Mozilla Accepts Chinese CNNIC Root CA Certificate

Josh Triplett writes "Last October, Mozilla accepted the China Internet Network Information Center as a trusted CA root (Bugzilla entry). This affects Firefox, Thunderbird, and other products built on Mozilla technologies. The standard period for discussion passed without comment, and Mozilla accepted CNNIC based on the results of a formal audit. Commenters in the bug report and the associated discussion have presented evidence that the Chinese government controls CNNIC, and surfaced claims of malware production and distribution and previous man-in-the-middle attacks in China via their secondary CA root from Entrust. As usual, please refrain from blindly chiming into the discussion without supporting evidence. Since Mozilla has already accepted CNNIC as a trusted root CA, the burden rests with those who argue for its removal."

Given they've bowed to Chinese pressure

[sethstorm]

...is there a straightforward way to mark CNNIC as untrusted?

Disagree with the premise.

[Jane+Q.+Public]

"Since Mozilla has already accepted CNNIC as a trusted root CA, the burden rests with those who argue for its removal."

I am not sure I agree with this. When accepting something that is very controversial, like for example accepting CNNIC as a neutral authority, or backing a perpetual-motion technology, the burden may very well be on the actor to defend its actions.

Something more substantial than Wikipedia ?

[Antiocheian]

"surfaced claims of malware production and distribution"

This claim cites Wikipedia and in particular this unverifiable, POV-ridden paragraph:

"CNNIC produces one of the best-known malwares in China: the Chinese-Language-Surfing Official Edition(). The software is frequently bundled with other adware/sharewares. It was declared malware by Beijing Network Industry Association() and San Ji Wu Xian Co Ltd., the company behind 360 Safeguard(360), an anti-virus software. San Ji Wu Xian was sued by CNNIC for 150,000 RMB and the court ruled out favorably towards CNNIC."

Which libels CNNIC for connections with malware while the only case against CNNIC was actually ruled towards their favor.

Why is CNNIC untrustworthy ? In plain English please.

Re:Something more substantial than Wikipedia ?

[brennz]

Are you saying the court system in China is (A) open, fair, and impartial, particularly when it judges a case involving (B) the Chinese Govt vs a defendant anti-spyware company?

Re:Something more substantial than Wikipedia ?

[Dahan]

Agreed--I'd like to see some real evidence too (Chinese language is fine). As far as I can tell, this is the story: CNNIC does have a "Chinese Language Surfing" product, which enables the use of Chinese domain names, among other things. (ICANN approved non-ASCII ccTLDs late last year, but the Chinese have been using browser plugins and the like to get the same effect for years. This probably isn't the best article about it, but it was what came up when I tried to search for an article that explained it: China's New Domain Names: Lost in Translation.)

AFAICT, "Chinese Language Surfing" isn't malware--it does what it says it does. However, it does seem unusually protective of itself once installed--but not to the point that the uninstaller doesn't work. Also, while CNNIC doesn't endorse this, apparently "Chinese Language Surfing" gets automatically installed (without user consent) by other programs. This has led to some antimalware-software vendors listing it as malware. E.g., MS calls it BrowserModifier:Win32/CNNIC, and has this to say about it:

BrowserModifier:Win32/CNNIC enables Chinese keyword searching in Internet Explorer and adds support for other applications to use Chinese domain names that registered with CNNIC (China Internet Network Information Center). This program is often installed as part of a shareware or freeware program, with or without user consent. BrowserModifier:Win32/CNNIC also contains a kernel driver that protects its files and registry settings from being modified or deleted. The program also includes automatic self-update functionality.

FWIW, I tried installing CNNIC's product in a virtual machine while running Sysinternals' ProcMon, and didn't spot anything super-suspicious--it did install a driver as MS said, which did seem excessive. And it did add a menu item to IE, but it didn't cause me to get any more popup ads. Seemed well-behaved, as far as I could tell (not that I spent much time with it). I then uninstalled it, and it seemed to remove itself cleanly, including the driver.

Personally, I would definitely be annoyed if it got installed without my consent, but the program itself does not meet my definition of "malware". Now if anyone has evidence that it's secretly nefarious and does more than what it claims to, please post the details.

Re: As usual, please refrain from blindly chiming

[jcoy42]

Why should I let Mozilla, a large group with contradictory desires and many masters, control whether I delist it as a trusted root?

Because Mozilla is capable of doing it and most computer users are (effectively) not.

Because we care about what happens to the internet.

Because it's going to be our mom's machine, and we'll have to fix it.

Re:Was pointing towards something like a CRL.

[mlts]

What is ironic is that I can do this in IE with no problems. I drag a certificate to the untrusted store, either systemwide or as a user, and even if root certs are updated, that cert remains untrusted.

Re:Was pointing towards something like a CRL.

No, they can't...at least not if you do the extra leg work necessary to check the certificate yourself. Adding their CA cert to the browser only gives them the ability to generate certificates that are accepted based on that CA cert. You can still view the certificate information to see which CA cert originated the certificate being used to secure your session.

Try it yourself. Got to https://addons.mozilla.com/ and examine the cert. You'll see that it was issued by Verisign. Any certificate issued by CNNIC would show up as being issued by CNNIC. If you verify that the certificate that secures the session used to pull the extension originated from a historically-trusted CA rather than this new, suspect, CA, you can be sure that the Chinese government has not used the inclusion of the CNNIC CA certificate to perform a MitM attack on that session.

Re:Does anyone notable *not* support CNNIC?

Chrome does not.

This looks wrong. On my install of Chrome 4.0.249.78 on Windows XP, under:

    Customize and control Google Chome -> Options -> Under the Hood -> Manage certificates -> Trusted Root Certification Authorities

I see in the alphabetized list:

    CNNIC ROOT / CNNIC ROOT / 4/15/2027 / CNNIC Root

Is this a Windows or Chrome thing?

Something strange about the entry: Under the "Advanced..." button all thirty or so purposes except "Client Authentication" and "Secure Email" are enabled. However, clicking on the "View" button show a shorter list of purposes but that shorter list includes "Protects e-mail messages" and "Secure Email". Which list is right?

Re:restricting it to *.cn would make sense

[ScrewMaster]

Seeing as China makes lots of the core internet routers these days (with quickly growing market share) there is every reason to assume we're getting man-in-the-middle pwned.

I'm not in *.cn, and I'm not visiting *.cn, so why in Hell should this certificate apply to me? If suddenly www.adobe.com is signed by China, there sure is a problem!

It's funny, you know ... if we were all buying high-end routers from Russia everyone would flipping out about security. But China makes inroads on that market (with the obvious intention of dominating it) and nobody really seems too upset. You have to assume that a hostile totalitarian state might try to exploit that advantage in some way.

Weird. And I always thought denial was a river.

Re:Centralized key distribution hierarchy failure.

[argent]

There are different failure modes.

If you know that the victim has not visited a given site before you can MITM them undetectably, but the attack doesn't scale. On the other hand the centralized key distribution hierarchy is vulnerable to widespread undetected MITM attacks if the hierarchy is compromised, where the SSH model would produce a large number of suspicious reports in that scenario... leading to the unmasking of the perpetrator.

Re:Centralized key distribution hierarchy failure.

Firstly, SSH requires out-of-band key exchanges. You know, like over a USB stick or something. There is no secure certificate exchange. So, in other words, no-one could ever get the certificates for 99.9% of websites.

Secondly, keys *do* change all the time; as they should. No matter how many bits you use, your certificate shouldn't go more than a few years without being renewed, or you put the key at risk of attack.

Thirdly, there would be no mechanism for revoking a certificate once compromised.

In short, no. Put more thought into what the systems you are proposing are actually trying to achieve.

Re:The role of SSL/TLS

[russotto]

SSL DOES NOT ATTEMPT TO GUARANTEE ANYTHING APART FROM AUTHENTICTY

Uh, no. It guarantees against eavesdropping as well.

As it appears, this mob have verified their identity sufficiently for Mozilla to decide they are able to put something on the interweb and verify they put it there.

No. They can now put anything on the web _as any name they like_ and verify that the authorized user of that name did so. For instance, they can put up their own "www.gmail.com" site that verifies as real; it can even say the certificate was issued to Google.

Re: As usual, please refrain from blindly chiming

[travd]

Not sure about Opera, but here is the resolution of the same issue for Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=340198

Re:Was pointing towards something like a CRL.

[FreelanceWizard]

This will work, but the certificate is still "trusted" in a sense. The best way is, as the parent noted, to use the Certificates snap-in in MMC to move the certificate to the Untrusted store. Doing so permanently removes trust for that certificate and, thus, all of the certificates that chain to it. This approach is also useful in that it blocks trust of the certificate for any purpose by any program that uses the cryptographic functions in Windows for verifying certificate trust.

Re: As usual, please refrain from blindly chiming

[kestasjk]

Doesn't Firefox warn you if a key for a certain domain suddenly changes to something different? Remember these guys sign keys, they say "this guy is who he says he is", does that really give them the power to listen in on people?
They can only do so by replacing the key with something new, which probably generates a big security warning, and then they have to reencrypt it with the old key, so they do have to intercept communication and not just listen in.

I don't know if you should be concerned about that yet, unless you're Chinese (in which case what is the alternative? only trust American businesses with American CAs?)

Re: As usual, please refrain from blindly chiming

[u38cg]

Not if it continues to be signed back to a root, which is the point. A previous employer of mine had its own root cert in our (IE6) browsers and I only noticed after a similar, related discussion on Slashdot caused me to look. I removed it temporarily and yep, all https traffic was being MITM'd. Given the nature of the organisation, it was understandable that they had to be able to audit such traffic, but that doesn't excuse them not talking about it. I later mentioned it to a 2nd line tech who was doing something unrelated and it was news to him, too.