There could be multiple reasons for xcerts from internal policies to controlled
trust stores. It depends on the root and the company. Part of the reason the
FPKI has xcerts is for both those reasons. Companies may only want to use their
root. They may not want to rely on the trust bundle approach or have internal
policies that there must be mutual trust. I think this group has seen some
examples of questionable audits.
Ken
Message: 4
Date: Tue, 6 Sep 2016 14:10:19 +00
From: Peter Gutmann <pgut...@cs.auckland.ac.nz>
To: Peter Bowen <pzbo...@gmail.com>, Gervase Markham
<g...@mozilla.org>
Cc: Richard Wang <rich...@wosign.com>,
"mozilla-dev-security-pol...@lists.mozilla.org"
<mozilla-dev-security-pol...@lists.mozilla.org>
Subject: Re: [FORGED] Re: Incidents involving the CA WoSign
Message-ID: <1473170991071.38...@cs.auckland.ac.nz>
Content-Type: text/plain; charset="iso-8859-1"
Peter Bowen <pzbo...@gmail.com> writes:
>In addition to the direct impact, I note that WoSign is the subject of cross-
>signatures from a number of other CAs that chain back to roots in the Mozilla
>program (or were in the program).
This is incredible, it's like a hydra. Do the BRs say anything about this
type of cross-certification, or is it just "find as many other CAs as you can
to cross-certify you so you can't be killed".
Why would a public CA even need cross-certification from other CAs?
Peter.
Ken
-----Original Message-----
From: dev-security-policy
[mailto:dev-security-policy-bounces+kenneth.myers=protiviti....@lists.mozilla.org]
On Behalf Of dev-security-policy-requ...@lists.mozilla.org
Sent: Tuesday, September 6, 2016 10:19
To: dev-security-policy@lists.mozilla.org
Subject: dev-security-policy Digest, Vol 93, Issue 34
Send dev-security-policy mailing list submissions to
dev-security-policy@lists.mozilla.org
To subscribe or unsubscribe via the World Wide Web, visit
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.mozilla.org_listinfo_dev-2Dsecurity-2Dpolicy&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=3DxgIVrE6qM1HU21hDF7kWz-URTpSuAa2CzJ9fhbisw&e=
or, via email, send a message with subject or body 'help' to
dev-security-policy-requ...@lists.mozilla.org
You can reach the person managing the list at
dev-security-policy-ow...@lists.mozilla.org
When replying, please edit your Subject line so it is more specific than "Re:
Contents of dev-security-policy digest..."
Today's Topics:
1. Re: Sanctions short of distrust (Jakob Bohm)
2. Re: Sanctions short of distrust (Kurt Roeckx)
3. Re: Incidents involving the CA WoSign (Peter Gutmann)
4. Re: [FORGED] Re: Incidents involving the CA WoSign (Peter Gutmann)
5. Re: Sanctions short of distrust (Jakob Bohm)
6. Re: Incidents involving the CA WoSign (Jakob Bohm)
----------------------------------------------------------------------
Message: 1
Date: Tue, 6 Sep 2016 14:16:32 +0200
From: Jakob Bohm <jb-mozi...@wisemo.com>
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Sanctions short of distrust
Message-ID: <rvydna3-rae8llpknz2dnuu7-lxnn...@mozilla.org>
Content-Type: text/plain; charset=utf-8; format=flowed
On 06/09/2016 10:25, Kurt Roeckx wrote:
> On 2016-09-06 10:13, Nick Lamb wrote:
>> Quality of implementation for OCSP stapling seems to remain poor in
>> at least apache and nginx, two of the most popular servers. Apache's
>> in particular gives me that OpenSSL "We read this standards document
>> and implemented everything in it as a series of config options
>> without any understanding" feeling, rather than Apache's maintainers
>> taking it upon themselves to figure out what will actually work best
>> for most servers and implementing that.
>
> If you think there is something we can do in OpenSSL to improve this,
> please let us know.
>
>
Here are a list of software where I have personally observed bad OCSP stapling
support:
OpenSSL 1.0.x itself: There are hooks to provide stapled leaf OCSP responses in
sessions, but no meaningful sample code to do this right (e.g. caching, error
handling etc.) I am working on my own add-on code for this, but it is not
complete and not deployed.
There is no builtin support for multistapling and no clear documentation on
how to add arbitrary TLS extensions (such as this) to an OpenSSL application.
OpenSSL 1.1.x itself: This is a heavily rewritten library and very new at this
time, basic reliability procedures suggest waiting a few patch levels before
deployment.
Stunnel stand alone SSL/TLS filter (used with e.g. Varnish reverse
proxies): OCSP stapling is on their TODO-list, but not yet included.
Pound light-weight reverse proxy with SSL/TLS front end: No OCSP stapling
support in the standard version.
IIS for Windows Server 2008 (latest IIS supporting pure 32 bit
configurations): No obvious (if any) OCSP stapling support.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.wisemo.com&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=6fqktmkS-VMGXPnE5Am_4CIFFk0921lO5fh4HUxVxMc&e=
Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
------------------------------
Message: 2
Date: Tue, 6 Sep 2016 15:37:50 +0200
From: Kurt Roeckx <k...@roeckx.be>
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Sanctions short of distrust
Message-ID: <06kdnukjkjcyw1pknz2dnuu7-annn...@mozilla.org>
Content-Type: text/plain; charset=utf-8; format=flowed
On 2016-09-06 14:16, Jakob Bohm wrote:
> On 06/09/2016 10:25, Kurt Roeckx wrote:
>> If you think there is something we can do in OpenSSL to improve this,
>> please let us know.
>
> Here are a list of software where I have personally observed bad OCSP
> stapling support:
>
> OpenSSL 1.0.x itself: There are hooks to provide stapled leaf OCSP
> responses in sessions, but no meaningful sample code to do this right
> (e.g. caching, error handling etc.) I am working on my own add-on code
> for this, but it is not complete and not deployed.
As far as I know the functions for that are:
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_manmaster_ssl_SSL-5Fset-5Ftlsext-5Fstatus-5Ftype.html&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=3XfGC0sf6JNBNjhp2OUj-Vo5am2mA-e_v-80wDHGmGE&e=
> There is no builtin support for multistapling and no clear
> documentation on how to add arbitrary TLS extensions (such as this) to
> an OpenSSL application.
SSL_CTX_add_server_custom_ext() was added in 1.0.2, see
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_manmaster_ssl_SSL-5FCTX-5Fadd-5Fserver-5Fcustom-5Fext.html&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=l7DjxqeCNx20l6TmHoxv_N--WwDVJlh7u1mCeHXG2L4&e=
PS: I just found:
https://urldefense.proofpoint.com/v2/url?u=https-3A__istlsfastyet.com_&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=2yhWRWfJwOCRJW_0w037OyfK_nrac9UkepMQGW4eYBo&e=
This is probably also getting a little off topic.
Kurt
------------------------------
Message: 3
Date: Tue, 6 Sep 2016 13:58:40 +0000
From: Peter Gutmann <pgut...@cs.auckland.ac.nz>
To: Matt Palmer <mpal...@hezmatt.org>,
"dev-security-policy@lists.mozilla.org"
<dev-security-policy@lists.mozilla.org>
Subject: Re: Incidents involving the CA WoSign
Message-ID: <1473170291507.10...@cs.auckland.ac.nz>
Content-Type: text/plain; charset="iso-8859-1"
Matt Palmer <mpal...@hezmatt.org> writes:
>Our of curiosity, is anyone keeping a tally of the number of times WoSign has
>said, "yep, they're all logged now", only to have more unlogged certificates
>turn up? This is starting to feel like a bit of a repeat of DigiNotar,
We apologise for the fault in the CA. Those responsible have been sacked. Mynd
you, m??se bites Kan be pretti nasti... We apologise again for the fault in
the CA. Those responsible for sacking the people who have just been sacked
have been sacked. M??se trained by YUTTE HERMSGERV?RDENBR?TB?RDA Special M??se
Effects OLAF PROT M??se Costumes SIGGI CHURCHILLM??se Choreographed by HORST
PROT III. The directors of the CA hired to continue the credits after the
other people had been sacked, wish it to be known that they have just been
sacked. The credits have been completed in an entirely different CA,
definitely not StartCom or StartSSL, no really, just WoSign, pay no attention
to the shell company in the UK, it's only WoSign not StartCom, at great
expense and with legal threats. Executive Producer Eddy Nigg and
Gaohua^H^H^H^H^HRichard Wang.
Peter.
------------------------------
Message: 4
Date: Tue, 6 Sep 2016 14:10:19 +0000
From: Peter Gutmann <pgut...@cs.auckland.ac.nz>
To: Peter Bowen <pzbo...@gmail.com>, Gervase Markham
<g...@mozilla.org>
Cc: Richard Wang <rich...@wosign.com>,
"mozilla-dev-security-pol...@lists.mozilla.org"
<mozilla-dev-security-pol...@lists.mozilla.org>
Subject: Re: [FORGED] Re: Incidents involving the CA WoSign
Message-ID: <1473170991071.38...@cs.auckland.ac.nz>
Content-Type: text/plain; charset="iso-8859-1"
Peter Bowen <pzbo...@gmail.com> writes:
>In addition to the direct impact, I note that WoSign is the subject of cross-
>signatures from a number of other CAs that chain back to roots in the Mozilla
>program (or were in the program).
This is incredible, it's like a hydra. Do the BRs say anything about this
type of cross-certification, or is it just "find as many other CAs as you can
to cross-certify you so you can't be killed".
Why would a public CA even need cross-certification from other CAs?
Peter.
------------------------------
Message: 5
Date: Tue, 6 Sep 2016 16:14:43 +0200
From: Jakob Bohm <jb-mozi...@wisemo.com>
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Sanctions short of distrust
Message-ID: <kqydnxo2x-jjulpknz2dnuu7-lpnn...@mozilla.org>
Content-Type: text/plain; charset=utf-8; format=flowed
On 06/09/2016 15:37, Kurt Roeckx wrote:
> On 2016-09-06 14:16, Jakob Bohm wrote:
>> On 06/09/2016 10:25, Kurt Roeckx wrote:
>>> If you think there is something we can do in OpenSSL to improve this,
>>> please let us know.
>>
>> Here are a list of software where I have personally observed bad OCSP
>> stapling support:
>>
>> OpenSSL 1.0.x itself: There are hooks to provide stapled leaf OCSP
>> responses in sessions, but no meaningful sample code to do this right
>> (e.g. caching, error handling etc.) I am working on my own add-on code
>> for this, but it is not complete and not deployed.
>
> As far as I know the functions for that are:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_manmaster_ssl_SSL-5Fset-5Ftlsext-5Fstatus-5Ftype.html&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=3XfGC0sf6JNBNjhp2OUj-Vo5am2mA-e_v-80wDHGmGE&e=
>
>> There is no builtin support for multistapling and no clear
>> documentation on how to add arbitrary TLS extensions (such as this) to
>> an OpenSSL application.
>
> SSL_CTX_add_server_custom_ext() was added in 1.0.2, see
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_manmaster_ssl_SSL-5FCTX-5Fadd-5Fserver-5Fcustom-5Fext.html&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=l7DjxqeCNx20l6TmHoxv_N--WwDVJlh7u1mCeHXG2L4&e=
>
Neither of those calls (which I know) provide the lacking
functionality. Specifically, the _tlsext_ OCSP calls require each
server to design and build its own OCSP response acquisition and
caching code. While the _server_custom_ functions seemingly lack the
functionality to implement multistapling, at least as I read them.
>
> PS: I just found:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__istlsfastyet.com_&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=2yhWRWfJwOCRJW_0w037OyfK_nrac9UkepMQGW4eYBo&e=
>
> This is probably also getting a little off topic.
>
But yes, the details of OpenSSL are off-topic in this newsgroup, this
was merely two entries in a long list of HTTPS server implementations
that cannot be easily configured to send the OCSP stapling responses
that some other posters suggested would be an appropriate workaround
for half-bad CAs.
The point of the list was simply to explain why requiring OCSP stapling
would not work on the current Internet.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.wisemo.com&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=6fqktmkS-VMGXPnE5Am_4CIFFk0921lO5fh4HUxVxMc&e=
Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
------------------------------
Message: 6
Date: Tue, 6 Sep 2016 16:18:08 +0200
From: Jakob Bohm <jb-mozi...@wisemo.com>
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Incidents involving the CA WoSign
Message-ID: <v6-dnznapeq8tvpknz2dnuu7-ffnn...@mozilla.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
On 06/09/2016 15:58, Peter Gutmann wrote:
> Matt Palmer <mpal...@hezmatt.org> writes:
>
>> Our of curiosity, is anyone keeping a tally of the number of times WoSign has
>> said, "yep, they're all logged now", only to have more unlogged certificates
>> turn up? This is starting to feel like a bit of a repeat of DigiNotar,
>
> We apologise for the fault in the CA. Those responsible have been sacked. Mynd
> you, m??se bites Kan be pretti nasti... We apologise again for the fault in
> the CA. Those responsible for sacking the people who have just been sacked
> have been sacked. M??se trained by YUTTE HERMSGERV?RDENBR?TB?RDA Special M??se
> Effects OLAF PROT M??se Costumes SIGGI CHURCHILLM??se Choreographed by HORST
> PROT III. The directors of the CA hired to continue the credits after the
> other people had been sacked, wish it to be known that they have just been
> sacked. The credits have been completed in an entirely different CA,
> definitely not StartCom or StartSSL, no really, just WoSign, pay no attention
> to the shell company in the UK, it's only WoSign not StartCom, at great
> expense and with legal threats. Executive Producer Eddy Nigg and
> Gaohua^H^H^H^H^HRichard Wang.
>
> Peter.
>
H?H?H? *
*=The standard way of writing a derisive laughter in response to a bad
unfunny joke.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.wisemo.com&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=6fqktmkS-VMGXPnE5Am_4CIFFk0921lO5fh4HUxVxMc&e=
Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
------------------------------
Subject: Digest Footer
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.mozilla.org_listinfo_dev-2Dsecurity-2Dpolicy&d=DQICAg&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=gx-RPkgIBbnv1o7pHc6J2JDA0hiijyCDt6lIsqVJaTk&s=3DxgIVrE6qM1HU21hDF7kWz-URTpSuAa2CzJ9fhbisw&e=
------------------------------
End of dev-security-policy Digest, Vol 93, Issue 34
***************************************************
NOTICE: Protiviti is a global consulting and internal audit firm composed of
experts specializing in risk and advisory services. Protiviti is not licensed
or registered as a public accounting firm and does not issue opinions on
financial statements or offer attestation services. This electronic mail
message is intended exclusively for the individual or entity to which it is
addressed. This message, together with any attachment, may contain confidential
and privileged information. Any views, opinions or conclusions expressed in
this message are those of the individual sender and do not necessarily reflect
the views of Protiviti Inc. or its affiliates. Any unauthorized review, use,
printing, copying, retention, disclosure or distribution is strictly
prohibited. If you have received this message in error, please immediately
advise the sender by reply email message to the sender and delete all copies of
this message. Thank you.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
