Slashdot Mirror

← Back to Stories (view on slashdot.org)

No More SSL Revocation Checking For Chrome

Posted by timothy on from the substitute-my-own dept.

New submitter mwehle writes with this bit from Ars Technica: "Google's Chrome browser will stop relying on a decades-old method for ensuring secure sockets layer certificates are valid after one of the company's top engineers compared it to seat belts that break when they are needed most. The browser will stop querying CRL, or certificate revocation lists, and databases that rely on OCSP, or online certificate status protocol, Google researcher Adam Langley said in a blog post published on Sunday. He said the services, which browsers are supposed to query before trusting a credential for an SSL-protected address, don't make end users safer because Chrome and most other browsers establish the connection even when the services aren't able to ensure a certificate hasn't been tampered with."

111 of 152 comments (clear)

  1. Why? by John+Hasler · · Score: 4, Insightful

    ...Chrome and most other browsers establish the connection even when the services aren't able to ensure a certificate hasn't been tampered with.

    Why?

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    1. Re:Why? by Spad · · Score: 4, Insightful

      Because otherwise (as I've discovered by switching it on in Seamonkey) about 20% of the time the connection to the CRL/OCSP server fails for whatever reason and so your site won't load, even though there's nothing wrong with its certificate.

      Now you might argue that false positives are preferable to ignoring problems, but it does break the user experience pretty badly.

    2. Re:Why? by nedlohs · · Score: 1

      Why not read the blog post?

      Or if you are too lazy to click a link think about it for a second. Hint: should every site with an SSL cert from X not work because X is unreachable for whatever reason right this second?

    3. Re:Why? by Anonymous Coward · · Score: 1

      Someone stealing your banking information is a pretty bad user experience, too.

    4. Re:Why? by Richard_at_work · · Score: 5, Insightful

      Yes. Because if you are in a MITM position to inject your own compromised cert for site Y, then you are also in the perfect position to deny access to the cert validation servers to stop the validation happening.

      The solution is more resilient servers and services, not eliminating the checking.

    5. Re:Why? by betterunixthanunix · · Score: 1

      Convenience. Users care more about convenience than security, so if a browser actually takes action on OCSP or CRL issues, the user will just switch to a competing browser that does not.

      --
      Palm trees and 8
    6. Re:Why? by Imagix · · Score: 4, Insightful

      Now you might argue that false positives are preferable to ignoring problems, but it does break the user experience pretty badly.

      And this is the problem with security. People want the security/safety.... unless it's inconvenient. And yes, there is something "wrong" with the certificate. It is unverifiable as to whether it is still valid. Which you asked it to do.

    7. Re:Why? by vlm · · Score: 3, Insightful

      The solution is more resilient servers and services, not eliminating the checking.

      Such as, say, having the Mighty GOOG distribute that "CRL in all but name". Which brings us full circle back to the original article, and what they're doing.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    8. Re:Why? by Baloroth · · Score: 5, Informative

      Hint: should every site with an SSL cert from X not work because X is unreachable for whatever reason right this second?

      Yes. Anyone conducting a MITM attack is practically necessarily in control of the users network, and will just block access to the CRL, which means they will never stop MITM attacks unless you do exactly that. And yes, I know that is the point of the change. My point is: they choose the wrong fix. Sites should only be listed as trusted if the browser really knows they can be (so far as possible, of course). Being "Secure" should meet a minimum standard, and failing that standard means the site should not be listed as "secure", but most browsers do. Choosing to simply ignore part of the established SSL standard is not the solution.

      Opera does precisely this. It still used HTTPS (I think), but it doesn't list the page as being secure, since the page really has exactly the same security as any non-https site (for trust purposes).

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    9. Re:Why? by kbg · · Score: 5, Insightful

      "CRL/OCSP server fails for whatever reason".

      No it fails because the server administrators for the CRL are incompetent morons. A CRL server is a mission critical server that should stay up 24-7.

      If Chrome and other browsers would simply display an error page with text explaining the problem and point to the offending server, I am sure the problems would be fixed very quick.

    10. Re:Why? by kbg · · Score: 4, Insightful

      Yes it should. CRL server for X is mission critical and should always work. There is no excuse for it not working.

    11. Re:Why? by Anonymous Coward · · Score: 2

      Guessing you have no idea what it takes to keep a server running 24/7. There are thousands of things that can go wrong and bring down a server from simple errors or bugs to Denial-of-service attacks.

    12. Re:Why? by Anonymous Coward · · Score: 5, Insightful

      If a CA cannot keep their uptime, they shouldn't be in the business. Part of the fairly high cost of certificate purchases is the fact the CA is going to run multiple, geographically distributed data centers with adequate server coverage. That, or hire a provider that has is ready/willing/able to do this.

      It is just like banks -- if a bank's server failed causing a loss of transaction info for a period of time, nobody would care how hard it is to have 99.999% uptime -- the bank failed in its duties regardless of the reason (hardware failure, Internet issues, security issues, etc.) This is just the same with CAs and revocation.

    13. Re:Why? by alex67500 · · Score: 1

      But if the certificate was stolen from the Bank, it's their fault, not yours.

    14. Re:Why? by xorsyst · · Score: 2

      Oh come on, it doesn't have to be a single server. Plenty of web businesses are able to manage 24-7, it's not outside the wit of man.

      --
      Get free bitcoins: http://freebitco.in
    15. Re:Why? by Guppy06 · · Score: 5, Insightful

      The real problem with false positives isn't that they are "inconvenient" but that they breed complacency. If 99% of the alerts you get are false, what are the odds you'll actually give enough due diligence to catch the remaining 1%?

    16. Re:Why? by 93+Escort+Wagon · · Score: 2

      But if the certificate was stolen from the Bank, it's their fault, not yours.

      Fault is not particularly relevant when the parent comment was "Someone stealing your banking information is a pretty bad user experience, too." Sure, it's their fault. Sure, they'll eventually have to make it good. But, in the meantime, you're the one dealing with all the crap that's happened.

      --
      #DeleteChrome
    17. Re:Why? by Hentes · · Score: 5, Insightful

      They could load the site and simultaneously display a small warning, thus letting the users decide whether they want to trust it or not. Loading an untrusted is not a tragedy by itself.

    18. Re:Why? by Hawke · · Score: 1
      Just FYI, depending on exactly when in 2010 it was hacked, Verisign may not have been in the certificate business. Symantec purchased the business in May of 2010, and IIRC the operational transfer happened pretty quickly.

      That "just" leaves the DNS system as a possible valid target. You know, the system that's probably more important than SSL.

    19. Re:Why? by rioki · · Score: 2

      If twitter can run their servers at something like 99.999% then a CA can too...

    20. Re:Why? by rioki · · Score: 1

      As a matter of fact, I would like this feature. If my bank site fails, I will not use it. If some crummy board fails, who cares...

    21. Re:Why? by Joce640k · · Score: 1

      Given how much they charge for certificates they ought to be able to set up a decent server + backup server.

      --
      No sig today...
    22. Re:Why? by Joce640k · · Score: 3, Insightful

      At the very least don't display the padlock icon as if everything is cool.

      (Also, keep retrying the certificate request to see if it succeeds. Change the padlock color when it does).

      --
      No sig today...
    23. Re:Why? by saveferrousoxide · · Score: 1

      It's also not just about the user experience. Keep in mind these certificates are often for businesses who want to sell stuff. If people trying to get to Bob's Computer Bits start getting cert errors, they're going to run from that site and maybe even bother to give it a terrible review making it that much less likely that someone else will choose Bob's over NewEgg.

    24. Re:Why? by SETIGuy · · Score: 2

      A CRL server is a mission critical server that should stay up 24-7.

      In order for that to happen you'll need a significant monetary incentive based on uptime. Without that you're going to get a server that's up most of the time.

      --
      Support SETI@home
    25. Re:Why? by SETIGuy · · Score: 1

      How much are you willing to pay for it to always work?

      --
      Support SETI@home
    26. Re:Why? by Anonymous Coward · · Score: 4, Funny

      And that explains why when my car is read-ended, it's always completely undamaged.

      The magic of liability protects me.

      True story.

    27. Re:Why? by microbee · · Score: 1

      Because you don't RTFA

    28. Re:Why? by rainer_d · · Score: 2

      A CRL is basically a flat file. It should not be difficult to make it available 24x7 - at least for someone who charges outrageous amounts of money in exchange for basically digitally signing a couple of bytes.

      --
      Windows 2000 - from the guys who brought us edlin
    29. Re:Why? by sgunhouse · · Score: 1

      Opera does. Of course, it will allow you to continue to the page anyway should you choose to, but at least it told you (on by default) that the integrity of the cert could not be verified.

    30. Re:Why? by __aagmrb7289 · · Score: 1

      Perhaps they mean that the connection to the CRL/OCSP server fails for some reason? Fact is, there are a LOT of reasons why getting a response might fail, that has absolutely no relation to whether the server is up or not. There are Internet routing issues for the ISP of the servers (that should be able to be handled). There are routing issues for the users of the browser. There are hacks on the users' system that prevent hitting that site. There are intermittent issues with connectivity due to communication stacks on the client that has nothing to do with the browser, but might be due to driver or software issues - or even hardware issues. Bottom line - problems connecting to a given server cannot be solved by the server administrators alone.

    31. Re:Why? by icebraining · · Score: 3, Insightful

      That's not the only way to get a compromised certificate.

      Remember that any CA can create a certificate for any domain. So It might be that some attacker got hold of an intermediate CA certificate and issued a certificate for the bank's domain. Now, the CA detects the breach and revokes the intermediate certificate, but since Chrome fails to check them, it still gets accepted.

      You have a full MITM scenario without any fault from the bank or the bank's CA.

      --
      Dilbert RSS feed
    32. Re:Why? by icebraining · · Score: 3, Insightful

      Twitter as an example of reliability? Are you joking? You do know where the expression "fail whale" came from, right?

      --
      Dilbert RSS feed
    33. Re:Why? by Imagix · · Score: 1

      Pointing at the wrong failure. CRLs aren't the problem here. The CA that's publishing the CRL is. If the user is validating certs, and the cert cannot be validated, then they cannot know that they are dealing with Bob's Computer Bits, or Dewey Screwem and Howe.

    34. Re:Why? by icebraining · · Score: 2

      CAs get up to hundreds of dollars per certificate. Whatever they need to keep a damn static file with 100% uptime has been more than paid.

      --
      Dilbert RSS feed
    35. Re:Why? by Anonymous Coward · · Score: 1

      Should you still send cookies to it, though? Should it get the “https://example.org” origin or be downgraded to “http://example.org”?

    36. Re:Why? by SETIGuy · · Score: 1

      Apparently they don't have sufficient incentive to achieve 100% uptime. If you want 100% uptime, you need to change the way certificates are purchased.

      --
      Support SETI@home
    37. Re:Why? by neonKow · · Score: 1

      How about, "if your CRL isn't available, our browser rejects your cert and people can't get to sites that you sign?" Who is going to pay for certs at the same CA next year if your CA goes offline that it interferes with their customer base?

      The monetary incentive is already there. Google is removing that incentive.

    38. Re:Why? by Johann+Lau · · Score: 1

      The odds are infinitely higher than catching it when displaying no alerts at all.

    39. Re:Why? by viperidaenz · · Score: 1

      If you have a good bank, the bank will deal with all that crap for you.

    40. Re:Why? by viperidaenz · · Score: 1

      Google is removing that incentive.

      Sounds like "Chrome and most other browsers" have already removed that incentive.

    41. Re:Why? by marcosdumay · · Score: 1

      Treat it like plain text http in every way. Do the cookie go through http?

      --
      Rethinking email
    42. Re:Why? by loxosceles · · Score: 2

      That's why the model going forward is going to be something like

      http://convergence.io/
      http://perspectives-project.org/
      http://patrol.psyced.org/

    43. Re:Why? by Guppy06 · · Score: 3, Insightful

      When was the last time you so much as looked out a window when you heard a car alarm?

    44. Re:Why? by Dogers · · Score: 1

      When was the last time you so much as looked out a window when you heard a car alarm?

      The first few weeks after I got a new car..

      --
      I am a viral sig. Please copy me and help me spread. Thank you.
    45. Re:Why? by martin-boundary · · Score: 1

      Right, you're saying that only about 20% of the sites that fail the security check are legitimate? So it makes sense to ignore the check in the remaining 80% of sites that contain malware and phishing setups. That's crazy.

    46. Re:Why? by Johann+Lau · · Score: 1

      The last time I heard one, which was many, many moons ago. It's not like it costs much to have a look. Just like it doesn't cost much to try again later, or press "ignore" when a CA doesn't respond.

      "Good to know that Google knows, so I don't have to know." Haha.

    47. Re:Why? by Kalriath · · Score: 1

      No, it really isn't. Numerous times on here those get brought up, and every time someone explains why they won't work. The problem, far from being technically flawed, is just that it's too damn complicated for the average user. Here's what really happens if these end up going the way you seem to expect:

      1. Browsers ship with Convergence. No notaries are trusted by default. People get scared of angry warnings about "untrusted websites".
      2. Browser makers become frustrated, see that there is a need for default trusts. Working groups and workshops abound.
      3. Browser makers agree, default trust is the way to go. Realise that they shouldn't be the ones to provide it. Proposal is made to outsource it.
      4. Symantec responds to proposal, suggesting they be the default trust provider. Browser makers agree. Symantec offers service, calls it "Certificate Authority". Charges $800 per year to notarise your certificate.
      5. Open source community rallies, forms its own Certificate Authority (as the new fangled companies are called). Browser makers insist they can't add it unless it meets very strict requirements, including impossible to meet financial ones.
      6. Godaddy and Comodo get involved, charging $10 or less to notarise your certificate. Both go to very little lengths to actually verify that the certificate is trustworthy, or even for the domain owned by the requester. Many scandals ensue.
      7. Everyone realises that all we've done is replicated the mistakes of the past, because there's actually nothing wrong with the CA model, and we failed to account for the stupidity of people.

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
    48. Re:Why? by Kalriath · · Score: 2

      Yeah, but I bet twitter's "fail whale" page servers are up 99.999% of the time...

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
    49. Re:Why? by Kalriath · · Score: 1

      Internet Explorer can even be configured to demand CRL/OCSP verification, and fail the certificate if it fails.

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
    50. Re:Why? by Kagetsuki · · Score: 1

      Maybe. If you have a good government they will force the bank to deal with all that crap for you or to refund you when their not doing so leads to your account being plundered.

    51. Re:Why? by nedlohs · · Score: 1

      So X is going to keep my infrastructure up for me because I sepnd $20 on a cert?

      Since the obvious case is I'm trying to access my own web server from inside my own network, but it's using https and our external connection is down for some reason. Heck, maybe the cert is on the firewall whose management interface I'm trying to get to over https so I can fix the cause of the external access problem.

    52. Re:Why? by nedlohs · · Score: 1

      And that isn't what the guy is suggesting, because???

    53. Re:Why? by Chrisq · · Score: 1

      Guessing you have no idea what it takes to keep a server running 24/7. There are thousands of things that can go wrong and bring down a server from simple errors or bugs to Denial-of-service attacks.

      Well people running other services (Internet trunks, DNS, many webistes) manage it. Granted it costs money, but I think this validates Google's action; either it should work and be used or don't bother

    54. Re:Why? by kbg · · Score: 1

      "So X is going to keep my infrastructure up for me because I sepnd $20 on a cert?"

      Yes, they should, because the are selling a service. If they can't keep their infrastructure up then people should not buy certs from them.

      "Since the obvious case is I'm trying to access my own web server from inside my own network, but it's using https and our external connection is down for some reason. Heck, maybe the cert is on the firewall whose management interface I'm trying to get to over https so I can fix the cause of the external access problem."

      You should of course always be able to go into settings and unselect this behavior, but the default option out of the box should always be to fail when certs can't be accessed.

    55. Re:Why? by sjames · · Score: 1

      And if I had wings, I could fly!

    56. Re:Why? by sjames · · Score: 1

      I would think the best compromise is to treat inability to connect as passing unless configured to be paranoid.

    57. Re:Why? by viperidaenz · · Score: 1

      If I was in an aeroplane I could fly too.

    58. Re:Why? by sjames · · Score: 1

      Me having wings or you being an airplane both strike me as more likely than a good bank these days.

  2. And nothing of value was lost... by fuzzyfuzzyfungus · · Score: 1

    Given the painful uselessness of CRLs as presently implemented(we obviously need some way of revoking the things; but the present one is agonizingly broken), I'm just not too sad about the prospect of no longer telling Verisign every time I visit one of their SSL-cert customers(the same is true of all the other certificate mongers who publish CRLs)...

  3. What? by OverlordQ · · Score: 3, Interesting

    He said the services, which browsers are supposed to query before trusting a credential for an SSL-protected address, don't make end users safer because Chrome and most other browsers establish the connection even when the services aren't able to ensure a certificate hasn't been tampered with.

    So he admits Chrome is broken, so he doesn't fix it and blames the CA's . . makes sense.

    Chrome will instead rely on its automatic update mechanism to maintain a list of certificates that have been revoked for security reasons. Langley called on certificate authorities to provide a list of revoked certificates that Google bots can automatically fetch.

    So basically he wants CRLs? I thought he didn't want CRLs?

    --
    Your hair look like poop, Bob! - Wanker.
    1. Re:What? by Kohenkatz · · Score: 4, Informative

      What he wants is CRLs stored on the local machine instead of querying a web service.

    2. Re:What? by vlm · · Score: 4, Informative

      So basically he wants CRLs? I thought he didn't want CRLs?

      Not want CRLs distributed from sites no one cares about.

      CRLs fail unlocked, so to speak. So if you can't pull a CRL from a CA the browser goes on its merry way. So if you're pulling a MITM attack using a known compromised cert, "everyone knows" you just block access to the CA. End users will never notice. 99.9999% of end users will never visit anything with a *.verisign.com domain.

      However, if you block access to www.google.com or plus.google.com or gmail.com because they're distributing a meta-CRL THEN "most" users will notice the might GOOG is dead.

      So you start with a web of trust where no one cares if any of the threads are cut. Thats not gonna work. So how bout piggybacking the web of trust on top of a Very Popular Site. Being a GOOG guy (I think?) he suggests his employer, although I know of no technical reason why itunes.apple.com or microsoft.com couldn't also distribute CRLs.

      Now if you want to pull a MITM attack its not enough to null route the CAs, you can't null route the Mighty GOOG without the users noticing, so you have to do something much more sophisticated to block access to the most recent CRL.

      The funny part is now all the noobs who report internet outages as "google is down" are going to have to wonder, is someone trying to pull a MITM or is it just noob-speak for an internet outage...

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    3. Re:What? by Baloroth · · Score: 1

      He doesn't want CRLs. Chrome (and many other browsers) already use these kinds of blocklists, so basically he just wants to not use CRLs at all.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    4. Re:What? by NatasRevol · · Score: 1

      CRLs fail unlocked because that's what the browsers set as the default to avoid inconvenience.

      Now, if the CRLs are local, will they still fail unlocked if they're missing or corrupt? i.e. next virus target.

      If so, then they've done nothing to help the fundamental problem of insecure security.

      --
      There are two types of people in the world: Those who crave closure
    5. Re:What? by thue · · Score: 1

      > So he admits Chrome is broken, so he doesn't fix it and blames the CA's . . makes sense.

      If the CAs' blacklists worked reliably, then chrome wouldn't need to ignore when they were down. So it is the CAs' fault.

    6. Re:What? by girlintraining · · Score: 1

      99.9999% of end users will never visit anything with a *.verisign.com domain.

      There are over 2 billion internet users... so you're saying only 200 people in the world will visit that site? Is now a bad time to note that millions of websites have a 'Verisign Approved' widget on their site that has a referred URL back to the *.verisign.com domain?

      --
      #fuckbeta #iamslashdot #dicemustdie
    7. Re:What? by vlm · · Score: 2

      Once it gets escalated up to 2nd, 3rd, 4th tier support at the ISP that $bigcustomer has no GOOG access, and the 4th tier engineer checks his BGP and its all good and is scratching his head in mystification as to why $bigcustomer can't access certain GOOG ip addrs, maybe, just maybe, he'll remember this /. thread and catch a MITM in progress. Maybe.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    8. Re:What? by Jon+Stone · · Score: 2

      CRLs are revocation lists which used to be published by CAs and clients were able to periodically download.

      As a concept they were replaced with OCSP (online certificate status protocol). Here the client requests the current status of a certificate each time they are presented with it. The idea was that it would be more timely and up to date and meant CAs didn't need to publish a complete list of revoked certificates.

      Now it seems Chrome wants to go back to a bodged version of the old way of doing things where Chrome periodically requests the CRL from the browser vendor or Chrome is periodically updated with the latest CRL?

    9. Re:What? by Jonner · · Score: 1

      He said the services, which browsers are supposed to query before trusting a credential for an SSL-protected address, don't make end users safer because Chrome and most other browsers establish the connection even when the services aren't able to ensure a certificate hasn't been tampered with.

      So he admits Chrome is broken, so he doesn't fix it and blames the CA's . . makes sense.

      Chrome will instead rely on its automatic update mechanism to maintain a list of certificates that have been revoked for security reasons. Langley called on certificate authorities to provide a list of revoked certificates that Google bots can automatically fetch.

      So basically he wants CRLs? I thought he didn't want CRLs?

      You've made the classic mistake of taking the Slashdot headline seriously. The actual post doesn't say Chrome will stop using CRLs. It says they will be pushed to Chrome directly from Google. No one "admitted" that Chrome is broken. The entire system is broken. All major browsers will load an HTTPS site even if they cannot get the CRL via OCSP because doing otherwise would cause huge amounts of unnecessary breakage and just make users angry and confused. From the actual post:

      So soft-fail revocation checks are like a seat-belt that snaps when you crash. Even though it works 99% of the time, it's worthless because it only works when you don't need it.

    10. Re:What? by Kalriath · · Score: 1

      Not for long, come Q2 this year that becomes "Norton Secure" and links back to norton.com.

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
  4. Great idea. by Targen · · Score: 3, Insightful

    Chrome and most other browsers establish the connection even when the services aren't able to ensure a certificate hasn't been tampered with.

    And the solution, obviously, is not checking at all. Slick.

    1. Re:Great idea. by mlts · · Score: 2

      I'm guessing the fact that a top level certificate compromise is something that is to be ignored. We already went through this with a CA that got bankrupted due to security issues. Web browsers not dealing with revoked keys will just add significantly to the time that blackhats can MITM stuff.

      The solution? I would say that SLCs (short-lived certificates) might be the best thing, with a mechanism to replace browser root keys periodically. Every time the browser is updated, CAs have new root keys. This way, a compromised root key will be replaced in short order, and if the root key is sound, having intermediate CA keys with a lifetime of hours to days would be the thing to do. This way, if a key is compromised, it will expire in a very short amount of time, even if there is no ability to connect to a revocation server.

      Of course, there are holes in this -- fetching keys more often for example will generate more traffic.

    2. Re:Great idea. by MozeeToby · · Score: 1

      No, the solution is checking at update time and storing the list of revoked certs locally so that you don't need to rely on the CLR server being available (which is something a man in the middle would be able to disrupt anyway).

    3. Re:Great idea. by Chryana · · Score: 1

      This doesn't look like a bad idea... But the thing is, Google wants to get rid of on-the-fly verification of revocation certificates, and you suggest on-the-fly reception of short lived certificates, so it might run into similar issues as the current system. Remember, a revocation list is permanent, so you can just download the latest updates to it, which should not be too bandwidth intensive if you do it every time you start your browser. A list of active certificates could not be kept, and would have to be downloaded anew every time (or rather received on the fly, because it would probably be way too big).

  5. Being Google by Klync · · Score: 1

    It's so easy to turn the Internet into whatever you want it to be, when you're the largest advertiser, largest service provider, largest search engine, largest content provider, software maker, hardware-platform-vendor, and even an ISP.

    Have we reached the point where google's "too big to fail"?

    --

    ----
    Not to be confused with Col.
    1. Re:Being Google by Spad · · Score: 4, Informative

      All they're really doing is moving the certificate revocation checks from the client to the server; Google updates its own CRL and pushes it to Chrome so that the browser doesn't have to rely on potentially unresponsive 3rd party sites for its checks.

    2. Re:Being Google by Ferzerp · · Score: 1

      This. It should not be within the realm of Google's purview to rewrite standards on an adhoc basis.

    3. Re:Being Google by Ferzerp · · Score: 4, Insightful

      Except now Google is presenting itself as an authority on the status of certificates that it has no business doing so with to the users of chrome.

      This is a bad thing.

    4. Re:Being Google by Anonymous Coward · · Score: 1

      Except now Google is presenting itself as an authority on the status of certificates that it has no business doing so with to the users of chrome.

      They already do that by shipping the browser with approved CAs. Are you suggesting that browser makers should stop doing that too?

    5. Re:Being Google by swillden · · Score: 3, Insightful

      Except now Google is presenting itself as an authority on the status of certificates that it has no business doing so with to the users of chrome.

      This is a bad thing.

      Google is already the authority which decides which CAs will be trusted by Chrome. How does it really change anything if Google also collects the CA CRLs and pushes them to the browser? Other than making revocations much more reliable.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    6. Re:Being Google by Ferzerp · · Score: 1

      You can add or remove any CA cert you want if you want to trust more (or fewer) CAs. Nothing requires you to leave the default set as is.

    7. Re:Being Google by hardaker · · Score: 1

      The worst change is that in order to have a secure browser you have to be using the current version of Chrome.

      You seem to think they think this is a bad thing...

      --
      The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
    8. Re:Being Google by Your.Master · · Score: 1

      There's an unfortunately high coupling between security improvements, platform changes, and UI alterations in Chrome. The first means that the latest version is always desirable. The other two make the latest version undesirable. I can't be the only one who nearly went insane when Chrome started crashing every time you closed a youtube video a week or two back. I think they rolled out a workaround on youtube's side, and I don't know for sure that the root cause is Chrome updates vs. a latent bug that had been in Chrome for ages but was exposed by a youtube update, but it's a testament to why they're problematic. And that's between Chrome and an extremely high-traffic website owned *by the same company*. Hitting something that the Google engineers just never noticed is more likely on your own sites that you don't expect the Chrome devs are hitting up in their spare time at work.

    9. Re:Being Google by swillden · · Score: 1

      What I read in the article indicated they would update this list separately from the whole browser.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  6. its all about making the browser fast. by Anonymous Coward · · Score: 1

    I think Google is just trying to make the browser fast. Updating the CRL "out of band" always runs the risk of using an outdated CRL. I think they are trying to explain their decision by saying that the "in-line" check is anyways not 100% secure (so why waste precious milliseconds).

  7. A single decade...maybe one and a half. by Remus+Shepherd · · Score: 1

    "Google's Chrome browser will stop relying on a decades-old method for ensuring secure sockets layer certificates are valid..."

    'Decades'? As in more than one?

    The first web browser was made by Tim Berners-Lee in 1991. That's technically two decades ago...but were there secure sockets? Layers? Certificates?

    Yeah, I'm nitpicking. But the web didn't exist publically before 1994 -- I remember formatting HTML for Mosaic back then, as our company tried to keep on top of the bleeding edge. This stuff really wasn't that long ago. Correcting 'decades' is just a nitpick, but if you start using 'centuries' or 'eons' then this old man is going to have to get out of his chair and start giving history lessons.

    --
    Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
  8. He's right by HBI · · Score: 4, Informative

    CRLs and OCSP are functionally useless. For PKI to work, certificate revocation must work also. Some kind of reliable system has to be constructed. Chrome is doing what they need to do to make this happen by abandoning the useless, outdated technologies of the past.

    Before someone asserts otherwise, explain DigiNotar. While you are at it, explain all the rest of the CA compromises over the last two years. Then explain why each browser essentially had to distribute a patch to fix the problem rather than relying on OCSP and CRLs. If they are functional, that wouldn't have been necessary.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
    1. Re:He's right by xorsyst · · Score: 3, Insightful

      Opera didn't have to distribute a patch, because they use OCSP and CRLs properly. And I've never heard of anyone complaining that it causes a problem.

      --
      Get free bitcoins: http://freebitco.in
    2. Re:He's right by HBI · · Score: 1

      It's not possible that Opera uses OCSP and CRLs "properly". The simple reason why is that many certificates have no OCSP or CRL specified.

      Can't use what's not there.

      You should probably examine your security posture if you think you are adequately covered by Opera's handling of certificate revocation.

      --
      HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  9. This makes sense in the case described... by wolrahnaes · · Score: 1

    But it's not like a local attacker intercepting communication at your end is the only possible option. What if the datacenter the server is hosted in or an ISP along the path has been compromised? What if the target site's DNS has been modified to point to the attacker? There are many possible ways that an attacker could cover only parts of the internet or only the specific target itself, still allowing full access to the CRLs and thus allowing them to do their jobs.

    That said, I can't argue with the privacy point.

    IMO since the privacy concern is legit and it is true that it's not as useful as some might have believed, it should be made optional rather than removing it outright. Even understanding the situations where it doesn't work, there are still situations where it does.

    On that note, using CRLs alone rather than OCSP eliminates the privacy concern to a substantial degree as then the CA only knows you accessed a site using a certificate that points at that CRL, not which certificate you're using. Of course the tradeoff is that it requires downloading the whole list every time you need it, so a whole different can of worms comes up with caching versus the ability to rapidly revoke certs.

    --
    I used to get high on life, but I developed a tolerance. Now I need something stronger.
    1. Re:This makes sense in the case described... by makomk · · Score: 1

      What if the datacenter the server is hosted in or an ISP along the path has been compromised? What if the target site's DNS has been modified to point to the attacker?

      What if someone's running a phishing site using fraudulently-obtained EV certificates that display a nice pretty green message? That's not normally possible because EV certificates normally mandate OCSP checks that fail secure, but with these changes once an attacker gets their hands on one they'll have plenty of time to exploit it...

  10. Yeah decades. by Anonymous Coward · · Score: 4, Informative

    X509 certificates go back to July 3, 1988.

    That makes certificates (and their revocation) 24 years old.

    So yes, decades old.

  11. A better fix by MobyDisk · · Score: 2

    because Chrome and most other browsers establish the connection even when the services aren't able to ensure a certificate hasn't been tampered with.

    This is just a case of unsafe defaults. To fix this in Firefox go to Tolls - Options - Advanced - Encryption - Validation and check the box that says "When an OCSP server connection fails, treat the certificate as invalid."

    This is probably what the default should be anyway. I cannot imagine a fingerprint scanner that just assumed everyone was authorized if the database went down. If it can't validate, then it isn't valid!

    1. Re:A better fix by Anonymous Coward · · Score: 1

      To fix this in Firefox go to Tolls - Options

      No way; that's too expensive.

    2. Re:A better fix by MobyDisk · · Score: 1

      It could be that OSCP server was up but the virus that was redirecting your DNS decided to block the request so that you would disable the setting.

  12. False warnings by Firethorn · · Score: 5, Interesting

    I harp on this constantly. At work, we fairly routinely issue people new certificates and revoke the old ones, even when there's no belief that the certs were compromised. As a result, you can send somebody an email and later that day get new certs. This is a problem because all the digitally signed emails you sent earlier now register as revoked and Outlook proceeds to tell you this, that the email can't be trusted, etc...

    This happens frequently enough that I encounter this 2-3 times a week. The email has always been valid, they just got new certs between their sending the messages and my opening the email(possibly for historical reasons).

    Same deal as with the california cancer warning - stick it on EVERYTHING, and it gets ignored. If you put cancer warnings on apples, they may not pay attention to the cancer warning on that bottle of test chemical.

    --
    I don't read AC A human right
    1. Re:False warnings by Imagix · · Score: 1, Interesting

      So you're misusing the system, and complaining. When you revoke the old cert, you are stating that it is no longer to be trusted. And now you complain when it says "don't trust this"? I guess a car analogy: (Where I live, you are required to have proof of insurance stickers on your license plate.) You give a properly insured car to your buddy. 2 days later you go and remove the insurance stickers from the car. A week later, your friend is pissed off because the cops gave him a ticket for being uninsured. "But it was insured when I gave it to him."

    2. Re:False warnings by Firethorn · · Score: 1

      I probably should have said 'they', not 'we'. Thus my harping on the problem - not that I'm anywhere near where I'd need to be to have a chance to be listened to.

      I wouldn't be revoking the certs unless they did something stupid like lost it or gave out their pin.

      --
      I don't read AC A human right
    3. Re:False warnings by Electricity+Likes+Me · · Score: 1

      It's still a problem though. You would expect if you revoked a certificate to be able to give a timeframe in which the revocation should be applied (i.e. how long ago do I think it became compromised?)

    4. Re:False warnings by gnapster · · Score: 1

      How do you certify the timestamps, then?

  13. vs. Google Analytics by geoffrobinson · · Score: 1

    I bet Chrome won't be skipping over Google Analytics or their ad engine, which slows down my page breaking my experience something fierce.

    --
    Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
  14. All Banking sites will now exclude Chrome by Culture20 · · Score: 2

    Chrome: "We're not wearing eye-gear on the paintball field because we all shoot at torsos"
    Banks: "That's nice. You're not playing on the paintball field without eye-gear."

  15. UI suggestion... ah, nevermind by Onymous+Coward · · Score: 1

    Maybe also have the padlock be an animation like the "page is loading" icon. A padlock trying to lock closed.

    Anyway, mu. The Certificate Authority infrastructure is fundamentally broken. Faulty by nature. Fussing with CRLs matters little when your browser already trusts a dozen discount CAs who either are not reporting break-ins or aren't even noticing them.

  16. False choice by losttoy · · Score: 2

    I have been running with security.OCSP.require set to true for a long time and haven't really noticed failures. Maybe the stated problem with CRL check timeouts is being overblown?

  17. What a boneheaded argument by martin-boundary · · Score: 2
    I guess even top Google engineers make boneheaded analogies. FTFBP:

    So soft-fail revocation checks are like a seat-belt that snaps when you crash. Even though it works 99% of the time, it's worthless because it only works when you don't need it.

    A seat-belt isn't there to protect you if you drive at 200mph into the side of a building. If that's what you're doing, your day is going to be ruined no matter what.

    Seat-belts are there to protect against the low hanging fruit of accidents. If you're driving 20mph and the neighbour's cat suddenly runs across the road, you break and the seat belt stops you and your passengers from getting a nasty bruise.

    That's what it's for, and it works exceedingly well at doing that. If we get rid of seat-belts because they don't help in the 1% of cases, like when someone crashes into a building, then all we're doing is increasing dramatically the global accident rate on trivial incidents, like the cat example.

    1. Re:What a boneheaded argument by Junta · · Score: 1

      That's what it's for, and it works exceedingly well at doing that.

      The problem is the attacks where it's useless are far more prevalent than the ones where it does any good.

      It only does good if the attacker compromises near the server. This is relatively rare.

      If the attack either comes as a IP layer MITM (attacker is providing a router to victim) or DNS poisoining, then *all* servers including OSCP are fair game.

      The problem with the rant on soft-fail is it ultimately places the fault on OSCP and not on the *soft* aspect of failing and goes on to recommend a blacklist strategy without a whitelist strategy for security, which is pretty boneheaded in this context.

      --
      XML is like violence. If it doesn't solve the problem, use more.
  18. Replacing CRL with a CRL... by Junta · · Score: 1

    So I see the practical benefit, trying to reinstate the 'offline' nature so that CA hosting facilities do not become the bottleneck for various things. From a security perspective this seems bad...

    CRL relies upon the CA knowing about all the certs that should be revoked. Notably, if someone managed to discretely get a CA's private key, and applies that advantage with any subtlty, then the certificate isn't even known to be issued by the CA, they can't revoke what they don't know about.

    Compromising an architecture like OSCP is a little different. A compromise of a CA is necessarily much more blatant if you have to also compromise the OSCP service.

    Really, the most practical answer is to go as much toward making a confirmed positive OSCP a requirement for 'secure', and fix the bad practice of 'server temporarily down' as good as 'it says things are ok'. Let market forces punish the CAs unable/unwilling to invest what is required for this to be valid. When you control the browser,it's a strange argument to say it's worthless because your own browser won't strictly enforce OSCP so you throw it out for a much-more-dangerous blacklist approach.

    I will say in some of the larger userbases that distributed reputation system to double check the CA results makes sense. I just wouldn't want that to replace a CA situation, as it wouldn't scale to small sites well and there is a more clear mechanism to invalidate bad certificates with CA. Should require a true-positive OSCP and either no or good reputation information to be really secure.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  19. Banks are tyros when it comes to browser security. by Burz · · Score: 1

    Chrome: "No more OCSP for us"
    Banks: "Dooiiiyyeeee can we have IE6 back, pretty pleeeease?" :-)

  20. S/MIME is a transport protection by sita · · Score: 1

    At work, we fairly routinely issue people new certificates and revoke the old ones, even when there's no belief that the certs were compromised. As a result, you can send somebody an email and later that day get new certs. This is a problem because all the digitally signed emails you sent earlier now register as revoked and Outlook proceeds to tell you this, that the email can't be trusted, etc...

    S/MIME is a transport protection, just like SSL. It is not meant to impart non-repudiation on the content of a mail. It is only meant to ensure integrity (signing) and confidentiality (encrypting) from the moment it is sent to the moment it is received. For this to work, the time between signing and validation (and/or encrypting and decrypting) must be "short". The receiving system should decrypt and validate the incoming message as soon as possible. The result of the signature validation should be remembered, so it is not necessary to do again. The message should be stored in its decrypted form. You should not rely on S/MIME to protect your message after it has been received by you. If you need to ensure integrity and confidentiality when storing the mail, that should be done by whatever is storing the mail (the mail server or the client locally) in a different manner, it is outside the domain of S/MIME.

    Now, S/MIME implementations don't work that way, which is why you end up with the problems you have. For one thing, S/MIME is usually a function of mail client rather than the mail server which makes it difficult (but perhaps not impossible) to implement "S/MIME for transport only" model.

    1. Re:S/MIME is a transport protection by Firethorn · · Score: 1

      We're not using pure S/MIME, it's more Outlook&Exchange. Completely internal to the server for a lot of it.

      I agree that S/MIME isn't an 'ideal' solution, but what I was trying to get at was how to maximize the assurance of the information while minimizing false flags.

      It needs to be a complete solution, what irks me is the stupid 'optimizations' they put in place.

      --
      I don't read AC A human right