Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On Tue, Sep 13, 2011 at 11:55 PM, Ted Cooper ml-nanog0903...@elcsplace.com wrote: As claimed by the DigiNotar hacker - He compromised their servers but Eddy was manually approving certs at the time and so no certs were signed. There was information about it on the site, but it seems to be gone now. Articles still show a screenshot of the message you're talking about [1] , but the site was back alive in July when I needed a certificate. A separate notice on another part of the company's site says that its services would be unavailable until June 20, [2] I've certainly been able to issue certificates for myself since then. indeed, cool! I was able to have a site cert issued lastnight as well. This is (for me) good news :) -chris
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
The problem that I see with browser response to self-signed (or org generated) certs is not the warning(s) but the assertion that the cert is invalid. Not issued by one of the players in the Protection Racket does not make the cert invalid. It may be untrustable, unreliable, from an unknown and/or unverifiable source, but it IS a valid cert. Certs in a revocation list or malformed certs are invalid. After all, the Diginotar certs were 'valid', until revoked. Apparently the (arbitrary) inclusion or exclusion of a root cert by each browser creator or distributer is equated with validity. By removing the Diginotar root cert, suddenly ALL Diginotar certs are now reported to end users as Invalid? By refusing to include a CACert root certificate, no CACert certificate is 'valid'? I think not. -- -=[L]=- Hand typed on my Remington portable
Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases)
And to end this thread as this effectively ends Diginotar troubles for the Interwebz: Dutch official statement: http://www.opta.nl/nl/actueel/alle-publicaties/publicatie/?id=3469 English Summary OPTA revokes Diginotar License as TTP: http://www.circleid.com/posts/opta_revokes_diginotar_license_as_ttp/ Greets, Jeroen
Re: Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases)
On Wed, 2011-09-14 at 19:16 +0200, Jeroen Massar wrote: And to end this thread as this effectively ends Diginotar troubles for the Interwebz: Dutch official statement: http://www.opta.nl/nl/actueel/alle-publicaties/publicatie/?id=3469 Bedankt. Vertaling (my own translation, niet slecht voor een buitenlander) OPTA regulates the Dutch communications market including consumer protection. OPTA has now ended the registration of Diginotar as a supplier of authorised certificates for electronic signatures. An investigation by OPTA revealed the trustworthiness of approved certificates from Diginotar can no longer be guaranteed. This means the business of issuing authorised certificates must stop and no new authorised certificates must be issued. -- With best regards, Paul. England, EU.
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
*a random php programmer shows* He, I just want to self-sign my CERT's and remove the ugly warning that browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I just don't want to use cleartext for internet data transfer. HTTP is like telnet, and HTTPS is like ssh. But with ssh is just can connect, with browsers theres this ugly warning and fuck you, self-signed certificate from the browsers. Please make the pain stop!. --Tei -- -- ℱin del ℳensaje.
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
Once upon a time, Tei oscar.vi...@gmail.com said: He, I just want to self-sign my CERT's and remove the ugly warning that browsers shows. SSL without some verification of the far end is useless, as a man-in-the-middle attack can create self-signed certs just as easily. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
Really? You can just connect with SSH? root@somebox:~# ssh 1.2.3.4 The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established. RSA key fingerprint is 03:26:2c:b2:cd:fd:05:fc:87:70:4b:06:58:40:e7:c3. Are you sure you want to continue connecting (yes/no)? That's no different that having to permanently accept a self-signed SSL cert... - Pete On 9/13/2011 10:29 AM, Tei wrote: *a random php programmer shows* He, I just want to self-sign my CERT's and remove the ugly warning that browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I just don't want to use cleartext for internet data transfer. HTTP is like telnet, and HTTPS is like ssh. But with ssh is just can connect, with browsers theres this ugly warning and fuck you, self-signed certificate from the browsers. Please make the pain stop!. --Tei
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On 9/13/2011 10:29 AM, Tei wrote: *a random php programmer shows* He, I just want to self-sign my CERT's and remove the ugly warning that browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I just don't want to use cleartext for internet data transfer. HTTP is like telnet, and HTTPS is like ssh. But with ssh is just can connect, with browsers theres this ugly warning and fuck you, self-signed certificate from the browsers. Please make the pain stop!. With ssh, you will get a warning if the remote host key is not known, with a fingerprint and advice not to accept it if you don't know if it is correct. This is a direct analog to the warning that the remote host's certificate cannot be verified. In both cases, you are given the chance to accept the key/certificate and continue going; depending on the implementation, you might also be given the option to accept it once or forever. Ssh is actually prone to bigger, uglier, more explicit you probably don't want to trust this warnings, especially about things like key changes.
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On Tue, Sep 13, 2011 at 09:45:39AM -0500, Chris Adams wrote: Once upon a time, Tei oscar.vi...@gmail.com said: He, I just want to self-sign my CERT's and remove the ugly warning that browsers shows. SSL without some verification of the far end is useless, as a man-in-the-middle attack can create self-signed certs just as easily. It protects against attacks where the attacker merely monitors the traffic between the two endpoints. As you suggest, it does not protect against MITM, but that's different from being useless. The value of protecting against the former but not the latter may vary by situation, but it's not always zero. Not all attackers/attacks that can sniff also have the capability and willingness to MITM. (And even SSL w/ endpoint verification isn't absolute security. For example, it doesn't protect against endpoint compromises. But that doesn't make it endpoint verification useless.) -- Brett
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On Tue, 13 Sep 2011 16:29:30 +0200, Tei said: He, I just want to self-sign my CERT's and remove the ugly warning that browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I The warning is there for a *reason* - namely that if you have a self-signed cert, a first time visitor has *zero* way to verify it's *your* self-signed cert and not some hijacker's self-signed cert. just don't want to use cleartext for internet data transfer. HTTP is like telnet, and HTTPS is like ssh. But with ssh is just can connect, with browsers theres this ugly warning and fuck you, self-signed certificate from the browsers. Please make the pain stop!. If you use SSH to connect, and either ignore the host key has changed or authenticity can't be established, continue connecting? messages, you get what you deserve - those are the *exact* same issues that your browser warns about self-signed certs. And if you *don't* ignore them on SSH - why do you want to ignore them on SSL? Note that there's another big difference between SSH and SSL - the number of people who are allowed to SSH to a given machine is (a) usually small and (b) pre-identified up front. So if Fred gets an unknown host key while SSH'ing to the server you just set up, that's probably not a big issue because you presumably know who Fred is and just created an account for him, so you can supply him with the footprint of the SSH host key to double-verify. That does *not* scale to Internet-facing web services. Of course, if you have a *private* *internal* webserver with limited users, you're free to use a self-signed cert and use your browser's handy Add security exemption dialog and check Permanent. pgpzM9i1B2oHD.pgp Description: PGP signature
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
Once upon a time, Brett Frankenberger rbf+na...@panix.com said: On Tue, Sep 13, 2011 at 09:45:39AM -0500, Chris Adams wrote: Once upon a time, Tei oscar.vi...@gmail.com said: He, I just want to self-sign my CERT's and remove the ugly warning that browsers shows. SSL without some verification of the far end is useless, as a man-in-the-middle attack can create self-signed certs just as easily. It protects against attacks where the attacker merely monitors the traffic between the two endpoints. Someone who can monitor can most likely inject false traffic and thus MITM. In any case, a system that is supposed to provide end-to-end security shouldn't be considered secure if it can be easily bypassed. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
At 22-07-28164 20:59, Tei wrote: *a random php programmer shows* He, I just want to self-sign my CERT's and remove the ugly warning that browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I just don't want to use cleartext for internet data transfer. HTTP is like telnet, and HTTPS is like ssh. But with ssh is just can connect, with browsers theres this ugly warning and fuck you, self-signed certificate from the browsers. Please make the pain stop!. --Tei No need for (financial) pain, there are free of charge ssl certificates available, see for example: http://www.startssl.com/?app=1 http://www.cacert.org/
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
Once upon a time, valdis.kletni...@vt.edu valdis.kletni...@vt.edu said: If you use SSH to connect, and either ignore the host key has changed or authenticity can't be established, continue connecting? messages, you get what you deserve - those are the *exact* same issues that your browser warns about self-signed certs. And if you *don't* ignore them on SSH - why do you want to ignore them on SSL? A big difference between SSH keys and SSL certificates is that SSL certs have a built-in expiration date (which is a good thing, as nothing is secure forever). When that expiration date rolls around, the admin may create a new key/cert pair, rather than just renewing the previous cert, which would cause all the visitors that accepted the previous cert to get a new and nastier warning that the cert has changed. How do the visitors know the difference between this case and a hijack/MITM? Certs are almost guaranteed to change over time as technology changes. For example, it used to be common to have 512 bit certs with an MD5 signature hash. Now 1024 bit and SHA1 are the norm, and many are moving to 2048 bit (and some to stronger hashes). Having people get used to periodically accepting a changed cert defeats the purpose of signed certs (and again, effectively breaks SSL). -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On 2011-09-13 20:26, Christopher Morrow wrote: On Tue, Sep 13, 2011 at 11:22 AM, Michiel Klavermich...@klaver.it wrote: No need for (financial) pain, there are free of charge ssl certificates available, see for example: http://www.startssl.com/?app=1 eddy stopped issuing Huh? I'm a bit lost here, since I had two StartSSL certs issued yesterday afternoon. Jima
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On Tue, Sep 13, 2011 at 11:33 PM, Jima na...@jima.tk wrote: On 2011-09-13 20:26, Christopher Morrow wrote: On Tue, Sep 13, 2011 at 11:22 AM, Michiel Klavermich...@klaver.it wrote: No need for (financial) pain, there are free of charge ssl certificates available, see for example: http://www.startssl.com/?app=1 eddy stopped issuing Huh? I'm a bit lost here, since I had two StartSSL certs issued yesterday afternoon. orly? wierd, they made a press release ~last-june (I think?) stating they were stopping issuance indefinitely. I do hope they are actually issuing again :) I like my random numbers to be free. -chris
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On Tue, Sep 13, 2011 at 11:44 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Tue, Sep 13, 2011 at 11:33 PM, Jima na...@jima.tk wrote: On 2011-09-13 20:26, Christopher Morrow wrote: On Tue, Sep 13, 2011 at 11:22 AM, Michiel Klavermich...@klaver.it wrote: No need for (financial) pain, there are free of charge ssl certificates available, see for example: http://www.startssl.com/?app=1 eddy stopped issuing Huh? I'm a bit lost here, since I had two StartSSL certs issued yesterday afternoon. orly? wierd, they made a press release ~last-june (I think?) stating they were stopping issuance indefinitely. I do hope they are actually issuing again :) http://threatpost.com/en_us/blogs/ca-startssl-compromised-says-certificates-not-affected-062111 has a link to the startssl page about this, which doesn't appear to load for me (now)... maybe they are back in business! I like my random numbers to be free. -chris
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On 14/09/11 13:44, Christopher Morrow wrote: On Tue, Sep 13, 2011 at 11:33 PM, Jima na...@jima.tk wrote: Huh? I'm a bit lost here, since I had two StartSSL certs issued yesterday afternoon. orly? wierd, they made a press release ~last-june (I think?) stating they were stopping issuance indefinitely. I do hope they are actually issuing again :) I like my random numbers to be free. As claimed by the DigiNotar hacker - He compromised their servers but Eddy was manually approving certs at the time and so no certs were signed. There was information about it on the site, but it seems to be gone now. Articles still show a screenshot of the message you're talking about [1] , but the site was back alive in July when I needed a certificate. A separate notice on another part of the company's site says that its services would be unavailable until June 20, [2] I've certainly been able to issue certificates for myself since then. [1] http://news.netcraft.com/archives/2011/06/22/startssl-suspends-services-after-security-breach.html [2] http://threatpost.com/en_us/blogs/ca-startssl-compromised-says-certificates-not-affected-062111
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On Mon, 12 Sep 2011 04:39:52 -, Marcus Reid said: You don't have to have the big fat Mozilla root cert bundle on your machines. Some OSes ship with an empty /etc/ssl, nobody tells you who you trust. And for those OS's (who are they, anyhow) that ship empty bundles, how many CAs do you end up trusting anyhow? How about a TXT record with the CN string of the CA cert subject in it? If it exists and there's a conflict, don't trust it. Seems simple enough to implement without too much collateral damage. Needs to be a DNSSEC-validated TXT record, or you've opened yourself up to attacks via DNS poisoning (either insert a malicious TXT that matches your malicious certificate, or insert a malicious TXT that intentionally *doesn't* match the vicitm's certificate) pgpNi8okd9oAi.pgp Description: PGP signature
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, 11 Sep 2011 22:01:47 EDT, Christopher Morrow said: If I have a thawte cert for valdis.com on host A and one from comodo on host B... which is the right one? You wouldn't have 2 certs for that... I'd have *one* cert for that. And if when you got to the IP address you were trying to reach, the cert didn't validate as matching the hostname, you know something fishy is up. And if you *do* have two certs for it, I'd like to talk to the bozos at Thawte and Comodo who obviously didn't check the paperwork. ;) pgp8spbP9GxtJ.pgp Description: PGP signature
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Hank and everyone, This is a very interesting problem. As it happens, some folks in the IETF have anticipated this one. For those who are interested, Paul Hoffman and Jakob Schlyter have been working within the DANE working group at the IETF to provide for a means to alleviate some of the responsibility of the browser vendors as to who gets to decide what is a valid certificate, by allowing for that burden to be shifted to the subject through the use of secure DNS. A list of hashes is published in the subject's domain indicating what are valid certificates. And so if a CA went rogue, the subject domains would be able to indicate to the browser that something is afoot. For more information, please see http://datatracker.ietf.org/wg/dane/. Eliot On 9/12/11 7:22 AM, Hank Nussbacher wrote: At 13:00 11/09/2011 -0600, Keith Medcalf wrote: Damian Menscher wrote on 2011-09-11: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. And therein is the root of the problem: Trustworthiness is assessed by what you refer to as the browser vendors. Unfortunately, there is no Trustworthiness assessment of those vendors. The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. It is nothing more than theatre and provides no actual security benefit whatsoever. Anyone believing otherwise is operating under a delusion. The problem is about lack of pen-testing and a philosphy of security. In order to run a CA, one not only has to build the infrastructure but also have constant external pen-testing and patch management in place. Whether it be Comodo or RSA or now Diginotar, unless an overwhelming philosphy of computer and network security is paradigmed into the corporate DNA, this will keep happening - and not only to CAs but to the likes of Google, Cisco, Microsoft, etc. (read - APT attacks). If 60% of your employees will plug in a USB drive they find in the parking lot, then you have failed: http://www.bloomberg.com/news/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html The problem for us as a community if to find a benchmark of which company does have a clue vs those that don't. Until then, it will just be whack-a-mole/CA. -Hank --- Keith Medcalf () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
Mike, On Sun, Sep 11, 2011 at 8:44 PM, Mike Jones m...@mikejones.in wrote: It will take a while to get updated browsers rolled out to enough users for it do be practical to start using DNS based self-signed certificated instead of CA-Signed certificates, so why don't any browsers have support yet? are any of them working on it? Chrome v 14 works with DNS stapled certificates, sort of a hack. ( http://www.imperialviolet.org/2011/06/16/dnssecchrome.html ) There are other proposals/ideas out there, completely different to DANE / DNSSEC, like http://perspectives-project.org/ / http://convergence.io/ . Regard, Martin
RE: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
-Original Message- From: Gregory Edigarov [mailto:g...@bestnet.kharkov.ua] I.e. instead of a set of trusted CAs there will be one distributed net of servers, that act as a cert storage? I do not see how that could help... Well, I do not even see how can one trust any certificate that is issued by commercial organization. There should be a government body to issue certificates then ;-) But Gregory is right, you cannot really trust anybody completely. Even the larger and more respectable commercial organisations will be unable to resist insert intel organisation here when they ask for dodgy certs so they can intercept something.. No, as soon as you have somebody who is not yourself in control without any third party verifiably independent oversight then you have to carefully define what you mean by trust. -- Leigh Porter __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Steinar, On Sun, Sep 11, 2011 at 8:12 PM, sth...@nethelp.no wrote: To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? I'd say we have every reason to believe that something similar *will* happen again :-( Something similar, including use of purchased (not only limited to stolen certs), is ongoing already, all of the time. (I had a fellow IRC-chat-friend report from a certain very western-allied middle eastern country that there's ISP/state-scale SSL-MITM ongoing there, for all https traffic.) The comment on starting out with an empty /etc/ssl is valid. Most of the normally included CA's you almost never run into on the wild web anyway. There were some blog postings about this last time a CA was busted. Shave off 90% of them and you have at least come a bit on the way (goal 100%). The absence of proof is *not* proof of absence, and in this particular case it's pretty safe to assume some abuse is ongoing somewhere, 24/7. Cheers, Martin
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sep 11, 2011, at 11:06 PM, Hughes, Scott GRE-MG wrote: Companies that wrap their services with generic domain names (paymybills.com and the like) have no one to blame but themselves when they are targeted by scammers and phishing schemes. Even EV certificates don't help when consumers are blinded by subsidiary companies and sister companies daily (Motorola Mobility a.k.a. Google vs. Motorola Solutions.) GE Money Bank is notorious for this… from a retail store's main page they redirect you to https://www3.onlinecreditcenter6.com. (No-EV certificate, either.) -cjp
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Except that this just shifts the burden of trust on to DNSSEC, which also necessitates a central authority of 'trust'. Unless there's an explicitly more secure way of storing DNSSEC private keys, this just moves the bullseye from CAs to DNSSEC signers. Jason On Mon, Sep 12, 2011 at 5:30 AM, Eliot Lear l...@cisco.com wrote: Hank and everyone, This is a very interesting problem. As it happens, some folks in the IETF have anticipated this one. For those who are interested, Paul Hoffman and Jakob Schlyter have been working within the DANE working group at the IETF to provide for a means to alleviate some of the responsibility of the browser vendors as to who gets to decide what is a valid certificate, by allowing for that burden to be shifted to the subject through the use of secure DNS. A list of hashes is published in the subject's domain indicating what are valid certificates. And so if a CA went rogue, the subject domains would be able to indicate to the browser that something is afoot. For more information, please see http://datatracker.ietf.org/wg/dane/. Eliot On 9/12/11 7:22 AM, Hank Nussbacher wrote: At 13:00 11/09/2011 -0600, Keith Medcalf wrote: Damian Menscher wrote on 2011-09-11: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. And therein is the root of the problem: Trustworthiness is assessed by what you refer to as the browser vendors. Unfortunately, there is no Trustworthiness assessment of those vendors. The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. It is nothing more than theatre and provides no actual security benefit whatsoever. Anyone believing otherwise is operating under a delusion. The problem is about lack of pen-testing and a philosphy of security. In order to run a CA, one not only has to build the infrastructure but also have constant external pen-testing and patch management in place. Whether it be Comodo or RSA or now Diginotar, unless an overwhelming philosphy of computer and network security is paradigmed into the corporate DNA, this will keep happening - and not only to CAs but to the likes of Google, Cisco, Microsoft, etc. (read - APT attacks). If 60% of your employees will plug in a USB drive they find in the parking lot, then you have failed: http://www.bloomberg.com/news/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html The problem for us as a community if to find a benchmark of which company does have a clue vs those that don't. Until then, it will just be whack-a-mole/CA. -Hank --- Keith Medcalf () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
But Gregory is right, you cannot really trust anybody completely. Even the larger and more respectable commercial organisations will be unable to resist insert intel organisation here when they ask for dodgy certs so they can intercept something.. No, as soon as you have somebody who is not yourself in control without any third party verifiably independent oversight then you have to carefully define what you mean by trust. i am having trouble with all this. i am supposed to only trust myself to identify citibank's web site? and what to i smoke to get that knowledge? let's get real here. with dane, i trust whoever runs dns for citibank to identify the cert for citibank. this seems much more reasonable than other approaches, though i admit to not having dived deeply into them all. randy
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
Randy Bush wrote: But Gregory is right, you cannot really trust anybody completely. Even the larger and more respectable commercial organisations will be unable to resist insert intel organisation here when they ask for dodgy certs so they can intercept something.. No, as soon as you have somebody who is not yourself in control without any third party verifiably independent oversight then you have to carefully define what you mean by trust. i am having trouble with all this. i am supposed to only trust myself to identify citibank's web site? and what to i smoke to get that knowledge? let's get real here. with dane, i trust whoever runs dns for citibank to identify the cert for citibank. this seems much more reasonable than other approaches, though i admit to not having dived deeply into them all. It seems to me that this depends a lot on how much you can tolerate single points of failure. The current de-trusting is certainly going to cause trouble for whoever used that CA, but the internet didn't roll over and die either. If the root DNS keys were compromised in an all DNS rooted world... unhappiness would ensue in great volume. Mike, poison and choices...
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
with dane, i trust whoever runs dns for citibank to identify the cert for citibank. this seems much more reasonable than other approaches, though i admit to not having dived deeply into them all. If the root DNS keys were compromised in an all DNS rooted world... unhappiness would ensue in great volume. as eliot pointed out, to defeat dane as currently written, you would have to compromise dnssec at the same time as you compromised the CA at the same time as you ran the mitm. i.e. it _adds_ dnssec assurance to CA trust. randy
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
as eliot pointed out, to defeat dane as currently written, you would have to compromise dnssec at the same time as you compromised the CA at the same time as you ran the mitm. i.e. it _adds_ dnssec assurance to CA trust. Yes, I saw that. It also drives up complexity too and makes you wonder what the added value of those cert vendors is for the money you're forking over. Especially when you consider the criticality of dns naming for everything except web site host names using tls. And how long would it be before browsers allowed self-signed-but-ok'ed-using-dnssec-protected-cert-hashes? agree
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Mon, Sep 12, 2011 at 5:09 PM, Michael Thomas m...@mtcc.com wrote: And how long would it be before browsers allowed self-signed-but-ok'ed-using-dnssec-protected-cert-hashes? As previously mentioned, Chrome = v14 already does. Regards, Martin
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Mon, Sep 12, 2011 at 4:39 AM, valdis.kletni...@vt.edu wrote: On Sun, 11 Sep 2011 22:01:47 EDT, Christopher Morrow said: If I have a thawte cert for valdis.com on host A and one from comodo on host B... which is the right one? You wouldn't have 2 certs for that... I'd have *one* cert for that. And if when you got to the IP address you were trying to reach, the cert didn't validate as matching the hostname, you know something fishy is up. And if you *do* have two certs for it, I'd like to talk to the bozos at Thawte and Comodo who obviously didn't check the paperwork. ;) this has already happened with mozilla.com, google.com, microsoft.com my point was that as a user, and as a service operator, what in today's CA world helps me know that the service operator's certificate is what my user-client sees? some 'trust' in the fact that thawte/comodo/verisign/cnnic didn't issue a cert for the service-operator's service incorrectly? I think I need a method that the service operator can use to signal to my user-client outside the certificate itself that the certificate #1234 is the 'right' one.
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
Martin Millnert wrote: On Mon, Sep 12, 2011 at 5:09 PM, Michael Thomas m...@mtcc.com wrote: And how long would it be before browsers allowed self-signed-but-ok'ed-using-dnssec-protected-cert-hashes? As previously mentioned, Chrome = v14 already does. The perils of coming in late in a thread :) Mike
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On 13/09/11 01:12, Randy Bush wrote: as eliot pointed out, to defeat dane as currently written, you would have to compromise dnssec at the same time as you compromised the CA at the same time as you ran the mitm. i.e. it _adds_ dnssec assurance to CA trust. Yes, I saw that. It also drives up complexity too and makes you wonder what the added value of those cert vendors is for the money you're forking over. Especially when you consider the criticality of dns naming for everything except web site host names using tls. And how long would it be before browsers allowed self-signed-but-ok'ed-using-dnssec-protected-cert-hashes? agree I would have thought that was a perfectly acceptable end point. The multiple CA's go away (oops), replaced with everyone being able to publish and authenticate their own certificates. The DNS has to be compromised to publish certificates, but if they've managed to do that, it doesn't matter what certificate you had in the first place. There are already public keys in the DNS for DKIM which work quite well. It lowers the cost for getting an SSL cert for your domain, but certainly not the security. Getting a cert for a domain is laughable these days. It's either too easy, or stupendously hard and ridiculous. EV certs are a joke as demonstrated by the thousands of people still getting phished since end users don't look at the address bar anyway. So long as it's encrypted and in some way secured against the domain, it's good enough isn't it?
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Mon, Sep 12, 2011 at 7:09 AM, Martin Millnert milln...@gmail.com wrote: Something similar, including use of purchased (not only limited to stolen certs), is ongoing already, all of the time. (I had a fellow IRC-chat-friend report from a certain very western-allied middle eastern country that there's ISP/state-scale SSL-MITM ongoing there, for all https traffic.) If this were true, don't you think your friend would provide an SSL cert? Damian -- Damian Menscher :: Security Reliability Engineer :: Google
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Mon, Sep 12, 2011 at 1:39 PM, Robert Bonomi bon...@mail.r-bonomi.com wrote: Date: Mon, 12 Sep 2011 11:22:11 -0400 Subject: Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates From: Christopher Morrow morrowc.li...@gmail.com I think I need a method that the service operator can use to signal to my user-client outside the certificate itself that the certificate #1234 is the 'right' one. A certificate that cdrtifies the crertificate is valid, maybe? so the DANE work does this, sort of... you sign (with dnssec) your cert fingerprint, the client does a lookup (requiring dnssec signed responses) to verify that the cert FP matches that which is in DNS. And why would you trust that any more than the origial certificate? at least in this case the domain owner (presumably the service owner in question) has signed (with their private key) the DNS content you get back. There are failure modes, but it's more in line with the service-owner/service-user level not some oddball thirdparty. Seriously, about the only way I see to ameliorate this kind of problem is for people to use self-signed certificates that are then authenticated by _multiple_ 'trust anchors'. If the end-user world raises warnings for a certificate 'authenticated' by say, less than five separate entities. then the compomise of any _single_ anchor is of pretty much 'no' value. Even better, let the user set the 'paranoia' level -- how many different 'trusted' authorities have to have authenticated the self-signed certificate before the user 'really trusts' it. this almost sounds like GPS position fixing... 'require 4 satellites in view', or something along those lines. Interesting as an idea though. -chris
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On 12 September 2011 18:39, Robert Bonomi bon...@mail.r-bonomi.com wrote: Seriously, about the only way I see to ameliorate this kind of problem is for people to use self-signed certificates that are then authenticated by _multiple_ 'trust anchors'. If the end-user world raises warnings for a certificate 'authenticated' by say, less than five separate entities. then the compomise of any _single_ anchor is of pretty much 'no' value. Even better, let the user set the 'paranoia' level -- how many different 'trusted' authorities have to have authenticated the self-signed certificate before the user 'really trusts' it. So if I want my small website to support encryption, I now have to pay 5 companies, and hope that all my users have those 5 CAs in their browser? Much better to use the existing DNS infrastructure (that all 5 of them would likely be using for their validation anyway), and not have to pay anyone anything. - Mike
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
Subject: Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Date: Mon, Sep 12, 2011 at 11:46:04AM +0200 Quoting fredrik danerklint (fredan-na...@fredan.se): How about a TXT record with the CN string of the CA cert subject in it? If it exists and there's a conflict, don't trust it. Seems simple enough to implement without too much collateral damage. Needs to be a DNSSEC-validated TXT record, or you've opened yourself up to attacks via DNS poisoning (either insert a malicious TXT that matches your malicious certificate, or insert a malicious TXT that intentionally *doesn't* match the vicitm's certificate) And how do you validate the dnssec to make sure that noone has tampered with it. Since you are from Sweden, and in an IT job, you probably have personal relations to someone who has personal relations to one of the swedes or other nationalities that were present at the key ceremonies for the root. Once you've established that the signatures on the root KSK are good (which -- because of the above -- should be doable OOB quite easily for you) you can start validating the entire chain of trust. Quite trivial, in fact. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Am I in GRADUATE SCHOOL yet? signature.asc Description: Digital signature
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On Mon, 12 Sep 2011 22:31:59 +0200, Måns Nilsson said: Since you are from Sweden, and in an IT job, you probably have personal relations to someone who has personal relations to one of the swedes or other nationalities that were present at the key ceremonies for the root. Once you've established that the signatures on the root KSK are good (which -- because of the above -- should be doable OOB quite easily for you) you can start validating the entire chain of trust. Quite trivial, in fact. I'll note that the PGP strongly connected set has grown all the way to 45,000 or so keys in 2 decades of growth. There are several billion Internet users. What may be workable for Fredrik is probably *not* scalable to Joe Sixpack. pgpHk6Uevbz09.pgp Description: PGP signature
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
How about a TXT record with the CN string of the CA cert subject in it? If it exists and there's a conflict, don't trust it. Seems simple enough to implement without too much collateral damage. Needs to be a DNSSEC-validated TXT record, or you've opened yourself up to attacks via DNS poisoning (either insert a malicious TXT that matches your malicious certificate, or insert a malicious TXT that intentionally *doesn't* match the vicitm's certificate) And how do you validate the dnssec to make sure that noone has tampered with it. Since you are from Sweden, and in an IT job, you probably have personal relations to someone who has personal relations to one of the swedes or other nationalities that were present at the key ceremonies for the root. Once you've established that the signatures on the root KSK are good (which -- because of the above -- should be doable OOB quite easily for you) you can start validating the entire chain of trust. Quite trivial, in fact. and how about a end user, who doesn't understand a computer at all, to be able verify the signatures, correctly? -- //fredan
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
Mike Jones m...@mikejones.in wrote: DNSSEC deployment is advanced enough now to do that automatically at the client. Sadly not quite. DNSSEC does have the potential to provide an alternative public key infrastructure, and I'm keen to see that happen. But although it works well between authoritative servers and recursive resolvers, there are a lot of shitty DNS forwardersin CPE and captive portals and so on which do not understand DNSSEC. And DNSSEC does not work unless all the forwarders and recursors that you are using support it. So DNSSEC on the client has a long way to go. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Hebrides, Southeast Bailey: Westerly 5 to 7 until later in south Hebrides, otherwise northwesterly 3 or 4, increasing 5 to 7. Rough or very rough, occasionally high in south Hebrides. Rain or showers. Good, occasionally poor.
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote: On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: I like this response; instant CA death penalty seems to put the incentives about where they need to be. I wouldn't necessarily count them dead just yet; although their legit customers must be very unhappy waking up one day to find their legitimate working SSL certs suddenly unusable So DigiNotar lost their browser trusted root CA status. That doesn't necessarily mean they will be unable to get other root CAs to cross-sign CA certificates they will make in the future, for the right price. A cross-sign with CA:TRUE is just as good as being installed in users' browser. The problem here wasn't just that DigiNotar was compromised, but that they didn't have an audit trail and attempted a coverup which resulted in real harm to users. It will be difficult to re-gain the trust they lost. Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. Damian -- Damian Menscher :: Security Reliability Engineer :: Google
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Damian Menscher wrote: The problem here wasn't just that DigiNotar was compromised, but that they didn't have an audit trail and attempted a coverup which resulted in real harm to users. It will be difficult to re-gain the trust they lost. Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. Damian I'd be interested in hearing what you have to say about the hacker's claim at: http://pastebin.com/85WV10EL d) I'm able to issue windows update, Microsoft's statement about Windows Update and that I can't issue such update is totally false! I already reversed ENTIRE windows update protocol, how it reads XMLs via SSL which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API, and... Simply I can issue updates via windows update! Thanks, --Michael
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Cameron Byrne cb.li...@gmail.com writes: Yep. The CA business is one of trust. If the CA is not trusted, they are out of business. You can rewrite that: Trust is the CA business. Trust has a price. If the CA is not trusted, the price increases. Yes, they may end up out of business because of that price jump, but you should not neglect the fact that trust is for sale here. Bjørn
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On 9/10/11 23:30 , Damian Menscher wrote: On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote: On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: I like this response; instant CA death penalty seems to put the incentives about where they need to be. I wouldn't necessarily count them dead just yet; although their legit customers must be very unhappy waking up one day to find their legitimate working SSL certs suddenly unusable So DigiNotar lost their browser trusted root CA status. That doesn't necessarily mean they will be unable to get other root CAs to cross-sign CA certificates they will make in the future, for the right price. A cross-sign with CA:TRUE is just as good as being installed in users' browser. The problem here wasn't just that DigiNotar was compromised, but that they didn't have an audit trail and attempted a coverup which resulted in real harm to users. It will be difficult to re-gain the trust they lost. Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? Damian
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? I'd say we have every reason to believe that something similar *will* happen again :-( Steinar Haug, Nethelp consulting, sth...@nethelp.no
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? The average corporation much prefers to avoid the bad publicity and will downplay most bad things. Your favorite CA probably included. I think that it's hard to cope with SSL. It doesn't do the right things for the right reasons. Many of us, for example, operate local root CA's for signing of internal stuff; all our company gear trusts our local root CA and lots of stuff has certs issued by it. In an ideal world, this would mean that our gear talking to our gear is always secure, but with other root CA's able to offer certs for our CN's, that isn't really true. That's frustrating. The reality is that - for the average user - SSL doesn't work well unless about 99% of the CA's used by the general public are included as trusted. If a popular site like Blooble has a cert by DigiNotar and the Firerox browser is constantly asking what to do, nothing really good comes out of that ... either people think Firerox blows, or they learn to click on the ignore this (or worse the always trust this) button. In about 0.0% of the cases do they actually understand the underlying trust issues. So there's a great amount of pressure to just make it magically work. However, as the number of CA's accepted in most browsers increases, the security of the system as a whole decreases dramatically. Yet the market for $1000/year SSL certs is rather low, and the guys that are charging bargain rates for low quality certs are perhaps doing one good thing (enabling encryption) while simultaneously doing another bad thing (destroying any quality in the system). SSL is going to have these problems as long as we maintain the current model. In the long run, I expect all the CA's to behave something like this - especially the ones that have more to lose if they were to become suddenly untrustworthy. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
2011/9/11, Joel jaeggli joe...@bogus.com: On 9/10/11 23:30 , Damian Menscher wrote: On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote: On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: I like this response; instant CA death penalty seems to put the incentives about where they need to be. I wouldn't necessarily count them dead just yet; although their legit customers must be very unhappy waking up one day to find their legitimate working SSL certs suddenly unusable So DigiNotar lost their browser trusted root CA status. That doesn't necessarily mean they will be unable to get other root CAs to cross-sign CA certificates they will make in the future, for the right price. A cross-sign with CA:TRUE is just as good as being installed in users' browser. The problem here wasn't just that DigiNotar was compromised, but that they didn't have an audit trail and attempted a coverup which resulted in real harm to users. It will be difficult to re-gain the trust they lost. Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? Damian -- Enviado do meu celular Luciano P.Gomes http://lgomes00.blogspot.com/
Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote: You can rewrite that: Trust is the CA business. Trust has a price. If the CA is not trusted, the price increases. Yes, they may end up out of business because of that price jump, but you should not neglect the fact that trust is for sale here. The CA model is fundamentally flawed in the fact that you have CAs whose sole trustworthiness is the fact that they paid for an audit (for Microsoft, lower requirements for others), they then issue intermediate certificates to other companies (many web hosts and other minor companies have them) whose sole trustworthiness is the fact that they paid for an intermediate certificate, all of those companies/organisations/people are then considered trustworthy enough to confirm the identity of my web server despite the fact that none of them have any connection at all to me or my website. There is already a chain of trust down the DNS tree, if that is compromised then my SSL is already compromised (if they control my domain, they can verify they are me and get a certificate), what happened to RFC4398 and other such proposals? EV certificates have a different status and probably still need the CA model, however with standard SSL certificates the only validation done these days is checking someone has control over the domain. DNSSEC deployment is advanced enough now to do that automatically at the client. We just need browsers to start checking for certificates in DNS when making a HTTPS connection (and if one is found do client side DNSSEC validation - I don't trust my ISPs DNS servers to validate something like that, considering they are the ones likely to be intercepting my connections in the first place!). It will take a while to get updated browsers rolled out to enough users for it do be practical to start using DNS based self-signed certificated instead of CA-Signed certificates, so why don't any browsers have support yet? are any of them working on it? - Mike
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
There's an app^W^Wa Working Group for that. http://tools.ietf.org/wg/dane/ On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote: On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote: You can rewrite that: Trust is the CA business. Trust has a price. If the CA is not trusted, the price increases. Yes, they may end up out of business because of that price jump, but you should not neglect the fact that trust is for sale here. The CA model is fundamentally flawed in the fact that you have CAs whose sole trustworthiness is the fact that they paid for an audit (for Microsoft, lower requirements for others), they then issue intermediate certificates to other companies (many web hosts and other minor companies have them) whose sole trustworthiness is the fact that they paid for an intermediate certificate, all of those companies/organisations/people are then considered trustworthy enough to confirm the identity of my web server despite the fact that none of them have any connection at all to me or my website. There is already a chain of trust down the DNS tree, if that is compromised then my SSL is already compromised (if they control my domain, they can verify they are me and get a certificate), what happened to RFC4398 and other such proposals? EV certificates have a different status and probably still need the CA model, however with standard SSL certificates the only validation done these days is checking someone has control over the domain. DNSSEC deployment is advanced enough now to do that automatically at the client. We just need browsers to start checking for certificates in DNS when making a HTTPS connection (and if one is found do client side DNSSEC validation - I don't trust my ISPs DNS servers to validate something like that, considering they are the ones likely to be intercepting my connections in the first place!). It will take a while to get updated browsers rolled out to enough users for it do be practical to start using DNS based self-signed certificated instead of CA-Signed certificates, so why don't any browsers have support yet? are any of them working on it? - Mike
RE: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Damian Menscher wrote on 2011-09-11: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. And therein is the root of the problem: Trustworthiness is assessed by what you refer to as the browser vendors. Unfortunately, there is no Trustworthiness assessment of those vendors. The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. It is nothing more than theatre and provides no actual security benefit whatsoever. Anyone believing otherwise is operating under a delusion. --- Keith Medcalf () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, 11 Sep 2011 10:19:39 PDT, Joel jaeggli said: To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? I'm sure at least one of the other 250-odd certificates from 100-ish CA's trusted by most browsers now are actually trustworthy. There is no evidence at all that the average CA is any less trustworthy than the average DNS registrar. However, this isn't as big a problem as one might think - the *only* thing that an SSL sert gives you is you reached the host your browser tried to reach. It does *not* validate the host you intended to reach, or whether you should trust this host with your data, or any of a long set of interesting security issues. And that one question - did you reach the host your browser tried to reach doesn't really mean much unless you have DNS and routing security in place as well. After all, if the IP you get for www.my-bank.com is incorrect, or the route has been hijacked, what the cert says is pretty meaningless. Considering that we seem to muddle along just fine with a DNS that doesn't really do DNSSEC yet(*), and a lot of black and grey hat registrars out there, and no real BGP security either, maybe it isn't the sky is falling scenario that a lot of people want to make it. Or maybe we should all be even more worried. ;) (*) Has anybody actually enabled only accept DNSSEC-signed A records on an end user system and left it enabled for more than a day before giving up in disgust? ;) pgpC5Xn96bOYF.pgp Description: PGP signature
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, 11 Sep 2011 13:00:09 MDT, Keith Medcalf said: The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. Not strictly true. The current system at least gives you you have reached the hostname your browser tried to reach. A self-signed cert doesn't even give you that. pgpYXYAiRvyEY.pgp Description: PGP signature
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
I'm pretty fond of the idea proposed by gpgAuth.One key to rule them all (and one password) combined with the client verifying the server.It's still in its infancy, but it works. -A (Full disclosure: I work with the creator of gpgAuth in our day jobs) On Sun, Sep 11, 2011 at 11:47, Richard Barnes richard.bar...@gmail.com wrote: There's an app^W^Wa Working Group for that. http://tools.ietf.org/wg/dane/ On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote: On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote: You can rewrite that: Trust is the CA business. Trust has a price. If the CA is not trusted, the price increases. Yes, they may end up out of business because of that price jump, but you should not neglect the fact that trust is for sale here. The CA model is fundamentally flawed in the fact that you have CAs whose sole trustworthiness is the fact that they paid for an audit (for Microsoft, lower requirements for others), they then issue intermediate certificates to other companies (many web hosts and other minor companies have them) whose sole trustworthiness is the fact that they paid for an intermediate certificate, all of those companies/organisations/people are then considered trustworthy enough to confirm the identity of my web server despite the fact that none of them have any connection at all to me or my website. There is already a chain of trust down the DNS tree, if that is compromised then my SSL is already compromised (if they control my domain, they can verify they are me and get a certificate), what happened to RFC4398 and other such proposals? EV certificates have a different status and probably still need the CA model, however with standard SSL certificates the only validation done these days is checking someone has control over the domain. DNSSEC deployment is advanced enough now to do that automatically at the client. We just need browsers to start checking for certificates in DNS when making a HTTPS connection (and if one is found do client side DNSSEC validation - I don't trust my ISPs DNS servers to validate something like that, considering they are the ones likely to be intercepting my connections in the first place!). It will take a while to get updated browsers rolled out to enough users for it do be practical to start using DNS based self-signed certificated instead of CA-Signed certificates, so why don't any browsers have support yet? are any of them working on it? - Mike
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
https://bugzilla.mozilla.org/show_bug.cgi?id=647959 --- SNIP --- This is a request to add the CA root certificate for Honest Achmed's Used Cars and Certificates. The requested information as per the CA information checklist is as follows: 1. Name Honest Achmed's Used Cars and Certificates 2. Website URL www.honestachmed.dyndns.org 3. Organizational type Individual (Achmed, and possibly his cousin Mustafa, who knows a bit about computers). 4. Primary market / customer base Absolutely anyone who'll give us money. 5. Impact to Mozilla Users Achmed's business plan is to sell a sufficiently large number of certificates as quickly as possible in order to become too big to fail (see regulatory capture), at which point most of the rest of this application will become irrelevant. --- SNIP --- On Sun, Sep 11, 2011 at 5:20 PM, Aaron C. de Bruyn aa...@heyaaron.com wrote: I'm pretty fond of the idea proposed by gpgAuth.One key to rule them all (and one password) combined with the client verifying the server.It's still in its infancy, but it works. -A (Full disclosure: I work with the creator of gpgAuth in our day jobs) On Sun, Sep 11, 2011 at 11:47, Richard Barnes richard.bar...@gmail.com wrote: There's an app^W^Wa Working Group for that. http://tools.ietf.org/wg/dane/ On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote: On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote: You can rewrite that: Trust is the CA business. Trust has a price. If the CA is not trusted, the price increases. Yes, they may end up out of business because of that price jump, but you should not neglect the fact that trust is for sale here. The CA model is fundamentally flawed in the fact that you have CAs whose sole trustworthiness is the fact that they paid for an audit (for Microsoft, lower requirements for others), they then issue intermediate certificates to other companies (many web hosts and other minor companies have them) whose sole trustworthiness is the fact that they paid for an intermediate certificate, all of those companies/organisations/people are then considered trustworthy enough to confirm the identity of my web server despite the fact that none of them have any connection at all to me or my website. There is already a chain of trust down the DNS tree, if that is compromised then my SSL is already compromised (if they control my domain, they can verify they are me and get a certificate), what happened to RFC4398 and other such proposals? EV certificates have a different status and probably still need the CA model, however with standard SSL certificates the only validation done these days is checking someone has control over the domain. DNSSEC deployment is advanced enough now to do that automatically at the client. We just need browsers to start checking for certificates in DNS when making a HTTPS connection (and if one is found do client side DNSSEC validation - I don't trust my ISPs DNS servers to validate something like that, considering they are the ones likely to be intercepting my connections in the first place!). It will take a while to get updated browsers rolled out to enough users for it do be practical to start using DNS based self-signed certificated instead of CA-Signed certificates, so why don't any browsers have support yet? are any of them working on it? - Mike -- ^[:wq^M
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sun, 11 Sep 2011 15:20:51 PDT, Aaron C. de Bruyn said: I'm pretty fond of the idea proposed by gpgAuth.One key to rule them all (and one password) combined with the client verifying the server.It's still in its infancy, but it works. Yes, but it needs to be something that either (a) Joe Sixpack never sees, or (b) Joe Sixpack actually understands. Are either of those true? pgpgCroNNWNdf.pgp Description: PGP signature
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, Sep 11, 2011 at 1:30 AM, Damian Menscher dam...@google.com wrote: On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the I am not engaging in speculation that DigiNotar plans to continue to operate, they have already stated so much. http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx VASCO does not expect that the DigiNotar security incident will have a significant impact on the company’s future revenue or business plans. So long as DigiNotar can show what they are required to show when they would request re-signing, and another CA can legitimately cross-sign their cert, following that CA's official correct certification practices; it's unlikely to lead to the signer being revoked. As far as we know, DigiNotar is not dead, it is just a really great example showing how broken TLS security model is. The trust model hard-coded into the protocol is much weaker than the cryptography. Since the browsers already approved that root CA's certification practices. Particularly not if the cross-signer is one of the larger CAs such as Thawte or Verisign --- the browser might as well remove SSL support altogether, if they will perform a revokation that renders 40% of internet web server SSL certs invalid. -- -JH
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, Sep 11, 2011 at 4:02 PM, Jimmy Hess mysi...@gmail.com wrote: On Sun, Sep 11, 2011 at 1:30 AM, Damian Menscher dam...@google.com wrote: On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the I am not engaging in speculation that DigiNotar plans to continue to operate, they have already stated so much. http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx VASCO does not expect that the DigiNotar security incident will have a significant impact on the company’s future revenue or business plans. I think you are misinterpreting that statement -- I interpret it as meaning VASCO will continue to exist, and possibly buy another root CA to continue their business plans. (They had only recently acquired DigiNotar.) Damian -- Damian Menscher :: Security Reliability Engineer :: Google
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
In message 146102.1315769...@turing-police.cc.vt.edu, valdis.kletni...@vt.edu writes: (*) Has anybody actually enabled only accept DNSSEC-signed A records on an end user system and left it enabled for more than a day before giving up in disgust? ;) No. But I run with reject anything that doesn't validate and have for several years now and that doesn't suck. We will never be in a world where all DNS records validate unless we do DNSng and that DNSng requires that all answers be signed. Except as a academic exercise, I would never expect anyone would configure a validator to require that all answers validate as secure. DNSSEC gives you provable secure, provable insecure and bogus. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
somewhat rhetorically... On Sun, Sep 11, 2011 at 2:30 AM, Damian Menscher dam...@google.com wrote: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. given a list of ca's and certs to invalidate ... how large a list would be practical in a browser? (baked in I mean) (not very, relative to the size of the domain system today) Is this scalable? (no) Is this the only answer we have left? (no) -chris (I'm not sure what better answers there are to the situation we are in today, I do like the work in DANE-WG though... it'll be a while before it's practical to use though, I fear)
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sun, Sep 11, 2011 at 3:37 PM, valdis.kletni...@vt.edu wrote: On Sun, 11 Sep 2011 13:00:09 MDT, Keith Medcalf said: The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. Not strictly true. The current system at least gives you you have reached the hostname your browser tried to reach. A self-signed cert doesn't even give you that. really? even in the face of CA's that have signed certs for existing domains (to not the domain owners)? If I have a thawte cert for valdis.com on host A and one from comodo on host B... which is the right one?
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote: EV certificates have a different status and probably still need the CA model what's the real benefit of an EV cert? (to the service owner, not the CA, the CA benefit is pretty clearly $$) -chris (I've never seen the value in EV or even DV certs really... so I'm actually curious what the value other see in them is)
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow morrowc.li...@gmail.com wrote: what's the real benefit of an EV cert? (to the service owner, not the CA, the CA benefit is pretty clearly $$) The benefit is to the end user. They see a green address bar with the company's name displayed. Yeah, company's name displayed -- individuals cannot apply for EVSSL certs. With normal certs, the end user doesn't see a green address bar, and instead of the company's name displayed (unknown) is displayed and This web site does not supply ownership information. is displayed. If you ask me, hiding the company's name even when present on a non-EVSSL cert is tantamount to saying Only EV-SSL certs are really trusted anyways. So maybe instead of these shenanigans browser makers should have just started displaying a don't trust this site warning for any non-EVSSL cert. -- -JH
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sun, Sep 11, 2011 at 10:23 PM, Jimmy Hess mysi...@gmail.com wrote: On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow morrowc.li...@gmail.com wrote: what's the real benefit of an EV cert? (to the service owner, not the CA, the CA benefit is pretty clearly $$) The benefit is to the end user. They see a green address bar with the company's name displayed. Yeah, company's name displayed -- individuals cannot apply for EVSSL certs. this isn't really a benefit though, is it? isn't the domain-name in the location bar doing the same thing?
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sep 11, 2011, at 9:44 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Sun, Sep 11, 2011 at 10:23 PM, Jimmy Hess mysi...@gmail.com wrote: On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow morrowc.li...@gmail.com wrote: what's the real benefit of an EV cert? (to the service owner, not the CA, the CA benefit is pretty clearly $$) The benefit is to the end user. They see a green address bar with the company's name displayed. Yeah, company's name displayed -- individuals cannot apply for EVSSL certs. this isn't really a benefit though, is it? isn't the domain-name in the location bar doing the same thing? No. As a counter example... How may domain names do Wells Fargo and Citibank (Citi Corp? Citi Group?) operate respectively? I'm a customer, and I can't keep it straight. Companies that wrap their services with generic domain names (paymybills.com and the like) have no one to blame but themselves when they are targeted by scammers and phishing schemes. Even EV certificates don't help when consumers are blinded by subsidiary companies and sister companies daily (Motorola Mobility a.k.a. Google vs. Motorola Solutions.) NOTICE TO RECIPIENT: The information contained in this message from Great River Energy and any attachments are confidential and intended only for the named recipient(s). If you have received this message in error, you are prohibited from copying, distributing or using the information. Please contact the sender immediately by return email and delete the original message.
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On Sun, Sep 11, 2011 at 11:06 PM, Hughes, Scott GRE-MG shug...@grenergy.com wrote: Companies that wrap their services with generic domain names (paymybills.com and the like) have no one to blame but themselves when they are targeted by scammers and phishing schemes. Even EV certificates don't help when consumers are blinded by subsidiary companies and sister companies daily (Motorola Mobility a.k.a. Google vs. Motorola Solutions.) So, part of my point here about ev/dv/etc certs is that in almost all cases of consumer fraud and protection, HTTPS is never used. Hell, half the spams I get are http://IP_ADDRESS/somethign/something/something.php ... Falling back on the 'well ev certs are there to provide protection to the consumer' is just FUD (I think). again, not seeing a benefit here... -chris
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
On 9/11/11 11:28 PM, Christopher Morrow wrote: On Sun, Sep 11, 2011 at 11:06 PM, Hughes, Scott GRE-MG shug...@grenergy.com wrote: Companies that wrap their services with generic domain names (paymybills.com and the like) have no one to blame but themselves when they are targeted by scammers and phishing schemes. Even EV certificates don't help when consumers are blinded by subsidiary companies and sister companies daily (Motorola Mobility a.k.a. Google vs. Motorola Solutions.) So, part of my point here about ev/dv/etc certs is that in almost all cases of consumer fraud and protection, HTTPS is never used. Hell, half the spams I get are http://IP_ADDRESS/somethign/something/something.php ... Falling back on the 'well ev certs are there to provide protection to the consumer' is just FUD (I think). again, not seeing a benefit here... Normally, I heart my Mac. But Apple in its infinite wisdom decided that EV certificates are so much better, they refused to honor my edit of my own system keychain! So, negative benefit for the consumer.
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On Sun, Sep 11, 2011 at 01:34:43PM -0500, Joe Greco wrote: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. To pop up the stack a bit it's the fact that an organization willing to behave in that fashion was in my list of CA certs in the first place. Yes they're blackballed now, better late than never I suppose. What does that say about the potential for other CAs to behave in such a fashion? The average corporation much prefers to avoid the bad publicity and will downplay most bad things. Your favorite CA probably included. I think that it's hard to cope with SSL. It doesn't do the right things for the right reasons. Many of us, for example, operate local root CA's for signing of internal stuff; all our company gear trusts our local root CA and lots of stuff has certs issued by it. In an ideal world, this would mean that our gear talking to our gear is always secure, but with other root CA's able to offer certs for our CN's, that isn't really true. That's frustrating. You don't have to have the big fat Mozilla root cert bundle on your machines. Some OSes ship with an empty /etc/ssl, nobody tells you who you trust. The reality is that - for the average user - SSL doesn't work well unless about 99% of the CA's used by the general public are included as trusted. If a popular site like Blooble has a cert by DigiNotar and the Firerox browser is constantly asking what to do, nothing really good comes out of that ... either people think Firerox blows, or they learn to click on the ignore this (or worse the always trust this) button. In about 0.0% of the cases do they actually understand the underlying trust issues. So there's a great amount of pressure to just make it magically work. How about a TXT record with the CN string of the CA cert subject in it? If it exists and there's a conflict, don't trust it. Seems simple enough to implement without too much collateral damage. However, as the number of CA's accepted in most browsers increases, the security of the system as a whole decreases dramatically. Yet the market for $1000/year SSL certs is rather low, and the guys that are charging bargain rates for low quality certs are perhaps doing one good thing (enabling encryption) while simultaneously doing another bad thing (destroying any quality in the system). SSL is going to have these problems as long as we maintain the current model. I like the added chrome that the new browsers have for EV certs, but users need to be stabbed in the face, green vs. blue doesn't really do it. In the long run, I expect all the CA's to behave something like this - especially the ones that have more to lose if they were to become suddenly untrustworthy. Yes, how do you think Verisign/Thawte/Symantec would behave if they found that their keys were compromised? They might do the right thing, because they're not stupid enough to think they could get away with trying to cover it up. What would the browser vendors do in that case? I hope there's a contingency plan, and if there is it seems like it should be made public. Marcus
RE: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
At 13:00 11/09/2011 -0600, Keith Medcalf wrote: Damian Menscher wrote on 2011-09-11: Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust. And therein is the root of the problem: Trustworthiness is assessed by what you refer to as the browser vendors. Unfortunately, there is no Trustworthiness assessment of those vendors. The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. It is nothing more than theatre and provides no actual security benefit whatsoever. Anyone believing otherwise is operating under a delusion. The problem is about lack of pen-testing and a philosphy of security. In order to run a CA, one not only has to build the infrastructure but also have constant external pen-testing and patch management in place. Whether it be Comodo or RSA or now Diginotar, unless an overwhelming philosphy of computer and network security is paradigmed into the corporate DNA, this will keep happening - and not only to CAs but to the likes of Google, Cisco, Microsoft, etc. (read - APT attacks). If 60% of your employees will plug in a USB drive they find in the parking lot, then you have failed: http://www.bloomberg.com/news/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html The problem for us as a community if to find a benchmark of which company does have a clue vs those that don't. Until then, it will just be whack-a-mole/CA. -Hank --- Keith Medcalf () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: I like this response; instant CA death penalty seems to put the incentives about where they need to be. I wouldn't necessarily count them dead just yet; although their legit customers must be very unhappy waking up one day to find their legitimate working SSL certs suddenly unusable So DigiNotar lost their browser trusted root CA status. That doesn't necessarily mean they will be unable to get other root CAs to cross-sign CA certificates they will make in the future, for the right price. A cross-sign with CA:TRUE is just as good as being installed in users' browser. -- -JH
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Sat, Sep 10, 2011 at 3:47 AM, Heinrich Strauss heinr...@hstrauss.co.za wrote: On 2011/09/10 05:06, Michael DeMan wrote: I though wildcards were limited to having a domain off a TLD - like '*.mydomain.tld'. The root CAs are have no technical limitation in regards to what kind of certificates they can issue. There is no inherent reason that technical limitations cannot be imposed... there are mechanisms available to do this, if the original CA certificates were issued with restrictions: http://tools.ietf.org/html/rfc3280#section-4.2.1.11 Special limitations or security warnings can be raised by individual browsers above and beyond the certificate validation rules. I would be in favor of each root CA certificate being name constrained to CNs of one TLD per CA certificate, so that root CA orgs would need a separate CA cert and separate private key for each TLD that CA is authorized to issue certificates in. It would be useful if the name restriction would be extended further to allow 2nd level wildcards to be prohibited such as CN=*.com or CN=*.*.com Browsers will honor * in hostname components of the CN field as required by the RFCs.. however a *.mydomain.tld certificate does not match www.mydomain.tld, *.*.mydomain.tld does. Some CAs have partaken in problematic practices such as issuing SSL certificates with RFC1918 IP addresses, or unofficial TLDs in the CN or subject alternative names section. see https://wiki.mozilla.org/CA:Problematic_Practices#Issuing_SSL_Certificates_for_Internal_Domains If all the root CA certificates become name constrained, such problematic practices should cease. -- -JH
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: FYI!!! http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee ms_all_diginotar_certificates_untrust.html Google and Mozilla have also updated their browsers to block all DigiNotar certificates, while Apple has been silent on the issue, a emblematic zombie response! Apple has sent out a notification saying that they are removing DigiNotar from their list of trusted root certs. I like this response; instant CA death penalty seems to put the incentives about where they need to be. Marcus
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
Sorry for being ignorant here - I have not even been aware that it is possible to buy a '*.*.com' domain at all. I though wildcards were limited to having a domain off a TLD - like '*.mydomain.tld'. Is it true that the my browser on a windows, mac, or linux desktop may have listed as trusted authorities, an outfit that sells '*.*.tld' ? Thanks, - Mike On Sep 9, 2011, at 2:54 PM, Paul wrote: On 09/09/2011 11:48 AM, Marcus Reid wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: FYI!!! http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee ms_all_diginotar_certificates_untrust.html Google and Mozilla have also updated their browsers to block all DigiNotar certificates, while Apple has been silent on the issue, a emblematic zombie response! Apple has sent out a notification saying that they are removing DigiNotar from their list of trusted root certs. I like this response; instant CA death penalty seems to put the incentives about where they need to be. Marcus Instant? This has been going on for over a week, and a lot of damage could have been done in that time, especially given certs for *.*.com were signed against Diginotar. Most cell phones are unable to update their certificates without an upgrade and you know how long it takes to get them through Cell Phone carriers. A number of alternative android builds are adding the ability to control accepted root certs to their builds in the interest of speeding this up. The CA system is fundamentally flawed. Paul
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On 09/09/11 20:06 -0700, Michael DeMan wrote: Sorry for being ignorant here - I have not even been aware that it is possible to buy a '*.*.com' domain at all. I though wildcards were limited to having a domain off a TLD - like '*.mydomain.tld'. Is it true that the my browser on a windows, mac, or linux desktop may have listed as trusted authorities, an outfit that sells '*.*.tld' ? The issue is that a trusted third party's (Diginotar) trusted signing certificate was stolen, allowing the holder to create and sign whatever certificates he wished, which don't necessarily need to be wildcard certs to be effective. Certificate signers are not restricted to any domain hierarchy (a design feature of x.509 pki), which means that *any* trusted stolen signing certificate can wreak havok on the trusted nature of x.509. Even the hint that the claimed Diginotar cracker has gotten her hands on several other signing certificates may be significant motivation to find a replacement for the existing x.509 based pki. On Sep 9, 2011, at 2:54 PM, Paul wrote: On 09/09/2011 11:48 AM, Marcus Reid wrote: On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote: FYI!!! http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee ms_all_diginotar_certificates_untrust.html Google and Mozilla have also updated their browsers to block all DigiNotar certificates, while Apple has been silent on the issue, a emblematic zombie response! Apple has sent out a notification saying that they are removing DigiNotar from their list of trusted root certs. I like this response; instant CA death penalty seems to put the incentives about where they need to be. Marcus Instant? This has been going on for over a week, and a lot of damage could have been done in that time, especially given certs for *.*.com were signed against Diginotar. Most cell phones are unable to update their certificates without an upgrade and you know how long it takes to get them through Cell Phone carriers. A number of alternative android builds are adding the ability to control accepted root certs to their builds in the interest of speeding this up. The CA system is fundamentally flawed. Paul -- Dan White
Microsoft deems all DigiNotar certificates untrustworthy, releases updates
FYI!!! http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee ms_all_diginotar_certificates_untrust.html Google and Mozilla have also updated their browsers to block all DigiNotar certificates, while Apple has been silent on the issue, a emblematic zombie response! Cheers.
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
On Wednesday 07 Sep 2011 17:17:10 Network IP Dog wrote: FYI!!! http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee ms_all_diginotar_certificates_untrust.html Google and Mozilla have also updated their browsers to block all DigiNotar certificates, while Apple has been silent on the issue, a emblematic zombie response! Cheers. It would be really nice if the folk at Twitter would fix their images servers (i.e si*.twimg.com) to use a non-evil CA (i.e. not Comodo or DigiNotar or Bubba Gump's Bait, Firearms Crypto Verification). Not that user pics are a great loss, but if you use Tweetdeck/Seesmic/whatever, the constant SSL cert warnings from dozens- to-hundreds of user pics are noisy. This is trivial whining on my part but it is operational. -- The only thing worse than e-mail disclaimers...is people who send e-mail to lists complaining about them signature.asc Description: This is a digitally signed message part.