed by HORST > PROT III. The directors of the CA hired to continue the credits after the > other people had been sacked, wish it to be known that they have just been > sacked. The credits have been completed in an entirely different CA, > definitely not StartCom or StartSSL, no really, just WoSign, pay no attention > to the shell company in the UK, it's only WoSign not StartCom, at great > expense and with legal threats. Executive Producer Eddy Nigg and > Gaohua^H^H^H^H^HRichard Wang. > > Peter. > H?H?H? * *=The standard way of writing a derisive laughter in response to a bad unfunny joke. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://urldefense.proofpoint.com/v2/url?u=https-3A__www.wisemo.com&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=6fqktmkS-VMGXPnE5Am_4CIFFk0921lO5fh4HUxVxMc&e= Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ------------------------------ Subject: Digest Footer _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.mozilla.org_listinfo_dev-2Dsecurity-2Dpolicy&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=3DxgIVrE6qM1HU21hDF7kWz-URTpSuAa2CzJ9fhbisw&e= ------------------------------ End of dev-security-policy Digest, Vol 93, Issue 34 *************************************************** NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy