Slashdot Mirror
Mozilla Breaks Its Own Promise, Allows Symantec To Issue Insecure Certificates (softpedia.com)
An anonymous reader writes: After researchers discovered that SHA-1 can be decrypted, Mozilla, together with Microsoft and Google, said they will no longer "trust" SHA-1-based certificates issued after January 1, 2016, and later stop supporting any type of SHA-1 certificates after June 30, 2016, or January 1, 2017. The foundation went back on its word this week, when Symantec begged Mozilla to allow it to issue nine new certificates for one of its clients, Worldpay PLC, which forgot to request these certificates before January 1. Symantec got what it wanted. Fortunately, other companies like Microsoft, Apple, or Google didn't cave under the pressure.
And this has nothing to do with trusting SHA-1 certificates in browsers. This is purely a policy issue.
Symantec isn't asking for a whitelist. They aren't asking for an exception in browser policy. They aren't asking Mozilla to trust those certificates. What they're asking for is an exception to CA policy. They are asking to violate agreed upon CA rules by "merely" issuing certificates using a weak algorithm (browsers ought not to trust these certs, but that's irrelevant, it's the fact that they're issuing them at all that breaks the rules). In effect, what they're saying to Mozilla is "we're breaking the rules, but please don't kick us out from the root store".
If Symantec goes ahead and issues the certs, then any other trust store or entity in a position to enforce CA policy requirements (such as other browser vendors, MS, etc.) is well within their right to remove trust from Symantec roots due to a violation of CA policy.
Of course, since this is Symantec, it won't happen. They're too big to fail. They'll do it anyway and get a slap on the wrist at most. This is too minor a bending of the rules for anyone to seriously propose kicking them out. That's the problem with big CAs - nobody wants to be the guy to detrust them, because then what users will see is "this browser sucks, I can't access all these sites". And so big CAs get to ignore policy or have major security breaches (I'm looking at you, Comodo) with impunity.
There is one aspect that is hopeful:
So if the certificates expire in 90 days (and are replaced with better ones) I'm okay with that.
The part I still don't understand is why anyone would still need the old SHA-1 certificates. Are their systems THAT OLD? If so, I'm sure they have other problems that haven't been addressed.
Once again we are reminded of the truly sad state of business security.
From TFA:
A company representative has informed Mozilla that one of its clients, Worldpay PLC, has asked for nine new SHA-1 certificates. Symantec explains that Worlpay has forgot to ask for nine new SHA-1 certificates for some of its servers that process SSL/TLS communications for over 10,000 payment terminals across the world. Worldpay blames this situation on a communications mishap. They say that someone forgot to ask for these certificates before the January 1 deadline.
The purpose of the January 1 deadline was supposed to be "Hey, your shit is not secure, you need to change to something else". It was NOT intended as "Hurry up and get all your shitty insecure SHA-1 certificates right away before we stop giving them out on Jan 1".
One of the arguments in the e-mail discussion thread is actually reasonable: the rules say no new SHA-1 certs issued after January 1 2016, and no certs valid for >1 year. Which meant that a ton of people got last-minute certs issued in December. Those certs are valid for the whole year of 2016. WorldPay just fucked up and forgot - had they done so they would have the whole year to upgrade their terminals.
So, in a way, a 90-day cert issued today is less of a security problem than all the last-minute certs issued right at the end of 2015. From that point of view, perhaps the rules weren't defined very well. It would've made more sense to have only a NotAfter restriction: no SHA-1 certs expiring after December 31st this year, effectively a steadily decreasing maximum validity period as the year progresses. Then this wouldn't have happened.
Still, policy is policy, and the fact that Symantec is being allowed an exception (even if that exception makes some logical sense) is concerning.
As for why they need SHA-1 certs? Old POS terminals using public CA roots, and still without SHA-256 support. Welcome to the embedded world. And yes, I'm sure they have lots of other vulnerabilities.
Man, you managed to read that far into the article but not the next 2 paragraphs. I can't tell if you're being purposefully disenginous or if your attention span is that short... For the record, the next two paragraphs state:
The company says they are already in the midst of the process of updating their servers to SHA-2, but this blunder now puts some of its users in danger of not having their payments go through.
Internally, Mozilla has agreed to allow Symantec to issue these certificates under two conditions: the entire process should be transparent, and that the certificates should expire after only 90 days.
First, why are they only "in the midst of updating" after the deadline has already has passed? This should have been done already. This goes back to my original point -- their attitude was not "hey we need to upgrade before Jan1". It was "we just need to hurry up and get some new certs before Jan 1 and then we can fuck off and do nothing for another year".
Second, what do you think is REALLY going to happen in 90 days?