Re: Want to learn TLS certificate verification best practices

2016-10-04 Thread Ben Cottrell 
Hi Gervase,

On Mon, Oct 03, 2016 at 09:49:20AM +0100, Gervase Markham wrote:
> This question might be better off in mozilla.dev.tech.crypto.

OK, understood. Thanks for the redirect.

Although, you've given me enough to chew on already that I'm not
likely to immediately go post over there, either. I think your
response was immensely helpful, specifically the pointer to Brian
Smith. His writeup at  is
very much along the lines of the kind of best-practices document
I was hoping to find.

I'm going to go away and chew on RFC4158 (which I wasn't aware
of previously) for a while, and if I have more questions after
that I will post on mozilla.dev.tech.crypto.

You rock! Thanks!

~Ben
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Re: Want to learn TLS certificate verification best practices

2016-10-03 Thread Gervase Markham 
Hi Ben,

This question might be better off in mozilla.dev.tech.crypto.

On 30/09/16 23:00, Ben Cottrell wrote:
> I'm working on an (unfortunately closed-source) project that needs
> to closely approximate the behavior of an actual web browser, in
> the limited scope of making HTTPS connections and accurately warning
> about certificate problems.

You know about:
https://www.ssllabs.com/ssltest/
right? It seems like they have already done all the work you are
planning to do, including handshake simulation.

> 1. In as much detail as possible, what steps does Firefox take to
>verify certificates? If there's a formal engineering spec that
>describes the whole process, I'd love a pointer to it.

No, I don't think so, sorry. Read the code :-|

>Specifically, I'm interested in questions like: Does Firefox even
>bother with "traditional" CRLs, 

No, it doesn't.

> or does it rely entirely on OCSP
>and/or stapling from the server? What X.509 extensions does it pay
>attention to on the certificates? Does Firefox implement the
>entirety of RFC5280 section 6 or does it omit things like policy
>mapping and permitted subtrees? Does it use Authority Key
>Identifier / Subject Key Identifier, as the RFC suggests, *only* in
>cases where the issuer/subject DNs are ambiguous, or does it treat
>the key identifiers (if present) as the primary source of truth?

Many of these are questions about NSS, the security library we use,
hence my suggestion of asking elsewhere.

> 2. How bad is OpenSSL's certificate-verifying behavior, really? I know
>you folks felt like you had to write mozilla::pkix from scratch to
>get the quality you needed. And it's true that I haven't yet tried
>to make OpenSSL do OCSP, so I'm not sure yet how hard that will be.

I don't think just pinching OpenSSL's library was ever an option, but I
wasn't deep in those technical discussions. We don't use OpenSSL in
Firefox at all.

> I'd also be happy with pointers to best-practices type documents that
> you folks trust. What did the people who wrote mozilla::pkix read, as
> preparation for that project? 

That project was mostly coded by Brian Smith, who no longer works for
Mozilla, but can be found quite easily:
https://github.com/briansmith

Gerv

___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Want to learn TLS certificate verification best practices

2016-09-30 Thread Ben Cottrell 
Hi all,

I'm working on an (unfortunately closed-source) project that needs
to closely approximate the behavior of an actual web browser, in
the limited scope of making HTTPS connections and accurately warning
about certificate problems. So I need to learn about "what real
browsers do" and it seems to me that the people on this list are
probably some pretty good giants to stand on the shoulders of!

Here's what I've read already:
* Joshua Davies, "Implementing SSL/TLS," chapter 5 ("creating
  a network of trust using X.509 certificates")
* RFC5280 section 6 (path validation)
* RFC6960 (OCSP)
* RFC6066 section 8 (OCSP stapling)
* RFC6961 (multiple-response OCSP stapling)
So I have an idea of what kinds of protocols and standards are out
there, but what I'm missing is how (and to what extent) all these
protocols get used in practice by real browsers.

I think I have two main questions:

1. In as much detail as possible, what steps does Firefox take to
   verify certificates? If there's a formal engineering spec that
   describes the whole process, I'd love a pointer to it.

   Specifically, I'm interested in questions like: Does Firefox even
   bother with "traditional" CRLs, or does it rely entirely on OCSP
   and/or stapling from the server? What X.509 extensions does it pay
   attention to on the certificates? Does Firefox implement the
   entirety of RFC5280 section 6 or does it omit things like policy
   mapping and permitted subtrees? Does it use Authority Key
   Identifier / Subject Key Identifier, as the RFC suggests, *only* in
   cases where the issuer/subject DNs are ambiguous, or does it treat
   the key identifiers (if present) as the primary source of truth?

2. How bad is OpenSSL's certificate-verifying behavior, really? I know
   you folks felt like you had to write mozilla::pkix from scratch to
   get the quality you needed. And it's true that I haven't yet tried
   to make OpenSSL do OCSP, so I'm not sure yet how hard that will be.

   But just talking about the basic bread and butter of RFC5280 section
   6, if we populate the certificate store, turn on SSL_VERIFY_PEER,
   and just let it do its thing, would we be getting behavior that is
   95% the same as what a real browser would do? 80% the same? 40%?

I'd also be happy with pointers to best-practices type documents that
you folks trust. What did the people who wrote mozilla::pkix read, as
preparation for that project? 

Thanks!!

~Ben
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform