Mozilla Asks All CAs To Audit Security Systems

← Back to Stories (view on slashdot.org)

Mozilla Asks All CAs To Audit Security Systems

Posted by timothy on Thursday September 8, 2011 @08:34AM from the security-to-electronics-for-an-aisle-sweep dept.

Trailrunner7 writes "Already having revoked trust in all of the root certificates issued by DigiNotar, Mozilla is taking steps to avoid having to repeat that process with any other certificate authority trusted by Firefox, asking all of the CAs involved in the root program to conduct audits of their PKIs and verify that two-factor authentication and other safeguards are in place to protect against the issuance of rogue certificates."

77 comments

Min score:

Reason:

Sort:

At least stick the CA keys in HSMs... by Anonymous Coward · 2011-09-08 08:39 · Score: 1

Please... at least put the CA private keys in HSMs so there is an audit trail if everything else gets haxxored around.
1. Re:At least stick the CA keys in HSMs... by Anonymous Coward · 2011-09-08 08:53 · Score: 1
  
  Well, I think the Comodohacker alluded that the DigiNotar's netHSM was hacked, which, if that's not bs, means that there could be a 0-day in OpenBSD. Or, maybe the so-called NETSEC backdoor is real and the dude is exploiting it.
  Allegations of OpenBSD Backdoors May be True, Updated
BOOGY WOOGY !! by Anonymous Coward · 2011-09-08 08:40 · Score: 0

Buggle Boy !!
Of Company B !!
1. Re:BOOGY WOOGY !! by Anonymous Coward · 2011-09-08 08:59 · Score: 1
  
  1. You're stupid.
  2. It's bugle, not buggle. Buggle isn't a word.
  3. You're stupid.
2. Re:BOOGY WOOGY !! by Anonymous Coward · 2011-09-08 09:47 · Score: 0
  
  Buggle isn't a word.
  You're (somewhat) wrong.
why don't they do this already? by swan5566 · 2011-09-08 08:43 · Score: 3, Insightful

This should be done on a regular basis anyway, and that by a third party.

--
In debates about Christianity, there are two groups: those looking for answers, and those looking to just ask questions.
If you ask nicely enough... by dremspider · 2011-09-08 08:46 · Score: 5, Insightful

If you ask nicely enough maybe they will do something about all their problems. What needs to happen is Mozilla needs to get with Microsoft, Chrome, Apple etc and say unless you submit yourself to an INDEPENDENT audit you will be revoked from our default trusted root certs. SSL has been destroyed, not because of protocol problems but because of the companies running the show. It was a race to the bottom from the beginning. Who could provide the cheapest service and make the most profit off of it. This model doesn't mesh well with Security and never will. Once one company operates their systems cheaply, everyone else must follow so as to maintain low prices.
1. Re:If you ask nicely enough... by Anonymous Coward · 2011-09-08 09:08 · Score: 1
  
  Who could provide the cheapest service and make the most profit off of it. This model doesn't mesh well with Security and never will. Once one company operates their systems cheaply, everyone else must follow so as to maintain low prices.
  Security does not need to be expensive to be good.
  But these companies were not in business to provide security services.
2. Re:If you ask nicely enough... by StripedCow · 2011-09-08 09:21 · Score: 4, Informative
  
  ...unless you submit yourself to an INDEPENDENT audit you will be revoked from our default trusted root certs
  In the case of Diginotar, Price Waterhouse Coopers was doing the audits.
  
  --
  If Pandora's box is destined to be opened, *I* want to be the one to open it.
3. Re:If you ask nicely enough... by BZ · 2011-09-08 09:23 · Score: 1
  
  DigiNotar is not exactly an example of race to the bottom on price... more like a monopoly jacking up prices.
4. Re:If you ask nicely enough... by Eol1 · 2011-09-08 09:24 · Score: 1
  
  The problem here is you need an outside audit which they won't agree to as it might introduce liability. An independent audit doesn't mean anything (I used to be an auditor) as the audit firm wants repeat business.
  
  --
  De Oppresso Liber
5. Re:If you ask nicely enough... by tlhIngan · 2011-09-08 10:12 · Score: 1
  
  The problem here is you need an outside audit which they won't agree to as it might introduce liability. An independent audit doesn't mean anything (I used to be an auditor) as the audit firm wants repeat business.
  Easy. Microsoft, Mozilla, Apple, Opera pay auditors to audio every CA on their list. Auditors report to this consortium with yea or nay. If it's nay, vendors don't include CA on list of approved root CAs.
  CAs that don't agree to independent audio - certificate not included.
  CAs that fail - certificate not included.
  CAs that pass - their certificate is there until the next audit.
  Auditors paid by consortium - it doesn't matter if CA passes or fails - in fact, if the CA fails, they may resubmit for audits, giving auditors more reason to fail a CA (more business for them).
  Basically, the root CAs are very valuable - a CA can't sell certs otherwise. Microsoft, Apple, Opera, Mozilla - they hold the key to the list of CAs on that list. Maybe Google too for Android.
6. Re:If you ask nicely enough... by ObsessiveMathsFreak · 2011-09-08 10:13 · Score: 5, Insightful
  
  What needs to happen is Mozilla needs to get with Microsoft, Chrome, Apple etc and say unless you submit yourself to an INDEPENDENT audit you will be revoked from our default trusted root certs.
  The recent "Too big to fail" CA == Bank comparision story was all too succinct a comparision, and this method won't work for the same reason an independent audit of the banks won't work. In short, most if not all CAs are likely security bankrupt.
  Investigation is likely to find that CAs are only one step above flight by night organisations, with slipshod practices, procedures and security at every possible level, from the main servers to the secretaries email inbox. Are you ready to deal with the fallout from such revelations?
  Are you ready to actually revoke security authentication from millions of sites across the internet? Are you ready to deal with every major browser throwing a blue screaming fit every time a user connects to a major web commerce login? Are you ready and able unclog a seized up system, signed up to by every major player on the internet, and which a substantial portion of the modern net itself now rests on?
  The major problem here is the browsers, and Mozilla's actions here--requesting the CAs to police themselves--are exactly analogous to how our international banking system was woefully mismanaged over the last decades. What Mozilla should be doing is moving away from reliance on the Certification Authority system altogether. It has failed. It has become dangerous to users and website. It must be replaced or abandoned.
  Removing the DEFCON 2 warnings for self signed certs will be the first step in the right direction. Until then, Mozilla is just continuing to be part of the problem.
  
  --
  May the Maths Be with you!
7. Re:If you ask nicely enough... by ObsessiveMathsFreak · 2011-09-08 10:19 · Score: 2
  
  PWC were (are) the auditors for AIG and Bank of Ireland.
  
  --
  May the Maths Be with you!
8. Re:If you ask nicely enough... by Anonymous Coward · 2011-09-08 10:33 · Score: 1
  
  Security requires attention. Attention requires man-hours. Man-hours cost money. Providing something without caring about security will always, in the very shortest term, be cheaper than providing it securely. In the medium or long term, that can change dramatically, of course.
9. Re:If you ask nicely enough... by Anonymous Coward · 2011-09-08 10:57 · Score: 1
  
  If you've ever worked for a PWC audited company, you'll know it's an annual tick and flick job by a handful of graduates who will report up to someone senior who's likely still only shaving twice a week.
10. Re:If you ask nicely enough... by nedlohs · 2011-09-08 11:20 · Score: 3, Insightful
  
  And in this particular domain even the customer doesn't care.
  Sure I could spend more of my time and money finding and using the CA with the best security practices. But when the cheap-n-nasty is hacked to generate (or just hands out due to their lack of checking) a cert for my domain to someone else that the CA I chose wasn't hacked is completely irrelevant. I've gained nothing by choosing the more secure provider.
  So of course you have a race to the bottom...
11. Re:If you ask nicely enough... by Rockoon · 2011-09-08 11:32 · Score: 1
  
  Google gets to sit out and reap the benefits of the auditing investment of the others?
  
  So we add Google to the list...
  
  One of the problems I see is that some of these folks have large varied reliance on these CA's (Microsoft, Apple, Google) while the others (Mozilla, Opera) only do browsers. It is far more difficult for Microsoft, Google, and Apple to start denying CA's for not "cooperating" because it directly effects their users (of their OS's) in difficult to swallow ways (software, drivers, and other shit are signed by these certs.)
  
  --
  "His name was James Damore."
12. Re:If you ask nicely enough... by dgatwood · 2011-09-08 11:41 · Score: 3, Insightful
  
  And this is the reason that SSL certs (in whatever form they continue to exist) should be part of your DNS record, and that we should have a mandatory transition to DNSSEC over the next few years to ensure that those records cannot be tampered with during transit.
  By doing that, the only way to pull one of these stunts would be to take over the domain at the registrar, at which point it would then matter which provider you chose, and the race to the bottom would become a race to the top (or at least to the median).
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
13. Re:If you ask nicely enough... by Onymous+Coward · 2011-09-08 11:49 · Score: 1
  
  SSL has been destroyed, not because of protocol problems but because of the companies running the show.
  It's the authentication part of the whole scheme that's the issue. Don't conflate SSL with the CA system; they are parts used together in a complete scheme. "SSL" would continue to work if we switched the authentication component to another method like distributed views (notaries).
14. Re:If you ask nicely enough... by guruevi · 2011-09-08 12:59 · Score: 2
  
  PWC from my experience don't do real audits. They're more like an insurance company. They may send out a drone that knows nothing about what he's supposed to be checking but the gross of the money you pay them probably goes to a fund in case you have a breach and sue PWC.
  I think that may be true of a lot of other audit companies. There are few audit companies that actually do penetration testing etc.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
15. Re:If you ask nicely enough... by DarkOx · 2011-09-08 13:01 · Score: 1
  
  The trouble is if you start having the browser vendors adding and removing CAs all the time, you screw things up for the certificate purchaser. My site gets screwed because my CA fails and audit and the browser vendor consortium drops the root certificate for my CA. That kinda sucks.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
16. Re:If you ask nicely enough... by Anonymous Coward · 2011-09-08 13:40 · Score: 1
  Moving away from the CA system as it exists? Absolutely!
  Moving away from the CA system entirely? Possibly, but not necessarily.
  There's 4 problems with the CA system:
  
  Weakest-link failure, i.e. compromising any CA gets you a valid cert for any site.
  Crappy security at some/most/all CAs
  Limited response to compromises, because browsers don't want to cut massive chunks of the web off -- exacerbated by browser competition, where the one who "breaks the internet" by revoking trust in a compromised CA means losing marketshare to ones that "work fine"
  Also limits negative incentive to fix 2 or lose trust (and become worthless)
  No positive incentive to fix 2 by attracting clients, by 1 (being more secure than the weak link gains clients nothing)
  Enforced auditing clearly doesn't do much; at best, it fixes 2 -- for now -- but more likely it just provides a spectacular demonstration of 3. Rejecting the CA system outright in favor of something without these weaknesses is acceptable, but causes massive chicken-and-egg rollout issues. If it's possible, it may be preferable to reform the CA system to address these issues.
  Allowing multiple signatures is IMO the biggest improvement, as it fixes 3 and improves 1. Once websites can use multiply signed certs, browsers will be more free to revoke root certs -- it's your own fault if you didn't have at least two signatures from different CAs to avoid it, and while there will no doubt be lots of sites using only one, and thus rendered untrusted, the first time it happens, after that I bet most people will wise up and get multiple signatures...
  Then once everyone does have multiple certs, you could phase in warnings for certs with n or fewer signatures (where n would start at 1, and probably increase to 3 or so), changing the system from weakest-link to weakest-(n+1)-links. Still doesn't fix 4, since forging a valid cert is still independent of what CAs actually signed your authentic certificate, but at least you've given the browsers a meaningful stick. (The best part -- this means everyone buys multiple certs, so there's a reasonable possibility of getting CAs to go along willingly!)
  The second patch is to add a side-channel to tell the client what CAs' signatures are to be expected, fixing 1 and 4. One inexplicably common proposal is to map CAs to TLDs, but this is an incredibly bad idea, since it prevents 4 from ever being fixed by completely eliminating choice and thus competition among CAs. Another option proposes distributing certs only through secure DNS -- however, since a DNS compromise is a common way to mount a MITM attack (which is the principal attack we're fighting with cert-based authentication), there's some concern about that, which I really don't understand DNSSEC well enough to speak to. Then there's the third option of convergence/perspectives/whatever, a distributed cache of expected certificates. Better yet, you can combine the last two (DNSSEC + perspectives), and cry havoc if they disagree or the cert from the website has different signatures. Now a successful attack requires a valid certificate from the same CAs the website chose, giving rise to real competition where the (perceived) most secure CAs will get the most business, and letting something like the DiginaTard fiasco happen will cost that CA actual income, even after they generate a new key, new root cert, and resign everything, because nobody wants an unsecure CA. (CAs may not like this part, but we don't need their cooperation to make it happen.)
  So combining these, we fix 1 (I can choose my CAs, and I'm immune to compromises of any CA I'm not using), we fix 3 (if one or several of my CAs does get compromised, I can count on browsers to remove trust, get signatures from other CAs if needed, and my website still works for customers), and we fix 4 (if I'm handling sensitive information, I can pay top dollar to go with the guys who do voluntary audits, who've never had a breach, etc. -- and I actually get that security benefit for my money). 2 is still broken for now, but with pressure from both browsers and clients, you can bet there will be some serious improvement by some CAs -- and the ones that don't keep up will just die.
17. Re:If you ask nicely enough... by Anonymous Coward · 2011-09-08 14:09 · Score: 0
  
  Instead of expensive audits, how about offering a small prize - $10k, say - for anyone who can get a fraudulent certificate issued to themselves. If they do, pay them the money, and revoke that CA.
18. Re:If you ask nicely enough... by sr180 · 2011-09-08 16:15 · Score: 1
  
  Lol. So true. A mate of mine worked for them. He had an accounting background on top of a CS degree. One week he would be providing consultant advice on naval ship building, the next week on running a national train system - despite having zero experience in either of these activities. To put it simply, the powers that be, needed consultants, and PWC kindly stepped in and took plenty of their money!
  
  --
  In Soviet Russia the insensitive clod is YOU!
19. Re:If you ask nicely enough... by tokul · 2011-09-08 16:48 · Score: 1
  
  Removing the DEFCON 2 warnings for self signed certs will be the first step in the right direction.
  
  SSL is not about encryption. It is also about trust.
20. Re:If you ask nicely enough... by heypete · 2011-09-08 17:12 · Score: 2
  
  Indeed, it does suck.
  Nevertheless, if the CA fails an audit, they *should* be removed (perhaps after a reasonable time to resolve the problem and get re-audited, if the problem is not too serious).
21. Re:If you ask nicely enough... by Soulshift · 2011-09-08 18:03 · Score: 1
  
  Removing the DEFCON 2 warnings for self signed certs will be the first step in the right direction.
  SSL is not about encryption. It is also about trust.
  Please tell us how it is a better idea to trust an unsigned site at the other end of an unencrypted connection MORE than a self-signed site at the end of a SSL connection. If sites with self-signed certs trigger a warning on browsers, then every site served in the clear should as well. A good compromise would be not to display the lock icon for sites with self-signed certs.
  
  --
  node-def: a tactical hacking sim. Now in open beta.
22. Re:If you ask nicely enough... by Ja'Achan · 2011-09-08 18:58 · Score: 2
  
  CAs are about trust. SSL is about encryption.
23. Re:If you ask nicely enough... by bill_mcgonigle · 2011-09-08 19:01 · Score: 1
  
  ...unless you submit yourself to an INDEPENDENT audit you will be revoked from our default trusted root certs
  In the case of Diginotar, Price Waterhouse Coopers was doing the audits.
  OK, so an independent audit by an auditor who hasn't been banned from the list of reliable auditors like PWC.
  Is Mozilla really serious about trust or not?
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
24. Re:If you ask nicely enough... by Anonymous Coward · 2011-09-08 20:46 · Score: 0
  
  And when the drone goes through that list, if you DON'T meet the requirement but tell them you do, that's fine. In fact, you can just not answer questions you'd fail. They'll eventually tick it as a pass anyway because they need to close the audit by some date. At the end of the day, we're the client and if they fail us we might go to someone who won't next year. I experienced this with Andersen's (RIP), DTR and PWC.
25. Re:If you ask nicely enough... by grahamm · 2011-09-08 21:04 · Score: 1
  
  That is a case of caveat emptor. The prospective purchaser of a certificate could use the 'quality' of the audit as one of the criteria used to choose the vendor.
26. Re:If you ask nicely enough... by Anonymous Coward · 2011-09-08 23:27 · Score: 0
  
  PWC only looked at procedures and not at the state of the actual systems being used. FoxIT found systems that should be standalone had been connected to the network. That was a procedural breach PWC didn't notice. Interviews are not enough. A CA that doesn't have frequent penetration tests done and doesn't have their physical systems audited as well as their procedures should not be trusted.
  The bank I used to work for had internal auditors, an external auditor, and a central bank doing audits. I've been interviewed by all parties but don't know how far they went in verifying what they learned and didn't learn from interviews, although I do know that the internal auditors had access to source code and did check for things like hard coded account numbers. These were slow processes, not aimed at quickly solving issues. Apart from those audits from time to time different external parties were hired to do penetration tests, and they worked both from the position of outsiders trying to get in and insiders trying to get access to more than they should. I still felt it was not enough to compensate for too large a group of both managers and employees who were more focused on getting things done quickly than on getting things done reliably. At one point I wasn't allowed to solve all issues a pentest found in software I was involved in, and the time I spent discussing and prioritizing it would have been enough to solve most issues. I know of one manager who explicitly asked his department to give as little information to the internal auditors as possible. The problem is that PHB types who are more interested in appearances than in actual performance don't recognise that audits and pen tests can be seen as a useful form of quality assurance, they just see what poor performance does to their image when exposed, and will oppose the exposure instead of the poor performance.
  A CA is as important as a bank, as they supply certificates for banks, governments and other important parties, and should be held against the same standard. Unfortunately they will attract their share of PHBs too.
27. Re:If you ask nicely enough... by ArsenneLupin · 2011-09-08 23:41 · Score: 1
  
  Easy. Microsoft, Mozilla, Apple, Opera pay auditors to audio every CA on their list.
  Yeah indeed. I'm all for it. Indeed the current list of approved CAs is way too long!
28. Re:If you ask nicely enough... by ArsenneLupin · 2011-09-08 23:53 · Score: 1
  
  "SSL" would continue to work if we switched the authentication component to another method like distributed views (notaries).
  Correct. But it would stop to work (securely) if we switched off the authentication component altogether (as in "just use self-signed certs" without planning for any other means of authenticating them)
29. Re:If you ask nicely enough... by Onymous+Coward · 2011-09-09 06:12 · Score: 1
  
  I agree with the accommodating interpretation given to dremspider's comment, that the SSL we're focused on, web SSL, is practically destroyed by the failure of the CA system.
  However, I'm trying to be a little more discerning by pointing out that SSL is one component in security schemes, distinct from the scheme itself, whichever one we're talking about. In web, the security scheme fails if the CA system fails. SSL can still be successfully used in other schemes, as in email, SIP, and VPNs.
  Maybe we should be saying HTTPS instead? Still not ideal, but much better than merely saying SSL. Perhaps "web security"?
30. Re:If you ask nicely enough... by Anonymous Coward · 2011-09-09 07:46 · Score: 0
  
  You should make a better contract with your CA. You should demand in the contract that if they fail an audit, or that your service is unavailable for e.g. 1 week during a year because their OCSP server is down, that they refund half the cost of your cert. And if it's down for 2 weeks, they should refund the full cost.
  Something like that.
  As a customer, you need to be part of the solution by demanding better service. The more {{more demanding} customers} there are, the better the service will be.
  You should also consider arranging to pay for 2 certs from distinct issuers. That way, if one of the issuers turns out to be bad, you can replace the cert immediately instead of waiting in line with everyone else. Be a smart customer. The cost of a cert to you is probably 1000cur, and thus the potential cost of your loss should be sufficient incentive for you to have a solution ready.
  -- of course, you need to ensure that your certs are not easily stolen, and that you can revoke them easily if necessary. but you should be doing this anyway...
31. Re:If you ask nicely enough... by Walter+Carver · 2011-09-16 12:33 · Score: 1
  
  Investigation is likely to find that CAs are only one step above flight by night organisations, with slipshod practices, procedures and security at every possible level, from the main servers to the secretaries email inbox. Are you ready to deal with the fallout from such revelations?
  
  Yes. I am.
  http://tech.slashdot.org/story/11/09/08/1454221/Moxie-Marlinspikes-Solution-To-the-SSL-CA-Problem
32. Re:If you ask nicely enough... by Walter+Carver · 2011-09-16 12:38 · Score: 1
  
  That's a bad idea.
  Moxie Marlinspike, like so many others before him, explains why:
  http://www.youtube.com/watch?v=Z7Wl2FW2TcA&feature=player_detailpage#t=1769s
This is fine, but solves nothing by bhingque · 2011-09-08 08:48 · Score: 2

Good security practices are fine (and should be absolutely requisite for CAs), but do nothing to address the real problem with CAs, which is anchored trust. I hope that all of the browsers move to implement Convergence.
1. Re:This is fine, but solves nothing by Spad · 2011-09-08 08:55 · Score: 1
  
  The problem with Convergence is, how does the average user know which notaries to trust? They have no way of establishing who is trustworthy and who isn't, which means that in all likelihood they'll end up with a "default" set of notaries. At that point, you're only marginally better off than you are right now with the CAs, in that several notaries would have to be compromised in order to "fool" everyone instead of just the one.
2. Re:This is fine, but solves nothing by icebraining · 2011-09-08 09:17 · Score: 1
  
  The fact that you can kick off some CA without breaking half of the internet is already much better than now. With convergence/perspectives websites aren't tied to single CAs like they are right now, so you get what they call "trust agility."
  Regardless of who manages the notaries list, it's a big plus.
  
  --
  Dilbert RSS feed
3. Re:This is fine, but solves nothing by bhingque · 2011-09-08 10:04 · Score: 1
  
  Exactly so. Even if you decide to wait for your browser vendor to remove a notary from their trusted list before you stop trusting it, you'll find this happening enormously more often than browser vendors are removing CAs. You cannot remove a CA without breaking all of the sites that use that CA, while you can remove a notary without breaking anything.
4. Re:This is fine, but solves nothing by JamKot · 2011-09-08 10:24 · Score: 1
  
  For a mitm attack to succeed with Convergence, two notaries would have to collude. I think I'd pick one Microsoft notary and one Google notary and trust that they would never collude. Seriously though, has anyone poked any serious holes in the Convergence protocol yet? It sounds pretty solid to me.
5. Re:This is fine, but solves nothing by Anonymous Coward · 2011-09-08 17:50 · Score: 0
  
  The main problem that I see is the expense of running a notary. It will be receiving millions of web service calls per hour and will have to maintain an enormous, low-latency database of certificates and fingerprints.
  The notaries will need to pass that cost on to someone in the form of fees. Who will pay? The web sites to which the certs were issued? Joe Public? Or would sites have to pay a "listing fee" to have their certs entered into the database? If so, there goes any hope of including self-signed certs.
  Given the infrastructure requirements, we'd probably see the existing set of CAs becoming notaries.
6. Re:This is fine, but solves nothing by ArsenneLupin · 2011-09-08 23:56 · Score: 1
  
  The problem with Convergence is, how does the average user know which notaries to trust?
  How does the average user know which CA to trust?
  
  in that several notaries would have to be compromised in order to "fool" everyone instead of just the one.
  You can set the notary algorithm to be very aggressive. As in all (rather than just most) notaries need to agree before a site is deemed secure. The rogue notary will become very obvious (because it stops everybody going to any SSL website), and will be promptly removed from the browsers' lists of trusted notaries.
  ... which means that notary compromise can only lead to a successful DOS, but never to a successful MITM.
7. Re:This is fine, but solves nothing by ArsenneLupin · 2011-09-09 00:02 · Score: 1
  
  For a mitm attack to succeed with Convergence, two notaries would have to collude.
  No, it would be enough if a MITM can insert itself into the path from those two notaries to the target web server, and feed both notaries the same fake cert. No funny business by the notaries themselves is required.
  ===> so we better need the agreement of much more than just 2 notaries...
  Even with a protocol needing all notaries to agree, a web server could be MITM'ed by its own ISP if it is single-homed (because paths from all notaries and visitors would go through that ISP). In order to prevent this, a web server should periodically probe notaries for its own certificate, and raise an alarm if it doesn't match.
Two factor, three factor by roman_mir · 2011-09-08 08:56 · Score: 5, Insightful

Who can trust a CA? Why would you trust a CA? How did a CA earn your trust?
Mozilla, it's time to own up. This is a bunch of nonsense. Stop treating self signed certificates like cancer, provide a way to see the fingerprint clearly, don't bother with the 'lock' icon and start working on some real innovation - how to do trust by having distributed lists of fingerprints, signatures, whatever. Something that doesn't rely on a signing authority at all.
You want to do real innovation instead of looking at hiding address bar from the users? Do this instead.

--
You can't handle the truth.
1. Re:Two factor, three factor by Anonymous Coward · 2011-09-08 10:09 · Score: 0
  
  ...Stop treating self signed certificates like cancer, provide a way to see the fingerprint clearly, don't bother with the 'lock' icon and start working on some real innovation - how to do trust by having distributed lists of fingerprints, signatures, whatever. Something that doesn't rely on a signing authority at all.
  You want to do real innovation instead of looking at hiding address bar from the users? Do this instead.
  Wow, even roman_mir can say something intelligent on occasion.
2. Re:Two factor, three factor by linuxwebadmin · 2011-09-08 10:27 · Score: 1
  
  +11 on this.
  
  --
  Show me packet captures and log entires, or it never happened.
3. Re:Two factor, three factor by kangsterizer · 2011-09-08 11:29 · Score: 1
  
  It"s actually a quite delicate matter that will take a long time to be resolved.
  Therefore its only responsible to incite CA's to quintuple check their security measures. Web's SSL won't change overnight because some guy at Mozilla would code a super awesome alternative (although we'd still all wish that).
  IMO the best option would be to have something that does away with the "must pay premium to have a cert that browsers trust".
  Meanwhile, DNSSEC helps as well.
4. Re:Two factor, three factor by elsurexiste · 2011-09-08 11:31 · Score: 1, Interesting
  
  Man, you are a broken record. We already talked about this a few days ago, but you are stubborn. I talked nicely then, but you really should leave security to people who have a clue. My karma can take the flak, so I'll be caustic.
  
  Who can trust a CA? Why would you trust a CA? How did a CA earn your trust?
  You trust CAs because the server you are talking with, by itself, can't confirm nor deny it is who it says it is: you need a third party and you said it yourself a few lines below. You trust those CAs because it's an audit-only club, and the friggin' web browser's company checked it. I trust those approved CAs because I trust the company backing up my web browser (if you don't, you lost the game right at the beginning). I use Firefox a lot more than Lynx because it's usable, go figure: they checked those third parties and said they can be trusted. End of story.
  
  Mozilla, it's time to own up. This is a bunch of nonsense. Stop treating self signed certificates like cancer, provide a way to see the fingerprint clearly, don't bother with the 'lock' icon and start working on some real innovation - how to do trust by having distributed lists of fingerprints, signatures, whatever. Something that doesn't rely on a signing authority at all.
  So, I enter americanexpress.com and a web page tells me "This is a self-signed certificate, nobody backs it up but I promise I am who I am". Riiiiight. Let's suppose they even give me a fingerprint or signature or whatever... That means squat: a certificate from an impostor also has a fingerprint. With what/whom do I check it, then?
  
  A distributed list of fingerprints, signatures, whatever"
  How adorable, you trust in a bunch of lists. Or, I should say, a third party. How you can make this work without thinking this as a distributed CA schema instead of a self-signed certificate eludes me. If there are plenty of lists and your certificate gets compromised, how can you change them in a timely manner? It's like those corrupt files on eMule that never vanish. If everyone and their mothers can add lists, I just need to control N lists (either by hacking or creating those myself) that say your certificate is false and it's game over. The only way I can trust those "lists" is if they audit with someone I or Mozilla trust, and we are back to square 1 with the system that's currently in place, but instead of adding a single CA, you add more that back your certificate. I told you I agree with that idea of multiple CA validation (I heard some people call them notaries, it's the same crap with different smell), yet on your previous post you told me that's not a CA or how web browsers should handle it.
  
  You want to do real innovation instead of looking at hiding address bar from the users? Do this instead.
  So that's why that company died five years ago! They didn't listen to your suggestions! Oh, wait, I met two fellas from Mozilla and they still make ends meet...
  I won't bother replying or seeing responses. It irritates me to hearing the same bad idea twice.
  
  --
  I rarely respond to comments. Also, don't ask for clarifications: a brain and Google are faster, believe me!
5. Re:Two factor, three factor by Anonymous Coward · 2011-09-08 12:43 · Score: 0
  
  > So, I enter americanexpress.com and a web page tells me "This is a self-signed certificate, nobody backs it up but I promise I am who I am". Riiiiight. Let's suppose they even give me a fingerprint or signature or whatever... That means squat: a certificate from an impostor also has a fingerprint. With what/whom do I check it, then?
  You can do it the old fashioned way. You head to one of their offices, and ask for them to show you the correct certificate signature. How else would you do it?
6. Re:Two factor, three factor by Kalriath · 2011-09-08 13:13 · Score: 2
  
  Because the organisation should be expected to have offices in every single city of every single region of every single country on the planet. And on top of that, the customer has to keep track of a post-it note or something storing these fingerprints. Screw that. Face it, it's a bad idea.
  You know what would really happen? A market opportunity would open and we'd have companies start up which store and list all the fingerprints of big organisations who pay them money. Let's call them "Certificate Authorities". Users would just go look at the fingerprint on that site (if they don't just say "oh, fuck it" and just click OK) and those Certificate Authorities (CAs for short) would become the new targets.
  Oh wait. I just described the current system.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
7. Re:Two factor, three factor by tokul · 2011-09-08 16:58 · Score: 1
  
  Stop treating self signed certificates like cancer
  
  In other news AIDS does not exists, USA is most peaceful country in the world and there are no American tanks in Bagdad.
  Self signed certificates are cancer. Your fingerprinting ideas won't work cause they abolish automatic verification of trustfulness, disable warnings on possible insecure situation, decentralize site verification and make verification laborious process.
  You have to identify yourself to some authorities trusted by your browser. Stop bragging about SS cert handling and accept it. Security people will never disable warning of something that tries to take some identity without verification.
8. Re:Two factor, three factor by ArsenneLupin · 2011-09-09 00:05 · Score: 1
  
  Stop treating self signed certificates like cancer, provide a way to see the fingerprint clearly,
  Good luck making use of that. Ever tried to call the helpdesk of a server to verify its fingerprint? I'm pretty sure my bank would need to escalate such a request all the way up to the CEO, and still not be able to confirm the fingerprint...
9. Re:Two factor, three factor by ArsenneLupin · 2011-09-09 00:14 · Score: 1
  
  You trust those CAs because it's an audit-only club, and the friggin' web browser's company checked it
  Actually, only newcomers to those lists get audited (such as Cacert.org). Older CAs (such as Comodo et al.) are considered "too big to fail" and are grandfathered in. And so are CAs trusted by competing browsers because "we can't start throwing up scary warnings on sites which do not cause a problem to our competitors.
  
  Let's suppose they even give me a fingerprint or signature or whatever... That means squat: a certificate from an impostor also has a fingerprint. With what/whom do I check it, then?
  Checking the fingerprint is the entire point. But you're right: the general populace, including helpdesks at banks and elsewhere is just so clueless that they aren't even able to read you a 40 digit number off an answersheet. And Firefox devs are so anal that they don't let you copy-paste it.
10. Re:Two factor, three factor by Anonymous Coward · 2011-09-09 08:13 · Score: 0
  
  http://www.mozilla.org/projects/security/certs/policy/InclusionPolicy.html
  http://www.mozilla.org/projects/security/certs/policy/MaintenancePolicy.html
  All CAs are required to have annual audits.
  CACert wasn't given special treatment. It was allowed to pick an auditor of its choice. It had trouble getting someone to agree to do it, and it failed an audit.
  PWC otoh, is a bit of a disaster, and I hope at some point to see PWC punished. I'm not sure how that will look.
Perhaps this will be the first positive change by inviolet · 2011-09-08 08:57 · Score: 4, Insightful

"Mozilla [...is...] asking all of the CAs involved in the root program to conduct audits of their PKIs and verify that two-factor authentication and other safeguards are in place to protect against the issuance of rogue certificates."
This may be the first REAL change in the CAs' assessments of the risk versus reward of building and maintaining good layered security systems. Until this week, the idea of a breach leading to delisting and the demise of the organization was an abstract idea. Now it is concrete, which makes all the difference (even though it shouldn't).
Perhaps some mid-level geek will finally, successfully make his case that the issuance process should be airgapped (or other similarly expensive measures).
Unfortunately, we haven't yet seen a change in the economics of issuing a certificate without proper vetting of the requestor. Right now it costs the CA almost nothing to issue a single certificate to somebody who isn't actually who they say they are. And vetting is a real-world activity involving meat and paper, so the MBAs in charge will never put money behind real vetting... until the economics change, anyway.

--
FATMOUSE + YOU = FATMOUSE
Security theater - brought to you by the CAs. by DarkFencer · 2011-09-08 09:08 · Score: 4, Informative

It really is security theater now. I've had to get certs from various vendors for the .edu I work at. They need 'official' documents from 'someone important'. Like a letter on official looking letter head with a copy of a photo ID faxed to them. Yeah. Real secure. Lemme break out my copy of photoshop.
How about at the very least the verifications some sites use to show that you control a domain? For example, the CA says that in order to verify 'somesystem.somewhere.com' we're going to need you to put this arbitrary string in a TXT record on your DNS server for that host.
When setting up a domain on Google Apps or MS Live (or other places) they ask you to do this as one of the things to do to prove domain ownership. Yes - obviously if your DNS is owned this isn't a problem, but its a heck of a lot better than the process now.
1. Re:Security theater - brought to you by the CAs. by Anonymous Coward · 2011-09-08 14:12 · Score: 0
  
  How about at the very least the verifications some sites use to show that you control a domain? For example, the CA says that in order to verify 'somesystem.somewhere.com' we're going to need you to put this arbitrary string in a TXT record on your DNS server for that host.
  I dunno how common it is, but when I got a cert from comodo (I was gonna go self-signed, but it came free with domain registration), they required confirmation to an email sent to webmaster@domain.tld -- I assumed this was standard practice...
  Anyway, as long as one CA doesn't require it, everyone is vulnerable, and other CAs have no incentive to really do better. Who the hell thought this was a good idea?
Re:Mozilla can't be trusted either by LordLimecat · 2011-09-08 09:12 · Score: 3, Informative

I was going to reply point by point to your complaints, but then I realized:
A) youre an AC, and probably trolling, and know that if you posted under your real handle your karma would tank because..
B) most of your complaints are garbage because...
C) they have all been addressed before in about a zillion threads, and
D) your entire post is off topic anyways.
Re:Mozilla can't be trusted either by Anonymous Coward · 2011-09-08 09:19 · Score: 0

Or stuck with the traditional SeaMonkey browser.
Domain control certs already exist by Chuck+Chunder · 2011-09-08 10:55 · Score: 1

And they the tend to be the cheaper ones. However these certs are probably more likely to be at risk from the sort of whole CA system compromises we have seen recently here. IE they are issued largely automatically by key issuing servers that are accepting input from random users and have connectivity to the internet.

At least with the issuing methods with more human involvement there is more possibility (not guaranteed of course) of a process involving a physical air gap between the key issuing machines and the outside world making them more resistant to wholesale compromise.

That said I think these cheap certs are here to stay and use them regularly when setting up secure sites.

--
Boffoonery - downloadable Comedy Benefit for Bletchley Park
mostly irrelevant by sjames · 2011-09-08 10:55 · Score: 1

It mostly doesn't matter. First, the current failed CAs were audited and still failed. More to the point, the whole system is failure by design. Any CA can issue any cert for anything and there's not even a designed way to see that it's a dup.
Second, no matter how good a CA's practices are and how thorough the audit, if their government comes in with a goon squad and says "issue this cert NOW", they will.
Mozilla Disappoints Us Again by Anonymous Coward · 2011-09-08 11:49 · Score: 0

Their proposal for what CA's must disclose and how they should operate do nothing to help prescribe any medicine for the wave of web application vulnerabilities that are being used to attack these CA's. This demonstrates to me that they do not understand the problem and they do not understand application security.
For example: Two Factor controlling who can access systems to issue certificates seems great in principle, however the attacks to date have been ones where the applications were compromised and the attacker did not login through an issuance UI (protected by two factor or other wise) the attacker went directly after the backing application and issued through that. Two factor would have done nothing to thwart the attacks.
SSL 20 year old technology, and Mozilla 20 year old security solutions. Awesome.
1. Re:Mozilla Disappoints Us Again by Anonymous Coward · 2011-09-08 19:46 · Score: 0
  
  IS this perchance an apple fanboy having a wet nappy session certainly sounds like it Mozilla HAVE done something about the duff diginotar certs they have canned them unlike apple that have done what exactly didley squat yes thats it nothing nada nowt FA so go take a running freakin jump
Hah by Anonymous Coward · 2011-09-08 11:59 · Score: 0

Horse, meet smoking remains of stable, the door is in there somewhere.
Post a CA assurance bond, payout to Mozilla? by Anonymous Coward · 2011-09-08 17:52 · Score: 0

Somebody was talking about a bond the CA posts, that if they get hacked and issue false certificates they forfeit. Extend that in a way that the forfeited bond money goes to the Mozilla foundation.
Though some people might feel that's the equivalent of blackmailing CA's to get their root cert included in mozilla software. Which rapidly then goes down the trail of some kind of CA bond/audit org, that gives forfeited bond money to all registered browsers using their CA root cert list that have a certain percentage of market share. This means tiny browsers get nothing, but pay nothing to use it. Big browsers pay to use the list unless they are 100% open source code. Bonus points if the CA audit group had a Summer of Pentesting program to sponsor young pentesters.
Win/Win?
Convergence could copy Adblock Plus's list model by schwaang · 2011-09-08 18:00 · Score: 1

Average users could simply subscribe to a list of notaries like most users do with the filter lists for Adblock Plus or IE9's Tracking Protection lists. Someone trustworthy who cares maintains the "EasyTrust" list that most users will subscribe to, and the community of knowledgeable geeks keeps an eye on that and cries foul if it gets taken over by a Sith lord or something.
But hell, even if the default list is maintained by the browser vendor, it's still way better than and more agile in response to problems than what we have now.
They do this already. by mcrbids · 2011-09-08 18:20 · Score: 2

My software company was in line to provide signature validation services for the State of California. Although we didn't land the contract, finding out what it took to become a legally recognized CA for California was part of the process. California (and by extension, most governments) requires a SAS70 audit. Performed once, and then re-performed annually. The audit itself cost about $25,000, we estimated the actual cost of compliance at $250,000.
That's an approximation of what it costs to become a legally recognized CA.
The hardware/software combination for generating the certificates is $50 for a used computer on EBay and a download of a Linux ISO. Most of the cost isn't in the technology, but the operational processes in making sure the certificates are managed properly.

--
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Water still wet by ThatsNotPudding · 2011-09-08 23:38 · Score: 1

In the case of Diginotar, Price Waterhouse Coopers was doing the audits.
A big, fancy, expensive firm that actually didn't do their job. What a shock.
Manditory Controls and Audits for CAs by Gyorg_Lavode · 2011-09-09 03:28 · Score: 1

Sounds like a great fing idea. Payment systems have manditory controls. Health systems have manditory controls. Government systems have manditory controls. SCADA systems have defined controls. the CA system is so important, they clearly should be following some controls (NIST's are pretty good) and be demonstrating compliance as a prerequisite to having their certs included in browsers. Also, as painful as it is (and even though Moxie suggested it couldn't practically be done), the browsers should either completely pull or at least warn (similar to self-signed certs) of any cert signed by a CA who hasn't demosntrated compliance.

And as compliance != security, regular operational security audits should be required. I don't want to trust a CA that can't prove they can detect, react and recover from attacks.

--
I do security
1. Re:Manditory Controls and Audits for CAs by Gyorg_Lavode · 2011-09-09 04:56 · Score: 1
  
  As for CAs that don't comply, simply put all their certs in a bucket along with self certs. They can still be used, but your computer will warn you.
  
  --
  I do security
slashdot untrusted by jweller13 · 2011-09-09 05:26 · Score: 1

Hehe, for the first time Chrome warned me that slashdot wasn't trusted when I went here this morning.