Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-14 Thread Christopher Morrow
On Tue, Sep 13, 2011 at 11:55 PM, Ted Cooper
ml-nanog0903...@elcsplace.com wrote:

 As claimed by the DigiNotar hacker - He compromised their servers but
 Eddy was manually approving certs at the time and so no certs were signed.

 There was information about it on the site, but it seems to be gone now.
 Articles still show a screenshot of the message you're talking about [1]
 , but the site was back alive in July when I needed a certificate.

 A separate notice on another part of the company's site says that its
 services would be unavailable until June 20,  [2]

 I've certainly been able to issue certificates for myself since then.

indeed, cool! I was able to have a site cert issued lastnight as well.
This is (for me) good news :)

-chris



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-14 Thread Lou Katz
The problem that I see with browser response to self-signed (or org generated) 
certs is
not the warning(s) but the assertion that the cert is invalid. Not issued by 
one of the
players in the Protection Racket does not make the cert invalid. It may be 
untrustable,
unreliable, from an unknown and/or unverifiable source, but it IS a valid cert. 
Certs in
a revocation list or malformed certs are invalid. 

After all, the Diginotar certs were 'valid', until revoked. Apparently the 
(arbitrary)
inclusion or exclusion of a root cert by each browser creator or distributer is
equated with validity. By removing the Diginotar root cert, suddenly ALL 
Diginotar
certs are now reported to end users as Invalid? By refusing to include a CACert 
root
certificate, no CACert certificate is 'valid'? I think not.

-- 

-=[L]=-
Hand typed on my Remington portable




Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases)

2011-09-14 Thread Jeroen Massar
And to end this thread as this effectively ends Diginotar troubles for
the Interwebz:

Dutch official statement:
http://www.opta.nl/nl/actueel/alle-publicaties/publicatie/?id=3469

English Summary OPTA revokes Diginotar License as TTP:
http://www.circleid.com/posts/opta_revokes_diginotar_license_as_ttp/

Greets,
 Jeroen



Re: Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases)

2011-09-14 Thread Always Learning

On Wed, 2011-09-14 at 19:16 +0200, Jeroen Massar wrote:

 And to end this thread as this effectively ends Diginotar troubles for
 the Interwebz:
 
 Dutch official statement:
 http://www.opta.nl/nl/actueel/alle-publicaties/publicatie/?id=3469

Bedankt. Vertaling (my own translation, niet slecht voor een
buitenlander) 

OPTA regulates the Dutch communications market including consumer
protection.

OPTA has now ended the registration of Diginotar as a supplier of
authorised certificates for electronic signatures. 

An investigation by OPTA revealed the trustworthiness of approved
certificates from Diginotar can no longer be guaranteed.

This means the business of issuing authorised certificates must stop and
no new authorised certificates must be issued.


-- 
With best regards,

Paul.
England,
EU.





Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Tei
*a random php programmer shows*

He, I just want to self-sign my CERT's and remove the ugly warning that
browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I
just don't want to use cleartext for internet data transfer.  HTTP is like
telnet, and HTTPS is like ssh. But with ssh is just can connect, with
browsers theres this ugly warning and fuck you, self-signed certificate
from the browsers.  Please make the pain stop!.

--Tei

-- 
--
ℱin del ℳensaje.


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Chris Adams
Once upon a time, Tei oscar.vi...@gmail.com said:
 He, I just want to self-sign my CERT's and remove the ugly warning that
 browsers shows.

SSL without some verification of the far end is useless, as a
man-in-the-middle attack can create self-signed certs just as easily.

-- 
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Peter Kristolaitis

Really?  You can just connect with SSH?

root@somebox:~# ssh 1.2.3.4
The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established.
RSA key fingerprint is 03:26:2c:b2:cd:fd:05:fc:87:70:4b:06:58:40:e7:c3.
Are you sure you want to continue connecting (yes/no)?

That's no different that having to permanently accept a self-signed SSL 
cert...


- Pete


On 9/13/2011 10:29 AM, Tei wrote:

*a random php programmer shows*

He, I just want to self-sign my CERT's and remove the ugly warning that
browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I
just don't want to use cleartext for internet data transfer.  HTTP is like
telnet, and HTTPS is like ssh. But with ssh is just can connect, with
browsers theres this ugly warning and fuck you, self-signed certificate
from the browsers.  Please make the pain stop!.

--Tei






Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread David Israel

On 9/13/2011 10:29 AM, Tei wrote:

*a random php programmer shows*

He, I just want to self-sign my CERT's and remove the ugly warning that
browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I
just don't want to use cleartext for internet data transfer.  HTTP is like
telnet, and HTTPS is like ssh. But with ssh is just can connect, with
browsers theres this ugly warning and fuck you, self-signed certificate
from the browsers.  Please make the pain stop!.



With ssh, you will get a warning if the remote host key is not known, 
with a fingerprint and advice not to accept it if you don't know if it 
is correct.  This is a direct analog to the warning that the remote 
host's certificate cannot be verified.  In both cases, you are given the 
chance to accept the key/certificate and continue going; depending on 
the implementation, you might also be given the option to accept it once 
or forever.  Ssh is actually prone to bigger, uglier, more explicit you 
probably don't want to trust this warnings, especially about things 
like key changes.





Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Brett Frankenberger
On Tue, Sep 13, 2011 at 09:45:39AM -0500, Chris Adams wrote:
 Once upon a time, Tei oscar.vi...@gmail.com said:
  He, I just want to self-sign my CERT's and remove the ugly warning that
  browsers shows.
 
 SSL without some verification of the far end is useless, as a
 man-in-the-middle attack can create self-signed certs just as easily.

It protects against attacks where the attacker merely monitors the
traffic between the two endpoints.

As you suggest, it does not protect against MITM, but that's different
from being useless.  

The value of protecting against the former but not the latter may vary
by situation, but it's not always zero.  Not all attackers/attacks that
can sniff also have the capability and willingness to MITM.

(And even SSL w/ endpoint verification isn't absolute security.  For
example, it doesn't protect against endpoint compromises.  But that
doesn't make it endpoint verification useless.)

 -- Brett



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Valdis . Kletnieks
On Tue, 13 Sep 2011 16:29:30 +0200, Tei said:
 He, I just want to self-sign my CERT's and remove the ugly warning that
 browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I

The warning is there for a *reason* - namely that if you have a self-signed
cert, a first time visitor has *zero* way to verify it's *your* self-signed
cert and not some hijacker's self-signed cert.

 just don't want to use cleartext for internet data transfer.  HTTP is like
 telnet, and HTTPS is like ssh. But with ssh is just can connect, with
 browsers theres this ugly warning and fuck you, self-signed certificate
 from the browsers.  Please make the pain stop!.

If you use SSH to connect, and either ignore the host key has changed or
authenticity can't be established, continue connecting? messages, you get
what you deserve - those are the *exact* same issues that your browser warns
about self-signed certs.  And if you *don't* ignore them on SSH - why do you
want to ignore them on SSL?

Note that there's another big difference between SSH and SSL - the number of
people who are allowed to SSH to a given machine is (a) usually small and (b)
pre-identified up front.  So if Fred gets an unknown host key while SSH'ing
to the server you just set up, that's probably not a big issue because you
presumably know who Fred is and just created an account for him, so you can
supply him with the footprint of the SSH host key to double-verify.  That does
*not* scale to Internet-facing web services.

Of course, if you have a *private* *internal* webserver with limited users,
you're free to use a self-signed cert and use your browser's handy Add
security exemption dialog and check Permanent.



pgpzM9i1B2oHD.pgp
Description: PGP signature


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Chris Adams
Once upon a time, Brett Frankenberger rbf+na...@panix.com said:
 On Tue, Sep 13, 2011 at 09:45:39AM -0500, Chris Adams wrote:
  Once upon a time, Tei oscar.vi...@gmail.com said:
   He, I just want to self-sign my CERT's and remove the ugly warning that
   browsers shows.
  
  SSL without some verification of the far end is useless, as a
  man-in-the-middle attack can create self-signed certs just as easily.
 
 It protects against attacks where the attacker merely monitors the
 traffic between the two endpoints.

Someone who can monitor can most likely inject false traffic and thus
MITM.

In any case, a system that is supposed to provide end-to-end security
shouldn't be considered secure if it can be easily bypassed.
-- 
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Michiel Klaver

At 22-07-28164 20:59, Tei wrote:

*a random php programmer shows*

He, I just want to self-sign my CERT's and remove the ugly warning that
browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I
just don't want to use cleartext for internet data transfer.  HTTP is like
telnet, and HTTPS is like ssh. But with ssh is just can connect, with
browsers theres this ugly warning and fuck you, self-signed certificate
from the browsers.  Please make the pain stop!.

--Tei



No need for (financial) pain, there are free of charge ssl certificates 
available, see for example:


http://www.startssl.com/?app=1
http://www.cacert.org/




Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Chris Adams
Once upon a time, valdis.kletni...@vt.edu valdis.kletni...@vt.edu said:
 If you use SSH to connect, and either ignore the host key has changed or
 authenticity can't be established, continue connecting? messages, you get
 what you deserve - those are the *exact* same issues that your browser warns
 about self-signed certs.  And if you *don't* ignore them on SSH - why do you
 want to ignore them on SSL?

A big difference between SSH keys and SSL certificates is that SSL certs
have a built-in expiration date (which is a good thing, as nothing is
secure forever).  When that expiration date rolls around, the admin may
create a new key/cert pair, rather than just renewing the previous cert,
which would cause all the visitors that accepted the previous cert to
get a new and nastier warning that the cert has changed.  How do the
visitors know the difference between this case and a hijack/MITM?

Certs are almost guaranteed to change over time as technology changes.
For example, it used to be common to have 512 bit certs with an MD5
signature hash.  Now 1024 bit and SHA1 are the norm, and many are moving
to 2048 bit (and some to stronger hashes).  Having people get used to
periodically accepting a changed cert defeats the purpose of signed
certs (and again, effectively breaks SSL).

-- 
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Jima

On 2011-09-13 20:26, Christopher Morrow wrote:

On Tue, Sep 13, 2011 at 11:22 AM, Michiel Klavermich...@klaver.it  wrote:

No need for (financial) pain, there are free of charge ssl certificates
available, see for example:

http://www.startssl.com/?app=1


eddy stopped issuing


 Huh?  I'm a bit lost here, since I had two StartSSL certs issued 
yesterday afternoon.


 Jima



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Christopher Morrow
On Tue, Sep 13, 2011 at 11:33 PM, Jima na...@jima.tk wrote:
 On 2011-09-13 20:26, Christopher Morrow wrote:

 On Tue, Sep 13, 2011 at 11:22 AM, Michiel Klavermich...@klaver.it
  wrote:

 No need for (financial) pain, there are free of charge ssl certificates
 available, see for example:

 http://www.startssl.com/?app=1

 eddy stopped issuing

  Huh?  I'm a bit lost here, since I had two StartSSL certs issued yesterday
 afternoon.

orly? wierd, they made a press release ~last-june (I think?) stating
they were stopping issuance indefinitely. I do hope they are actually
issuing again :)

I like my random numbers to be free.

-chris



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Christopher Morrow
On Tue, Sep 13, 2011 at 11:44 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:
 On Tue, Sep 13, 2011 at 11:33 PM, Jima na...@jima.tk wrote:
 On 2011-09-13 20:26, Christopher Morrow wrote:

 On Tue, Sep 13, 2011 at 11:22 AM, Michiel Klavermich...@klaver.it
  wrote:

 No need for (financial) pain, there are free of charge ssl certificates
 available, see for example:

 http://www.startssl.com/?app=1

 eddy stopped issuing

  Huh?  I'm a bit lost here, since I had two StartSSL certs issued yesterday
 afternoon.

 orly? wierd, they made a press release ~last-june (I think?) stating
 they were stopping issuance indefinitely. I do hope they are actually
 issuing again :)

http://threatpost.com/en_us/blogs/ca-startssl-compromised-says-certificates-not-affected-062111

has a link to the startssl page about this, which doesn't appear to
load for me (now)... maybe they are back in business!


 I like my random numbers to be free.

 -chris




Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-13 Thread Ted Cooper
On 14/09/11 13:44, Christopher Morrow wrote:
 On Tue, Sep 13, 2011 at 11:33 PM, Jima na...@jima.tk wrote:
  Huh?  I'm a bit lost here, since I had two StartSSL certs issued yesterday
 afternoon.
 
 orly? wierd, they made a press release ~last-june (I think?) stating
 they were stopping issuance indefinitely. I do hope they are actually
 issuing again :)
 
 I like my random numbers to be free.

As claimed by the DigiNotar hacker - He compromised their servers but
Eddy was manually approving certs at the time and so no certs were signed.

There was information about it on the site, but it seems to be gone now.
Articles still show a screenshot of the message you're talking about [1]
, but the site was back alive in July when I needed a certificate.

A separate notice on another part of the company's site says that its
services would be unavailable until June 20,  [2]

I've certainly been able to issue certificates for myself since then.

[1]
http://news.netcraft.com/archives/2011/06/22/startssl-suspends-services-after-security-breach.html

[2]
http://threatpost.com/en_us/blogs/ca-startssl-compromised-says-certificates-not-affected-062111







Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-12 Thread Valdis . Kletnieks
On Mon, 12 Sep 2011 04:39:52 -, Marcus Reid said:

 You don't have to have the big fat Mozilla root cert bundle on your
 machines.  Some OSes ship with an empty /etc/ssl, nobody tells you who
 you trust.

And for those OS's (who are they, anyhow) that ship empty bundles,
how many CAs do you end up trusting anyhow?

 How about a TXT record with the CN string of the CA cert subject in it?
 If it exists and there's a conflict, don't trust it.  Seems simple
 enough to implement without too much collateral damage.

Needs to be a DNSSEC-validated TXT record, or you've opened yourself up
to attacks via DNS poisoning (either insert a malicious TXT that matches your
malicious certificate, or insert a malicious TXT that intentionally *doesn't* 
match
the vicitm's certificate)


pgpNi8okd9oAi.pgp
Description: PGP signature


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-12 Thread Valdis . Kletnieks
On Sun, 11 Sep 2011 22:01:47 EDT, Christopher Morrow said:
 If I have a thawte cert for valdis.com on host A and one from comodo
 on host B... which is the right one?

You wouldn't have 2 certs for that... I'd have *one* cert for that. And if when
you got to the IP address you were trying to reach, the cert didn't validate as
matching the hostname, you know something fishy is up.

And if you *do* have two certs for it, I'd like to talk to the bozos at
Thawte and Comodo who obviously didn't check the paperwork. ;)





pgp8spbP9GxtJ.pgp
Description: PGP signature


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-12 Thread Eliot Lear
Hank and everyone,

This is a very interesting problem.  As it happens, some folks in the
IETF have anticipated this one.  For those who are interested, Paul
Hoffman and Jakob Schlyter have been working within the DANE working
group at the IETF to provide for a means to alleviate some of the
responsibility of the browser vendors as to who gets to decide what is a
valid certificate, by allowing for that burden to be shifted to the
subject through the use of secure DNS.  A list of hashes is published in
the subject's domain indicating what are valid certificates.  And so if
a CA went rogue, the subject domains would be able to indicate to the
browser that something is afoot.  For more information, please see
http://datatracker.ietf.org/wg/dane/.

Eliot

On 9/12/11 7:22 AM, Hank Nussbacher wrote:
 At 13:00 11/09/2011 -0600, Keith Medcalf wrote:
 Damian Menscher wrote on 2011-09-11:

  Because of that lost trust, any cross-signed cert would likely be
  revoked by the browsers.  It would also make the browser vendors
  question whether the signing CA is worthy of their trust.

 And therein is the root of the problem:  Trustworthiness is assessed
 by what you refer to as the browser vendors.  Unfortunately, there
 is no Trustworthiness assessment of those vendors.

 The current system provides no more authentication or confidentiality
 than if everyone simply used self-signed certificates.  It is nothing
 more than theatre and provides no actual security benefit
 whatsoever.  Anyone believing otherwise is operating under a delusion.

 The problem is about lack of pen-testing and a philosphy of security. 
 In order to run a CA, one not only has to build the infrastructure but
 also have constant external pen-testing and patch management in
 place.  Whether it be Comodo or RSA or now Diginotar, unless an
 overwhelming philosphy of computer and network security is
 paradigmed into the corporate DNA, this will keep happening - and not
 only to CAs but to the likes of Google, Cisco, Microsoft, etc. (read -
 APT attacks).

 If 60% of your employees will plug in a USB drive they find in the
 parking lot, then you have failed:
 http://www.bloomberg.com/news/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html


 The problem for us as a community if to find a benchmark of which
 company does have a clue vs those that don't.  Until then, it will
 just be whack-a-mole/CA.

 -Hank






 --- Keith Medcalf
 ()  ascii ribbon campaign against html e-mail
 /\  www.asciiribbon.org






Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-12 Thread Martin Millnert
Mike,

On Sun, Sep 11, 2011 at 8:44 PM, Mike Jones m...@mikejones.in wrote:
 It will take a while to get updated browsers rolled out to enough
 users for it do be practical to start using DNS based self-signed
 certificated instead of CA-Signed certificates, so why don't any
 browsers have support yet? are any of them working on it?

Chrome v 14 works with DNS stapled certificates, sort of a hack. (
http://www.imperialviolet.org/2011/06/16/dnssecchrome.html )

There are other proposals/ideas out there, completely different to
DANE / DNSSEC, like http://perspectives-project.org/ /
http://convergence.io/ .

Regard,
Martin



RE: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-12 Thread Leigh Porter


 -Original Message-
 From: Gregory Edigarov [mailto:g...@bestnet.kharkov.ua]
 I.e. instead of a set of trusted CAs there will be one distributed net
 of servers, that act as a cert storage?
 I do not see how that could help...
 Well, I do not even see how can one trust any certificate that is
 issued by commercial organization.
 

There should be a government body to issue certificates then ;-)

But Gregory is right, you cannot really trust anybody completely. Even the 
larger and more respectable commercial organisations will be unable to resist 
insert intel organisation here when they ask for dodgy certs so they can 
intercept something..

No, as soon as you have somebody who is not yourself in control without any 
third party verifiably independent oversight then you have to carefully define 
what you mean by trust.

--
Leigh Porter


__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-12 Thread Martin Millnert
Steinar,

On Sun, Sep 11, 2011 at 8:12 PM,  sth...@nethelp.no wrote:
 To pop up the stack a bit it's the fact that an organization willing to
 behave in that fashion was in my list of CA certs in the first place.
 Yes they're blackballed now, better late than never I suppose. What does
 that say about the potential for other CAs to behave in such a fashion?

 I'd say we have every reason to believe that something similar *will*
 happen again :-(

Something similar, including use of purchased (not only limited to
stolen certs), is ongoing already, all of the time.  (I had a fellow
IRC-chat-friend report from a certain very western-allied middle
eastern country that there's ISP/state-scale SSL-MITM ongoing there,
for all https traffic.)

The comment on starting out with an empty /etc/ssl is valid.  Most of
the normally included CA's you almost never run into on the wild web
anyway. There were some blog postings about this last time a CA was
busted. Shave off 90% of them and you have at least come a bit on the
way (goal 100%).

The absence of proof is *not* proof of absence, and in this particular
case it's pretty safe to assume some abuse is ongoing somewhere, 24/7.

Cheers,
Martin



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-12 Thread Christopher J. Pilkington
On Sep 11, 2011, at 11:06 PM, Hughes, Scott GRE-MG wrote:

 Companies that wrap their services with generic domain names (paymybills.com 
 and the like) have no one to blame but themselves when they are targeted by 
 scammers and phishing schemes. Even EV certificates don't help when consumers 
 are blinded by subsidiary companies and sister companies daily (Motorola 
 Mobility a.k.a. Google vs. Motorola Solutions.)


GE Money Bank is notorious for this… from a retail store's main page they 
redirect you to https://www3.onlinecreditcenter6.com.  (No-EV certificate, 
either.)

-cjp


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-12 Thread Jason Duerstock
Except that this just shifts the burden of trust on to DNSSEC, which also
necessitates a central authority of 'trust'.  Unless there's an explicitly
more secure way of storing DNSSEC private keys, this just moves the bullseye
from CAs to DNSSEC signers.

Jason

On Mon, Sep 12, 2011 at 5:30 AM, Eliot Lear l...@cisco.com wrote:

 Hank and everyone,

 This is a very interesting problem.  As it happens, some folks in the
 IETF have anticipated this one.  For those who are interested, Paul
 Hoffman and Jakob Schlyter have been working within the DANE working
 group at the IETF to provide for a means to alleviate some of the
 responsibility of the browser vendors as to who gets to decide what is a
 valid certificate, by allowing for that burden to be shifted to the
 subject through the use of secure DNS.  A list of hashes is published in
 the subject's domain indicating what are valid certificates.  And so if
 a CA went rogue, the subject domains would be able to indicate to the
 browser that something is afoot.  For more information, please see
 http://datatracker.ietf.org/wg/dane/.

 Eliot

 On 9/12/11 7:22 AM, Hank Nussbacher wrote:
  At 13:00 11/09/2011 -0600, Keith Medcalf wrote:
  Damian Menscher wrote on 2011-09-11:
 
   Because of that lost trust, any cross-signed cert would likely be
   revoked by the browsers.  It would also make the browser vendors
   question whether the signing CA is worthy of their trust.
 
  And therein is the root of the problem:  Trustworthiness is assessed
  by what you refer to as the browser vendors.  Unfortunately, there
  is no Trustworthiness assessment of those vendors.
 
  The current system provides no more authentication or confidentiality
  than if everyone simply used self-signed certificates.  It is nothing
  more than theatre and provides no actual security benefit
  whatsoever.  Anyone believing otherwise is operating under a delusion.
 
  The problem is about lack of pen-testing and a philosphy of security.
  In order to run a CA, one not only has to build the infrastructure but
  also have constant external pen-testing and patch management in
  place.  Whether it be Comodo or RSA or now Diginotar, unless an
  overwhelming philosphy of computer and network security is
  paradigmed into the corporate DNA, this will keep happening - and not
  only to CAs but to the likes of Google, Cisco, Microsoft, etc. (read -
  APT attacks).
 
  If 60% of your employees will plug in a USB drive they find in the
  parking lot, then you have failed:
 
 http://www.bloomberg.com/news/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html
 
 
  The problem for us as a community if to find a benchmark of which
  company does have a clue vs those that don't.  Until then, it will
  just be whack-a-mole/CA.
 
  -Hank
 
 
 
 
 
 
  --- Keith Medcalf
  ()  ascii ribbon campaign against html e-mail
  /\  www.asciiribbon.org
 
 
 




Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-12 Thread Randy Bush
 But Gregory is right, you cannot really trust anybody completely. Even
 the larger and more respectable commercial organisations will be
 unable to resist insert intel organisation here when they ask for
 dodgy certs so they can intercept something..
 
 No, as soon as you have somebody who is not yourself in control
 without any third party verifiably independent oversight then you have
 to carefully define what you mean by trust.

i am having trouble with all this.  i am supposed to only trust myself
to identify citibank's web site?  and what to i smoke to get that
knowledge?  let's get real here.

with dane, i trust whoever runs dns for citibank to identify the cert
for citibank.  this seems much more reasonable than other approaches,
though i admit to not having dived deeply into them all.

randy



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-12 Thread Michael Thomas

Randy Bush wrote:

But Gregory is right, you cannot really trust anybody completely. Even
the larger and more respectable commercial organisations will be
unable to resist insert intel organisation here when they ask for
dodgy certs so they can intercept something..

No, as soon as you have somebody who is not yourself in control
without any third party verifiably independent oversight then you have
to carefully define what you mean by trust.


i am having trouble with all this.  i am supposed to only trust myself
to identify citibank's web site?  and what to i smoke to get that
knowledge?  let's get real here.

with dane, i trust whoever runs dns for citibank to identify the cert
for citibank.  this seems much more reasonable than other approaches,
though i admit to not having dived deeply into them all.


It seems to me that this depends a lot on how much you can tolerate single
points of failure. The current de-trusting is certainly going to cause trouble
for whoever used that CA, but the internet didn't roll over and die either.
If the root DNS keys were compromised in an all DNS rooted world... unhappiness
would ensue in great volume.

Mike, poison and choices...



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-12 Thread Randy Bush
 with dane, i trust whoever runs dns for citibank to identify the cert
 for citibank.  this seems much more reasonable than other approaches,
 though i admit to not having dived deeply into them all.
 If the root DNS keys were compromised in an all DNS rooted world...
 unhappiness would ensue in great volume.

as eliot pointed out, to defeat dane as currently written, you would
have to compromise dnssec at the same time as you compromised the CA at
the same time as you ran the mitm.  i.e. it _adds_ dnssec assurance to
CA trust.

randy



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-12 Thread Randy Bush
 as eliot pointed out, to defeat dane as currently written, you would
 have to compromise dnssec at the same time as you compromised the CA at
 the same time as you ran the mitm.  i.e. it _adds_ dnssec assurance to
 CA trust.
 Yes, I saw that. It also drives up complexity too and makes you wonder
 what the added value of those cert vendors is for the money you're
 forking over.  Especially when you consider the criticality of dns
 naming for everything except web site host names using tls. And how
 long would it be before browsers allowed
 self-signed-but-ok'ed-using-dnssec-protected-cert-hashes?

agree



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-12 Thread Martin Millnert
On Mon, Sep 12, 2011 at 5:09 PM, Michael Thomas m...@mtcc.com wrote:
 And how long would it be before browsers allowed 
 self-signed-but-ok'ed-using-dnssec-protected-cert-hashes?

As previously mentioned, Chrome = v14 already does.

Regards,
Martin



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-12 Thread Christopher Morrow
On Mon, Sep 12, 2011 at 4:39 AM,  valdis.kletni...@vt.edu wrote:
 On Sun, 11 Sep 2011 22:01:47 EDT, Christopher Morrow said:
 If I have a thawte cert for valdis.com on host A and one from comodo
 on host B... which is the right one?

 You wouldn't have 2 certs for that... I'd have *one* cert for that. And if 
 when
 you got to the IP address you were trying to reach, the cert didn't validate 
 as
 matching the hostname, you know something fishy is up.

 And if you *do* have two certs for it, I'd like to talk to the bozos at
 Thawte and Comodo who obviously didn't check the paperwork. ;)

this has already happened with mozilla.com, google.com, microsoft.com
 my point was that as a user, and as a service operator, what in
today's CA world helps me know that the service operator's certificate
is what my user-client sees? some 'trust' in the fact that
thawte/comodo/verisign/cnnic didn't issue a cert for the
service-operator's service incorrectly?

I think I need a method that the service operator can use to signal to
my user-client outside the certificate itself that the certificate
#1234 is the 'right' one.



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-12 Thread Michael Thomas

Martin Millnert wrote:

On Mon, Sep 12, 2011 at 5:09 PM, Michael Thomas m...@mtcc.com wrote:

And how long would it be before browsers allowed 
self-signed-but-ok'ed-using-dnssec-protected-cert-hashes?


As previously mentioned, Chrome = v14 already does.


The perils of coming in late in a thread :)

Mike



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-12 Thread Ted Cooper
On 13/09/11 01:12, Randy Bush wrote:
 as eliot pointed out, to defeat dane as currently written, you would
 have to compromise dnssec at the same time as you compromised the CA at
 the same time as you ran the mitm.  i.e. it _adds_ dnssec assurance to
 CA trust.
 Yes, I saw that. It also drives up complexity too and makes you wonder
 what the added value of those cert vendors is for the money you're
 forking over.  Especially when you consider the criticality of dns
 naming for everything except web site host names using tls. And how
 long would it be before browsers allowed
 self-signed-but-ok'ed-using-dnssec-protected-cert-hashes?
 
 agree

I would have thought that was a perfectly acceptable end point.

The multiple CA's go away (oops), replaced with everyone being able to
publish and authenticate their own certificates. The DNS has to be
compromised to publish certificates, but if they've managed to do that,
it doesn't matter what certificate you had in the first place.

There are already public keys in the DNS for DKIM which work quite well.

It lowers the cost for getting an SSL cert for your domain, but
certainly not the security. Getting a cert for a domain is laughable
these days. It's either too easy, or stupendously hard and ridiculous.
EV certs are a joke as demonstrated by the thousands of people still
getting phished since end users don't look at the address bar anyway.

So long as it's encrypted and in some way secured against the domain,
it's good enough isn't it?



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-12 Thread Damian Menscher
On Mon, Sep 12, 2011 at 7:09 AM, Martin Millnert milln...@gmail.com wrote:


 Something similar, including use of purchased (not only limited to
 stolen certs), is ongoing already, all of the time.  (I had a fellow
 IRC-chat-friend report from a certain very western-allied middle
 eastern country that there's ISP/state-scale SSL-MITM ongoing there,
 for all https traffic.)


If this were true, don't you think your friend would provide an SSL cert?

Damian
-- 
Damian Menscher :: Security Reliability Engineer :: Google


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-12 Thread Christopher Morrow
On Mon, Sep 12, 2011 at 1:39 PM, Robert Bonomi bon...@mail.r-bonomi.com wrote:

 Date: Mon, 12 Sep 2011 11:22:11 -0400
 Subject: Re: Microsoft deems all DigiNotar certificates untrustworthy,
  releases updates
 From: Christopher Morrow morrowc.li...@gmail.com

 I think I need a method that the service operator can use to signal to my
 user-client outside the certificate itself that the certificate
 #1234 is the 'right' one.

 A certificate that cdrtifies the crertificate is valid, maybe?

so the DANE work does this, sort of... you sign (with dnssec) your
cert fingerprint, the client does a lookup (requiring dnssec signed
responses) to verify that the cert FP matches that which is in DNS.

 And why would you trust that any more than the origial certificate?

at least in this case the domain owner (presumably the service owner
in question) has signed (with their private key) the DNS content you
get back.

There are failure modes, but it's more in line with the
service-owner/service-user level not some oddball thirdparty.

 Seriously, about the only way I see to ameliorate this kind of problem is
 for people to use self-signed certificates that are then authenticated
 by _multiple_ 'trust anchors'.  If the end-user world raises warnings
 for a certificate 'authenticated' by say, less than five separate entities.
 then the compomise of any _single_ anchor is of pretty much 'no' value.
 Even better, let the user set the 'paranoia' level -- how many different
 'trusted' authorities have to have authenticated the self-signed certificate
 before the user 'really trusts' it.


this almost sounds like GPS position fixing... 'require 4 satellites
in view', or something along those lines. Interesting as an idea
though.

-chris



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-12 Thread Mike Jones
On 12 September 2011 18:39, Robert Bonomi bon...@mail.r-bonomi.com wrote:
 Seriously, about the only way I see to ameliorate this kind of problem is
 for people to use self-signed certificates that are then authenticated
 by _multiple_ 'trust anchors'.  If the end-user world raises warnings
 for a certificate 'authenticated' by say, less than five separate entities.
 then the compomise of any _single_ anchor is of pretty much 'no' value.
 Even better, let the user set the 'paranoia' level -- how many different
 'trusted' authorities have to have authenticated the self-signed certificate
 before the user 'really trusts' it.

So if I want my small website to support encryption, I now have to pay
5 companies, and hope that all my users have those 5 CAs in their
browser? Much better to use the existing DNS infrastructure (that all
5 of them would likely be using for their validation anyway), and not
have to pay anyone anything.

- Mike



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-12 Thread Måns Nilsson
Subject: Re: Microsoft deems all DigiNotar certificates untrustworthy, releases 
Date: Mon, Sep 12, 2011 at 11:46:04AM +0200 Quoting fredrik danerklint 
(fredan-na...@fredan.se):
   How about a TXT record with the CN string of the CA cert subject in it?
   If it exists and there's a conflict, don't trust it.  Seems simple
   enough to implement without too much collateral damage.
  
  Needs to be a DNSSEC-validated TXT record, or you've opened yourself up
  to attacks via DNS poisoning (either insert a malicious TXT that matches
  your malicious certificate, or insert a malicious TXT that intentionally
  *doesn't* match the vicitm's certificate)
 
 And how do you validate the dnssec to make sure that noone has tampered with 
 it.

Since you are from Sweden, and in an IT job, you probably have personal
relations to someone who has personal relations to one of the swedes
or other nationalities that were present at the key ceremonies for the
root. Once you've established that the signatures on the root KSK are good
(which -- because of the above -- should be doable OOB quite easily for
you) you can start validating the entire chain of trust.

Quite trivial, in fact. 

-- 
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
Am I in GRADUATE SCHOOL yet?


signature.asc
Description: Digital signature


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-12 Thread Valdis . Kletnieks
On Mon, 12 Sep 2011 22:31:59 +0200, Måns Nilsson said:

 Since you are from Sweden, and in an IT job, you probably have personal
 relations to someone who has personal relations to one of the swedes
 or other nationalities that were present at the key ceremonies for the
 root. Once you've established that the signatures on the root KSK are good
 (which -- because of the above -- should be doable OOB quite easily for
 you) you can start validating the entire chain of trust.
 
 Quite trivial, in fact.

I'll note that the PGP strongly connected set has grown all the way to 45,000
or so keys in 2 decades of growth.  There are several billion Internet users. 
What
may be workable for Fredrik is probably *not* scalable to Joe Sixpack.


pgpHk6Uevbz09.pgp
Description: PGP signature


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-12 Thread fredrik danerklint
How about a TXT record with the CN string of the CA cert subject in
it? If it exists and there's a conflict, don't trust it.  Seems
simple enough to implement without too much collateral damage.
   
   Needs to be a DNSSEC-validated TXT record, or you've opened yourself up
   to attacks via DNS poisoning (either insert a malicious TXT that
   matches your malicious certificate, or insert a malicious TXT that
   intentionally *doesn't* match the vicitm's certificate)
  
  And how do you validate the dnssec to make sure that noone has tampered
  with it.
 
 Since you are from Sweden, and in an IT job, you probably have personal
 relations to someone who has personal relations to one of the swedes
 or other nationalities that were present at the key ceremonies for the
 root. Once you've established that the signatures on the root KSK are good
 (which -- because of the above -- should be doable OOB quite easily for
 you) you can start validating the entire chain of trust.
 
 Quite trivial, in fact.

and how about a end user, who doesn't understand a computer at all, to be able 
verify the signatures, correctly?

-- 
//fredan



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-12 Thread Tony Finch
Mike Jones m...@mikejones.in wrote:

 DNSSEC deployment is advanced enough now to do that automatically at the
 client.

Sadly not quite. DNSSEC does have the potential to provide an alternative
public key infrastructure, and I'm keen to see that happen. But although
it works well between authoritative servers and recursive resolvers, there
are a lot of shitty DNS forwardersin CPE and captive portals and so on
which do not understand DNSSEC. And DNSSEC does not work unless all the
forwarders and recursors that you are using support it. So DNSSEC on the
client has a long way to go.

Tony.
-- 
f.anthony.n.finch  d...@dotat.at  http://dotat.at/
Hebrides, Southeast Bailey: Westerly 5 to 7 until later in south Hebrides,
otherwise northwesterly 3 or 4, increasing 5 to 7. Rough or very rough,
occasionally high in south Hebrides. Rain or showers. Good, occasionally
poor.



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Damian Menscher
On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote:

 On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com wrote:
  On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote:
  I like this response; instant CA death penalty seems to put the
  incentives about where they need to be.

 I wouldn't necessarily count them dead just yet;  although their legit
 customers must be very unhappy  waking up one day to find their
 legitimate working SSL certs suddenly unusable

 So DigiNotar lost their browser trusted  root CA status.  That
 doesn't necessarily mean they will
 be unable to get other root CAs to cross-sign CA certificates they
 will make in the future, for the right price.

 A cross-sign with CA:TRUE  is  just as good as being installed in
 users' browser.


The problem here wasn't just that DigiNotar was compromised, but that they
didn't have an audit trail and attempted a coverup which resulted in real
harm to users.  It will be difficult to re-gain the trust they lost.

Because of that lost trust, any cross-signed cert would likely be revoked by
the browsers.  It would also make the browser vendors question whether the
signing CA is worthy of their trust.

Damian
-- 
Damian Menscher :: Security Reliability Engineer :: Google


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Michael Painter

Damian Menscher wrote:

The problem here wasn't just that DigiNotar was compromised, but that they
didn't have an audit trail and attempted a coverup which resulted in real
harm to users.  It will be difficult to re-gain the trust they lost.

Because of that lost trust, any cross-signed cert would likely be revoked by
the browsers.  It would also make the browser vendors question whether the
signing CA is worthy of their trust.

Damian


I'd be interested in hearing what you have to say about the hacker's claim at:
http://pastebin.com/85WV10EL

d) I'm able to issue windows update, Microsoft's statement about Windows Update and that I can't issue such update is 
totally false! I already reversed ENTIRE windows update protocol, how it reads XMLs via SSL which includes URL, KB no, 
SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API, and... Simply 
I can issue updates via windows update!


Thanks,

--Michael




Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Bjørn Mork
Cameron Byrne cb.li...@gmail.com writes:

 Yep. The CA business is one of trust. If the CA is not trusted, they are out
 of business.

You can rewrite that: Trust is the CA business.  Trust has a price.  If
the CA is not trusted, the price increases.

Yes, they may end up out of business because of that price jump, but you
should not neglect the fact that trust is for sale here.


Bjørn



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Joel jaeggli
On 9/10/11 23:30 , Damian Menscher wrote:
 On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote:
 
 On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com wrote:
 On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote:
 I like this response; instant CA death penalty seems to put the
 incentives about where they need to be.

 I wouldn't necessarily count them dead just yet;  although their legit
 customers must be very unhappy  waking up one day to find their
 legitimate working SSL certs suddenly unusable

 So DigiNotar lost their browser trusted  root CA status.  That
 doesn't necessarily mean they will
 be unable to get other root CAs to cross-sign CA certificates they
 will make in the future, for the right price.

 A cross-sign with CA:TRUE  is  just as good as being installed in
 users' browser.

 
 The problem here wasn't just that DigiNotar was compromised, but that they
 didn't have an audit trail and attempted a coverup which resulted in real
 harm to users.  It will be difficult to re-gain the trust they lost.
 
 Because of that lost trust, any cross-signed cert would likely be revoked by
 the browsers.  It would also make the browser vendors question whether the
 signing CA is worthy of their trust.

To pop up the stack a bit it's the fact that an organization willing to
behave in that fashion was in my list of CA certs in the first place.
Yes they're blackballed now, better late than never I suppose. What does
that say about the potential for other CAs to behave in such a fashion?

 Damian




Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread sthaug
 To pop up the stack a bit it's the fact that an organization willing to
 behave in that fashion was in my list of CA certs in the first place.
 Yes they're blackballed now, better late than never I suppose. What does
 that say about the potential for other CAs to behave in such a fashion?

I'd say we have every reason to believe that something similar *will*
happen again :-(

Steinar Haug, Nethelp consulting, sth...@nethelp.no



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-11 Thread Joe Greco
  Because of that lost trust, any cross-signed cert would likely be revoked by
  the browsers.  It would also make the browser vendors question whether the
  signing CA is worthy of their trust.
 
 To pop up the stack a bit it's the fact that an organization willing to
 behave in that fashion was in my list of CA certs in the first place.
 Yes they're blackballed now, better late than never I suppose. What does
 that say about the potential for other CAs to behave in such a fashion?

The average corporation much prefers to avoid the bad publicity and will
downplay most bad things.  Your favorite CA probably included.

I think that it's hard to cope with SSL.  It doesn't do the right things
for the right reasons.  Many of us, for example, operate local root CA's
for signing of internal stuff; all our company gear trusts our local
root CA and lots of stuff has certs issued by it.  In an ideal world,
this would mean that our gear talking to our gear is always secure, but
with other root CA's able to offer certs for our CN's, that isn't really
true.  That's frustrating.

The reality is that - for the average user -  SSL doesn't work well 
unless about 99% of the CA's used by the general public are included 
as trusted.  If a popular site like Blooble has a cert by DigiNotar
and the Firerox browser is constantly asking what to do, nothing really
good comes out of that ...  either people think Firerox blows, or they
learn to click on the ignore this (or worse the always trust this)
button.  In about 0.0% of the cases do they actually understand the
underlying trust issues.  So there's a great amount of pressure to
just make it magically work.

However, as the number of CA's accepted in most browsers increases, 
the security of the system as a whole decreases dramatically.  Yet
the market for $1000/year SSL certs is rather low, and the guys that
are charging bargain rates for low quality certs are perhaps doing
one good thing (enabling encryption) while simultaneously doing another
bad thing (destroying any quality in the system).  SSL is going to
have these problems as long as we maintain the current model.

In the long run, I expect all the CA's to behave something like this -
especially the ones that have more to lose if they were to become
suddenly untrustworthy. 

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread lgomes00
2011/9/11, Joel jaeggli joe...@bogus.com:
 On 9/10/11 23:30 , Damian Menscher wrote:
 On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote:

 On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com
 wrote:
 On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote:
 I like this response; instant CA death penalty seems to put the
 incentives about where they need to be.

 I wouldn't necessarily count them dead just yet;  although their legit
 customers must be very unhappy  waking up one day to find their
 legitimate working SSL certs suddenly unusable

 So DigiNotar lost their browser trusted  root CA status.  That
 doesn't necessarily mean they will
 be unable to get other root CAs to cross-sign CA certificates they
 will make in the future, for the right price.

 A cross-sign with CA:TRUE  is  just as good as being installed in
 users' browser.


 The problem here wasn't just that DigiNotar was compromised, but that they
 didn't have an audit trail and attempted a coverup which resulted in real
 harm to users.  It will be difficult to re-gain the trust they lost.

 Because of that lost trust, any cross-signed cert would likely be revoked
 by
 the browsers.  It would also make the browser vendors question whether the
 signing CA is worthy of their trust.

 To pop up the stack a bit it's the fact that an organization willing to
 behave in that fashion was in my list of CA certs in the first place.
 Yes they're blackballed now, better late than never I suppose. What does
 that say about the potential for other CAs to behave in such a fashion?

 Damian




-- 
Enviado do meu celular

Luciano P.Gomes
http://lgomes00.blogspot.com/



Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-11 Thread Mike Jones
On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote:
 You can rewrite that: Trust is the CA business.  Trust has a price.  If
 the CA is not trusted, the price increases.

 Yes, they may end up out of business because of that price jump, but you
 should not neglect the fact that trust is for sale here.


The CA model is fundamentally flawed in the fact that you have CAs
whose sole trustworthiness is the fact that they paid for an audit
(for Microsoft, lower requirements for others), they then issue
intermediate certificates to other companies (many web hosts and other
minor companies have them) whose sole trustworthiness is the fact
that they paid for an intermediate certificate, all of those
companies/organisations/people are then considered trustworthy enough
to confirm the identity of my web server despite the fact that none of
them have any connection at all to me or my website.

There is already a chain of trust down the DNS tree, if that is
compromised then my SSL is already compromised (if they control my
domain, they can verify they are me and get a certificate), what
happened to RFC4398 and other such proposals? EV certificates have a
different status and probably still need the CA model, however with
standard SSL certificates the only validation done these days is
checking someone has control over the domain. DNSSEC deployment is
advanced enough now to do that automatically at the client. We just
need browsers to start checking for certificates in DNS when making a
HTTPS connection (and if one is found do client side DNSSEC validation
- I don't trust my ISPs DNS servers to validate something like that,
considering they are the ones likely to be intercepting my connections
in the first place!).

It will take a while to get updated browsers rolled out to enough
users for it do be practical to start using DNS based self-signed
certificated instead of CA-Signed certificates, so why don't any
browsers have support yet? are any of them working on it?

- Mike



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-11 Thread Richard Barnes
There's an app^W^Wa Working Group for that.
http://tools.ietf.org/wg/dane/

On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote:
 On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote:
 You can rewrite that: Trust is the CA business.  Trust has a price.  If
 the CA is not trusted, the price increases.

 Yes, they may end up out of business because of that price jump, but you
 should not neglect the fact that trust is for sale here.


 The CA model is fundamentally flawed in the fact that you have CAs
 whose sole trustworthiness is the fact that they paid for an audit
 (for Microsoft, lower requirements for others), they then issue
 intermediate certificates to other companies (many web hosts and other
 minor companies have them) whose sole trustworthiness is the fact
 that they paid for an intermediate certificate, all of those
 companies/organisations/people are then considered trustworthy enough
 to confirm the identity of my web server despite the fact that none of
 them have any connection at all to me or my website.

 There is already a chain of trust down the DNS tree, if that is
 compromised then my SSL is already compromised (if they control my
 domain, they can verify they are me and get a certificate), what
 happened to RFC4398 and other such proposals? EV certificates have a
 different status and probably still need the CA model, however with
 standard SSL certificates the only validation done these days is
 checking someone has control over the domain. DNSSEC deployment is
 advanced enough now to do that automatically at the client. We just
 need browsers to start checking for certificates in DNS when making a
 HTTPS connection (and if one is found do client side DNSSEC validation
 - I don't trust my ISPs DNS servers to validate something like that,
 considering they are the ones likely to be intercepting my connections
 in the first place!).

 It will take a while to get updated browsers rolled out to enough
 users for it do be practical to start using DNS based self-signed
 certificated instead of CA-Signed certificates, so why don't any
 browsers have support yet? are any of them working on it?

 - Mike





RE: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Keith Medcalf
Damian Menscher wrote on 2011-09-11:

 Because of that lost trust, any cross-signed cert would likely be
 revoked by the browsers.  It would also make the browser vendors
 question whether the signing CA is worthy of their trust.

And therein is the root of the problem:  Trustworthiness is assessed by what 
you refer to as the browser vendors.  Unfortunately, there is no 
Trustworthiness assessment of those vendors.

The current system provides no more authentication or confidentiality than if 
everyone simply used self-signed certificates.  It is nothing more than theatre 
and provides no actual security benefit whatsoever.  Anyone believing otherwise 
is operating under a delusion.

--- Keith Medcalf
()  ascii ribbon campaign against html e-mail
/\  www.asciiribbon.org







Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Valdis . Kletnieks
On Sun, 11 Sep 2011 10:19:39 PDT, Joel jaeggli said:

 To pop up the stack a bit it's the fact that an organization willing to
 behave in that fashion was in my list of CA certs in the first place.
 Yes they're blackballed now, better late than never I suppose. What does
 that say about the potential for other CAs to behave in such a fashion?

I'm sure at least one of the other 250-odd certificates from 100-ish CA's
trusted by most browsers now are actually trustworthy. There is no evidence at
all that the average CA is any less trustworthy than the average DNS registrar.

However, this isn't as big a problem as one might think - the *only* thing that
an SSL sert gives you is you reached the host your browser tried to reach. It
does *not* validate the host you intended to reach, or whether you should
trust this host with your data, or any of a long set of interesting security
issues.  And that one question - did you reach the host your browser tried
to reach doesn't really mean much unless you have DNS and routing security
in place as well.  After all, if the IP you get for www.my-bank.com is 
incorrect,
or the route has been hijacked, what the cert says is pretty meaningless.

Considering that we seem to muddle along just fine with a DNS that doesn't
really do DNSSEC yet(*), and a lot of black and grey hat registrars out there,
and no real BGP security either,  maybe it isn't the sky is falling scenario
that a lot of people want to make it.

Or maybe we should all be even more worried. ;)

(*) Has anybody actually enabled only accept DNSSEC-signed A records
on an end user system and left it enabled for more than a day before
giving up in disgust? ;)


pgpC5Xn96bOYF.pgp
Description: PGP signature


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Valdis . Kletnieks
On Sun, 11 Sep 2011 13:00:09 MDT, Keith Medcalf said:
 The current system provides no more authentication or confidentiality
 than if everyone simply used self-signed certificates.

Not strictly true.  The current system at least gives you you have reached
the hostname your browser tried to reach.  A self-signed cert doesn't
even give you that.


pgpYXYAiRvyEY.pgp
Description: PGP signature


Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-11 Thread Aaron C. de Bruyn
I'm pretty fond of the idea proposed by gpgAuth.One key to rule them
all (and one password) combined with the client verifying the
server.It's still in its infancy, but it works.
-A
(Full disclosure: I work with the creator of gpgAuth in our day jobs)
On Sun, Sep 11, 2011 at 11:47, Richard Barnes richard.bar...@gmail.com wrote:
 There's an app^W^Wa Working Group for that.
 http://tools.ietf.org/wg/dane/

 On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote:
 On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote:
 You can rewrite that: Trust is the CA business.  Trust has a price.  If
 the CA is not trusted, the price increases.

 Yes, they may end up out of business because of that price jump, but you
 should not neglect the fact that trust is for sale here.


 The CA model is fundamentally flawed in the fact that you have CAs
 whose sole trustworthiness is the fact that they paid for an audit
 (for Microsoft, lower requirements for others), they then issue
 intermediate certificates to other companies (many web hosts and other
 minor companies have them) whose sole trustworthiness is the fact
 that they paid for an intermediate certificate, all of those
 companies/organisations/people are then considered trustworthy enough
 to confirm the identity of my web server despite the fact that none of
 them have any connection at all to me or my website.

 There is already a chain of trust down the DNS tree, if that is
 compromised then my SSL is already compromised (if they control my
 domain, they can verify they are me and get a certificate), what
 happened to RFC4398 and other such proposals? EV certificates have a
 different status and probably still need the CA model, however with
 standard SSL certificates the only validation done these days is
 checking someone has control over the domain. DNSSEC deployment is
 advanced enough now to do that automatically at the client. We just
 need browsers to start checking for certificates in DNS when making a
 HTTPS connection (and if one is found do client side DNSSEC validation
 - I don't trust my ISPs DNS servers to validate something like that,
 considering they are the ones likely to be intercepting my connections
 in the first place!).

 It will take a while to get updated browsers rolled out to enough
 users for it do be practical to start using DNS based self-signed
 certificated instead of CA-Signed certificates, so why don't any
 browsers have support yet? are any of them working on it?

 - Mike







Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-11 Thread James Harr
https://bugzilla.mozilla.org/show_bug.cgi?id=647959


--- SNIP ---
This is a request to add the CA root certificate for Honest Achmed's
Used Cars and Certificates.  The requested information as per the CA
information checklist is as follows:

1. Name
Honest Achmed's Used Cars and Certificates

2. Website URL
www.honestachmed.dyndns.org

3. Organizational type
Individual (Achmed, and possibly his cousin Mustafa, who knows a bit
about computers).

4. Primary market / customer base
Absolutely anyone who'll give us money.

5. Impact to Mozilla Users
Achmed's business plan is to sell a sufficiently large number of
certificates as quickly as possible in order to become too big to fail
(see regulatory capture), at which point most of the rest of this
application will become irrelevant.

--- SNIP ---



On Sun, Sep 11, 2011 at 5:20 PM, Aaron C. de Bruyn aa...@heyaaron.com wrote:

 I'm pretty fond of the idea proposed by gpgAuth.One key to rule them
 all (and one password) combined with the client verifying the
 server.It's still in its infancy, but it works.
 -A
 (Full disclosure: I work with the creator of gpgAuth in our day jobs)
 On Sun, Sep 11, 2011 at 11:47, Richard Barnes richard.bar...@gmail.com 
 wrote:
  There's an app^W^Wa Working Group for that.
  http://tools.ietf.org/wg/dane/
 
  On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote:
  On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote:
  You can rewrite that: Trust is the CA business.  Trust has a price.  If
  the CA is not trusted, the price increases.
 
  Yes, they may end up out of business because of that price jump, but you
  should not neglect the fact that trust is for sale here.
 
 
  The CA model is fundamentally flawed in the fact that you have CAs
  whose sole trustworthiness is the fact that they paid for an audit
  (for Microsoft, lower requirements for others), they then issue
  intermediate certificates to other companies (many web hosts and other
  minor companies have them) whose sole trustworthiness is the fact
  that they paid for an intermediate certificate, all of those
  companies/organisations/people are then considered trustworthy enough
  to confirm the identity of my web server despite the fact that none of
  them have any connection at all to me or my website.
 
  There is already a chain of trust down the DNS tree, if that is
  compromised then my SSL is already compromised (if they control my
  domain, they can verify they are me and get a certificate), what
  happened to RFC4398 and other such proposals? EV certificates have a
  different status and probably still need the CA model, however with
  standard SSL certificates the only validation done these days is
  checking someone has control over the domain. DNSSEC deployment is
  advanced enough now to do that automatically at the client. We just
  need browsers to start checking for certificates in DNS when making a
  HTTPS connection (and if one is found do client side DNSSEC validation
  - I don't trust my ISPs DNS servers to validate something like that,
  considering they are the ones likely to be intercepting my connections
  in the first place!).
 
  It will take a while to get updated browsers rolled out to enough
  users for it do be practical to start using DNS based self-signed
  certificated instead of CA-Signed certificates, so why don't any
  browsers have support yet? are any of them working on it?
 
  - Mike
 
 
 
 




--
^[:wq^M



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-11 Thread Valdis . Kletnieks
On Sun, 11 Sep 2011 15:20:51 PDT, Aaron C. de Bruyn said:
 I'm pretty fond of the idea proposed by gpgAuth.One key to rule them
 all (and one password) combined with the client verifying the
 server.It's still in its infancy, but it works.

Yes, but it needs to be something that either (a) Joe Sixpack never
sees, or (b) Joe Sixpack actually understands.  Are either of those
true?


pgpgCroNNWNdf.pgp
Description: PGP signature


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Jimmy Hess
On Sun, Sep 11, 2011 at 1:30 AM, Damian Menscher dam...@google.com wrote:
 On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote:
 Because of that lost trust, any cross-signed cert would likely be revoked by
 the browsers.  It would also make the browser vendors question whether the

I am not engaging in speculation that DigiNotar plans to continue to
operate, they have already stated so much.
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
VASCO does not expect that the DigiNotar security incident will have
a significant impact on the company’s future revenue or business
plans.

So long as DigiNotar can show what they are required to show when they
would request
re-signing, and another CA can legitimately cross-sign their cert,
following that CA's official
correct certification practices;  it's unlikely to lead to the signer
being revoked.

As far as we know, DigiNotar is not dead,  it is just a really great
example showing how broken TLS security model is.
The trust model hard-coded into the protocol is much weaker than the
cryptography.


Since the browsers already approved that root CA's certification
practices. Particularly not
if the cross-signer is one of the larger CAs such as  Thawte or Verisign   ---
the browser might as well  remove SSL support altogether, if they will
perform a revokation
that renders 40% of internet web server SSL certs invalid.

--
-JH



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Damian Menscher
On Sun, Sep 11, 2011 at 4:02 PM, Jimmy Hess mysi...@gmail.com wrote:

 On Sun, Sep 11, 2011 at 1:30 AM, Damian Menscher dam...@google.com
 wrote:
  On Fri, Sep 9, 2011 at 11:33 PM, Jimmy Hess mysi...@gmail.com wrote:
  Because of that lost trust, any cross-signed cert would likely be revoked
 by
  the browsers.  It would also make the browser vendors question whether
 the

 I am not engaging in speculation that DigiNotar plans to continue to
 operate, they have already stated so much.

 http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
 VASCO does not expect that the DigiNotar security incident will have
 a significant impact on the company’s future revenue or business
 plans.


I think you are misinterpreting that statement -- I interpret it as meaning
VASCO will continue to exist, and possibly buy another root CA to continue
their business plans.  (They had only recently acquired DigiNotar.)

Damian
-- 
Damian Menscher :: Security Reliability Engineer :: Google


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Mark Andrews

In message 146102.1315769...@turing-police.cc.vt.edu, valdis.kletni...@vt.edu
 writes:
 (*) Has anybody actually enabled only accept DNSSEC-signed A records
 on an end user system and left it enabled for more than a day before
 giving up in disgust? ;)

No.  But I run with reject anything that doesn't validate and
have for several years now and that doesn't suck.  We will never
be in a world where all DNS records validate unless we do DNSng and
that DNSng requires that all answers be signed.

Except as a academic exercise, I would never expect anyone would
configure a validator to require that all answers validate as secure.

DNSSEC gives you provable secure, provable insecure and bogus.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Christopher Morrow
somewhat rhetorically...

On Sun, Sep 11, 2011 at 2:30 AM, Damian Menscher dam...@google.com wrote:

 Because of that lost trust, any cross-signed cert would likely be revoked by
 the browsers.  It would also make the browser vendors question whether the
 signing CA is worthy of their trust.

given a list of ca's and certs to invalidate ... how large a list
would be practical in a browser? (baked in I mean)
  (not very, relative to the size of the domain system today)
Is this scalable?
  (no)
Is this the only answer we have left?
  (no)

-chris
(I'm not sure what better answers there are to the situation we are in
today, I do like the work in DANE-WG though... it'll be a while before
it's practical to use though, I fear)



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Christopher Morrow
On Sun, Sep 11, 2011 at 3:37 PM,  valdis.kletni...@vt.edu wrote:
 On Sun, 11 Sep 2011 13:00:09 MDT, Keith Medcalf said:
 The current system provides no more authentication or confidentiality
 than if everyone simply used self-signed certificates.

 Not strictly true.  The current system at least gives you you have reached
 the hostname your browser tried to reach.  A self-signed cert doesn't
 even give you that.

really? even in the face of CA's that have signed certs for existing
domains (to not the domain owners)?

If I have a thawte cert for valdis.com on host A and one from comodo
on host B... which is the right one?



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-11 Thread Christopher Morrow
On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote:
 EV certificates have a
 different status and probably still need the CA model

what's the real benefit of an EV cert? (to the service owner, not the
CA, the CA benefit is pretty clearly $$)

-chris
(I've never seen the value in EV or even DV certs really... so I'm
actually curious what the value other see in them is)



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-11 Thread Jimmy Hess
On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:

 what's the real benefit of an EV cert? (to the service owner, not the
 CA, the CA benefit is pretty clearly $$)

The benefit is to the end user.
They see a green address bar  with the company's name displayed.

Yeah, company's name displayed -- individuals cannot apply for EVSSL certs.


With normal certs, the end user doesn't see a green address bar, and
instead of the company's
name displayed (unknown) is displayed and
This web site does not supply ownership information.  is displayed.

If you ask me, hiding the company's name even when present on a non-EVSSL
cert is tantamount to saying  Only EV-SSL certs are really trusted anyways.

So maybe  instead of these shenanigans browser makers should have just
started displaying a don't trust this site warning for any non-EVSSL cert.

--
-JH



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-11 Thread Christopher Morrow
On Sun, Sep 11, 2011 at 10:23 PM, Jimmy Hess mysi...@gmail.com wrote:
 On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow
 morrowc.li...@gmail.com wrote:

 what's the real benefit of an EV cert? (to the service owner, not the
 CA, the CA benefit is pretty clearly $$)

 The benefit is to the end user.
 They see a green address bar  with the company's name displayed.

 Yeah, company's name displayed -- individuals cannot apply for EVSSL certs.


this isn't really a benefit though, is it? isn't the domain-name in
the location bar doing the same thing?



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-11 Thread Hughes, Scott GRE-MG
On Sep 11, 2011, at 9:44 PM, Christopher Morrow morrowc.li...@gmail.com 
wrote:

 On Sun, Sep 11, 2011 at 10:23 PM, Jimmy Hess mysi...@gmail.com wrote:
 On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow
 morrowc.li...@gmail.com wrote:
 
 what's the real benefit of an EV cert? (to the service owner, not the
 CA, the CA benefit is pretty clearly $$)
 
 The benefit is to the end user.
 They see a green address bar  with the company's name displayed.
 
 Yeah, company's name displayed -- individuals cannot apply for EVSSL certs.
 
 
 this isn't really a benefit though, is it? isn't the domain-name in
 the location bar doing the same thing?

No. As a counter example... How may domain names do Wells Fargo and Citibank 
(Citi Corp? Citi Group?) operate respectively? I'm a customer, and I can't keep 
it straight. 

Companies that wrap their services with generic domain names (paymybills.com 
and the like) have no one to blame but themselves when they are targeted by 
scammers and phishing schemes. Even EV certificates don't help when consumers 
are blinded by subsidiary companies and sister companies daily (Motorola 
Mobility a.k.a. Google vs. Motorola Solutions.)


NOTICE TO RECIPIENT: The information contained in this message from
Great River Energy and any attachments are confidential and intended
only for the named recipient(s). If you have received this message in 
error, you are prohibited from copying, distributing or using the
information. Please contact the sender immediately by return email and
delete the original message.


 




Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-11 Thread Christopher Morrow
On Sun, Sep 11, 2011 at 11:06 PM, Hughes, Scott GRE-MG
shug...@grenergy.com wrote:
 Companies that wrap their services with generic domain names (paymybills.com 
 and the like) have no one to blame but themselves when they are targeted by 
 scammers and phishing schemes. Even EV certificates don't help when consumers 
 are blinded by subsidiary companies and sister companies daily (Motorola 
 Mobility a.k.a. Google vs. Motorola Solutions.)

So, part of my point here about ev/dv/etc certs is that in almost all
cases of consumer fraud and protection, HTTPS is never used. Hell,
half the spams I get are
http://IP_ADDRESS/somethign/something/something.php ... Falling back
on the 'well ev certs are there to provide protection to the consumer'
is just FUD (I think).

again, not seeing a benefit here...

-chris



Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

2011-09-11 Thread William Allen Simpson

On 9/11/11 11:28 PM, Christopher Morrow wrote:

On Sun, Sep 11, 2011 at 11:06 PM, Hughes, Scott GRE-MG
shug...@grenergy.com  wrote:

Companies that wrap their services with generic domain names (paymybills.com 
and the like) have no one to blame but themselves when they are targeted by 
scammers and phishing schemes. Even EV certificates don't help when consumers 
are blinded by subsidiary companies and sister companies daily (Motorola 
Mobility a.k.a. Google vs. Motorola Solutions.)


So, part of my point here about ev/dv/etc certs is that in almost all
cases of consumer fraud and protection, HTTPS is never used. Hell,
half the spams I get are
http://IP_ADDRESS/somethign/something/something.php ... Falling back
on the 'well ev certs are there to provide protection to the consumer'
is just FUD (I think).

again, not seeing a benefit here...


Normally, I heart my Mac.  But Apple in its infinite wisdom decided that
EV certificates are so much better, they refused to honor my edit of my
own system keychain!

So, negative benefit for the consumer.



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

2011-09-11 Thread Marcus Reid
On Sun, Sep 11, 2011 at 01:34:43PM -0500, Joe Greco wrote:
   Because of that lost trust, any cross-signed cert would likely be revoked 
   by
   the browsers.  It would also make the browser vendors question whether the
   signing CA is worthy of their trust.
  
  To pop up the stack a bit it's the fact that an organization willing to
  behave in that fashion was in my list of CA certs in the first place.
  Yes they're blackballed now, better late than never I suppose. What does
  that say about the potential for other CAs to behave in such a fashion?
 
 The average corporation much prefers to avoid the bad publicity and will
 downplay most bad things.  Your favorite CA probably included.
 
 I think that it's hard to cope with SSL.  It doesn't do the right things
 for the right reasons.  Many of us, for example, operate local root CA's
 for signing of internal stuff; all our company gear trusts our local
 root CA and lots of stuff has certs issued by it.  In an ideal world,
 this would mean that our gear talking to our gear is always secure, but
 with other root CA's able to offer certs for our CN's, that isn't really
 true.  That's frustrating.

You don't have to have the big fat Mozilla root cert bundle on your
machines.  Some OSes ship with an empty /etc/ssl, nobody tells you who
you trust.

 The reality is that - for the average user -  SSL doesn't work well 
 unless about 99% of the CA's used by the general public are included 
 as trusted.  If a popular site like Blooble has a cert by DigiNotar
 and the Firerox browser is constantly asking what to do, nothing really
 good comes out of that ...  either people think Firerox blows, or they
 learn to click on the ignore this (or worse the always trust this)
 button.  In about 0.0% of the cases do they actually understand the
 underlying trust issues.  So there's a great amount of pressure to
 just make it magically work.

How about a TXT record with the CN string of the CA cert subject in it?
If it exists and there's a conflict, don't trust it.  Seems simple
enough to implement without too much collateral damage.

 However, as the number of CA's accepted in most browsers increases, 
 the security of the system as a whole decreases dramatically.  Yet
 the market for $1000/year SSL certs is rather low, and the guys that
 are charging bargain rates for low quality certs are perhaps doing
 one good thing (enabling encryption) while simultaneously doing another
 bad thing (destroying any quality in the system).  SSL is going to
 have these problems as long as we maintain the current model.

I like the added chrome that the new browsers have for EV certs, but
users need to be stabbed in the face, green vs. blue doesn't really do
it.

 In the long run, I expect all the CA's to behave something like this -
 especially the ones that have more to lose if they were to become
 suddenly untrustworthy. 

Yes, how do you think Verisign/Thawte/Symantec would behave if they
found that their keys were compromised?  They might do the right thing,
because they're not stupid enough to think they could get away with
trying to cover it up.  What would the browser vendors do in that case?
I hope there's a contingency plan, and if there is it seems like it
should be made public.

Marcus



RE: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-11 Thread Hank Nussbacher

At 13:00 11/09/2011 -0600, Keith Medcalf wrote:

Damian Menscher wrote on 2011-09-11:

 Because of that lost trust, any cross-signed cert would likely be
 revoked by the browsers.  It would also make the browser vendors
 question whether the signing CA is worthy of their trust.

And therein is the root of the problem:  Trustworthiness is assessed by 
what you refer to as the browser vendors.  Unfortunately, there is no 
Trustworthiness assessment of those vendors.


The current system provides no more authentication or confidentiality than 
if everyone simply used self-signed certificates.  It is nothing more than 
theatre and provides no actual security benefit whatsoever.  Anyone 
believing otherwise is operating under a delusion.


The problem is about lack of pen-testing and a philosphy of security.  In 
order to run a CA, one not only has to build the infrastructure but also 
have constant external pen-testing and patch management in place.  Whether 
it be Comodo or RSA or now Diginotar, unless an overwhelming philosphy of 
computer and network security is paradigmed into the corporate DNA, this 
will keep happening - and not only to CAs but to the likes of Google, 
Cisco, Microsoft, etc. (read - APT attacks).


If 60% of your employees will plug in a USB drive they find in the parking 
lot, then you have failed:

http://www.bloomberg.com/news/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html

The problem for us as a community if to find a benchmark of which company 
does have a clue vs those that don't.  Until then, it will just be 
whack-a-mole/CA.


-Hank







--- Keith Medcalf
()  ascii ribbon campaign against html e-mail
/\  www.asciiribbon.org





Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-10 Thread Jimmy Hess
On Fri, Sep 9, 2011 at 4:48 PM, Marcus Reid mar...@blazingdot.com wrote:
 On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote:
 I like this response; instant CA death penalty seems to put the
 incentives about where they need to be.

I wouldn't necessarily count them dead just yet;  although their legit
customers must be very unhappy  waking up one day to find their
legitimate working SSL certs suddenly unusable

So DigiNotar lost their browser trusted  root CA status.  That
doesn't necessarily mean they will
be unable to get other root CAs to cross-sign CA certificates they
will make in the future, for the right price.

A cross-sign with CA:TRUE  is  just as good as being installed in
users' browser.


--
-JH



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-10 Thread Jimmy Hess
On Sat, Sep 10, 2011 at 3:47 AM, Heinrich Strauss
heinr...@hstrauss.co.za wrote:
 On 2011/09/10 05:06, Michael DeMan wrote:
 I though wildcards were limited to having a domain off a TLD - like
 '*.mydomain.tld'.
The root CAs are have no technical limitation in regards to what kind
of certificates they can issue.
There is no inherent reason that technical limitations cannot be
imposed...  there are mechanisms available to do this,
if the original CA certificates were issued with restrictions:
  http://tools.ietf.org/html/rfc3280#section-4.2.1.11

Special limitations or  security warnings  can be raised by
individual browsers above and beyond the certificate validation rules.
I would be in favor of each  root CA certificate being name
constrained to  CNs of one TLD  per CA  certificate,  so that root CA
orgs would need a separate CA cert and separate private key for each
TLD  that CA is authorized to issue certificates in.
It would be useful if the name restriction would be extended further
to allow  2nd level wildcards to be prohibited such as  CN=*.com
or   CN=*.*.com

Browsers will honor * in hostname components of the CN field as
required by the RFCs.. however  a  *.mydomain.tld  certificate
does not match www.mydomain.tld, *.*.mydomain.tld  does.

Some CAs have partaken in problematic practices such  as issuing SSL
certificates with  RFC1918 IP addresses,
or  unofficial  TLDs  in the CN or  subject alternative names  section.
see   
https://wiki.mozilla.org/CA:Problematic_Practices#Issuing_SSL_Certificates_for_Internal_Domains

If all the root CA certificates become name constrained,  such
problematic practices should cease.

--
-JH



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-09 Thread Marcus Reid
On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote:
 FYI!!!
 
 http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee
 ms_all_diginotar_certificates_untrust.html
 
 Google and Mozilla have also updated their browsers to block all DigiNotar
 certificates, while Apple has been silent on the issue, a emblematic zombie
 response!

Apple has sent out a notification saying that they are removing
DigiNotar from their list of trusted root certs.

I like this response; instant CA death penalty seems to put the
incentives about where they need to be.

Marcus



Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-09 Thread Michael DeMan
Sorry for being ignorant here - I have not even been aware that it is possible 
to buy a '*.*.com' domain at all.

I though wildcards were limited to having a domain off a TLD - like 
'*.mydomain.tld'.

Is it true that the my browser on a windows, mac, or linux desktop may have 
listed as trusted authorities, an outfit that sells '*.*.tld' ?

Thanks,

- Mike

On Sep 9, 2011, at 2:54 PM, Paul wrote:

 On 09/09/2011 11:48 AM, Marcus Reid wrote:
 On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote:
 FYI!!!
 
 http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee
 ms_all_diginotar_certificates_untrust.html
 
 Google and Mozilla have also updated their browsers to block all DigiNotar
 certificates, while Apple has been silent on the issue, a emblematic zombie
 response!
 Apple has sent out a notification saying that they are removing
 DigiNotar from their list of trusted root certs.
 
 I like this response; instant CA death penalty seems to put the
 incentives about where they need to be.
 
 Marcus
 
 Instant?  This has been going on for over a week, and a lot of damage could 
 have been done in that time, especially given certs for *.*.com were signed 
 against Diginotar.  Most cell phones are unable to update their certificates 
 without an upgrade and you know how long it takes to get them through Cell 
 Phone carriers.  A number of alternative android builds are adding the 
 ability to control accepted root certs to their builds in the interest of 
 speeding this up.  The CA system is fundamentally flawed.
 
 Paul
 




Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-09 Thread Dan White

On 09/09/11 20:06 -0700, Michael DeMan wrote:

Sorry for being ignorant here - I have not even been aware that it is
possible to buy a '*.*.com' domain at all.

I though wildcards were limited to having a domain off a TLD - like 
'*.mydomain.tld'.

Is it true that the my browser on a windows, mac, or linux desktop may
have listed as trusted authorities, an outfit that sells '*.*.tld' ?


The issue is that a trusted third party's (Diginotar) trusted signing
certificate was stolen, allowing the holder to create and sign whatever
certificates he wished, which don't necessarily need to be wildcard certs
to be effective.

Certificate signers are not restricted to any domain hierarchy (a design
feature of x.509 pki), which means that *any* trusted stolen signing
certificate can wreak havok on the trusted nature of x.509.

Even the hint that the claimed Diginotar cracker has gotten her hands
on several other signing certificates may be significant motivation to find
a replacement for the existing x.509 based pki.


On Sep 9, 2011, at 2:54 PM, Paul wrote:


On 09/09/2011 11:48 AM, Marcus Reid wrote:

On Wed, Sep 07, 2011 at 09:17:10AM -0700, Network IP Dog wrote:

FYI!!!

http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee
ms_all_diginotar_certificates_untrust.html

Google and Mozilla have also updated their browsers to block all DigiNotar
certificates, while Apple has been silent on the issue, a emblematic zombie
response!

Apple has sent out a notification saying that they are removing
DigiNotar from their list of trusted root certs.

I like this response; instant CA death penalty seems to put the
incentives about where they need to be.

Marcus


Instant?  This has been going on for over a week, and a lot of damage could 
have been done in that time, especially given certs for *.*.com were signed 
against Diginotar.  Most cell phones are unable to update their certificates 
without an upgrade and you know how long it takes to get them through Cell 
Phone carriers.  A number of alternative android builds are adding the ability 
to control accepted root certs to their builds in the interest of speeding this 
up.  The CA system is fundamentally flawed.

Paul


--
Dan White



Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-07 Thread Network IP Dog
FYI!!!

http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee
ms_all_diginotar_certificates_untrust.html

Google and Mozilla have also updated their browsers to block all DigiNotar
certificates, while Apple has been silent on the issue, a emblematic zombie
response!

Cheers. 


Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

2011-09-07 Thread Alexander Harrowell
On Wednesday 07 Sep 2011 17:17:10 Network IP Dog wrote:
 FYI!!!
 
 
http://seattletimes.nwsource.com/html/microsoftpri0/2016132391_microsoft_dee
 ms_all_diginotar_certificates_untrust.html
 
 Google and Mozilla have also updated their browsers to block all 
DigiNotar
 certificates, while Apple has been silent on the issue, a emblematic 
zombie
 response!
 
 Cheers. 
 


It would be really nice if the folk at Twitter would fix their images 
servers (i.e si*.twimg.com) to use a non-evil CA (i.e. not Comodo or 
DigiNotar or Bubba Gump's Bait, Firearms  Crypto Verification). Not 
that user pics are a great loss, but if you use 
Tweetdeck/Seesmic/whatever, the constant SSL cert warnings from dozens-
to-hundreds of user pics are noisy.


This is trivial whining on my part but it is operational.

-- 
The only thing worse than e-mail disclaimers...is people who send e-mail 
to lists complaining about them


signature.asc
Description: This is a digitally signed message part.