Mozilla Might Distrust Dutch Government Certs Over 'False Keys'

Long-time Slashdot reader Artem Tashkinov quotes BleepingComputer: Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys". If the plan is approved, Firefox will not trust certificates issued by the Staat der Nederlanden (State of the Netherlands) Certificate Authority (CA)...

This new law gives Dutch authorities the powers to intercept and analyze Internet traffic. While other countries have similar laws, what makes this one special is that authorities will have authorization to carry out covert technical attacks to access encrypted traffic. Such covert technical capabilities include the use of "false keys," as mentioned in Article 45 1.b, a broad term that includes TLS certificates.
"Fears arise of mass Dutch Internet surveillance," reads a subhead on the article, citing a bug report which notes, among other things, the potential for man-in-the-middle attacks and the fact that the Netherlands hosts a major internet transit point.

Does it make sense to trust any govt key?

[mellon]

This is a tough question, because arguably corporate-held keys aren't trustworthy either, but if we are to trust government keys, we need to know what the terms of governance are, and in general we don't. In the U.S., for example, government eavesdropping rules are secret. So trusting a PKI cert issued by the U.S. government is crazy. Of course, governments can also often compel private industry, and as we've seen, private industry can also engage in corrupt practices or careless practices. Honestly, PKI is pretty rickety.

Re:Does it make sense to trust any govt key?

It makes sense to trust government keys when communicating with the government that issues them.

Re:Does it make sense to trust any govt key?

[sjames]

The problem is the whole system is set up so you either trust a key signer for any key they sign or you don't trust them at all. There isn't currently a mechanism where you can conditionally trust a key signed by a government.

Re:Does it make sense to trust any govt key?

True, the current system is and always had been broken by design. It only takes one foul apple to spoil the whole dish.

Re:Does it make sense to trust any govt key?

[omnichad]

Right, but the US government doesn't issue certificates for anyone else. In the Dutch case, however, I do support removing trust.

Re: Does it make sense to trust any govt key?

A goverment might want to spy - so don't trust government keys for yor terror/revolution plans.

Corporate keys are even worse, they might sell access to the highest bidder. Such as your competitors - or governments. Governments have their agendas, but rarely sell out.

Re:Does it make sense to trust any govt key?

[Kjella]

If it's important enough you obviously shouldn't trust any third party to verify anyone's identity, but if I don't know who you are should I start fingerprinting and DNA testing you or should I ask for a driver's license or passport? It's a bit the same with websites, for the most part I'm satisfied with a CA backing the claim. The alternative is that I have no clue, because there's no practical way for me to verify everything in person.

Re:Does it make sense to trust any govt key?

[sjames]

It's a matter of who they MIGHT create a fake cert for if they want to snoop. Are you sure you would trust relax.trust.us.gov to never ever issue a fake cert for gmail.com even if the FBI says pretty please and pinky swears they'll get a warrant eventually?

Re: Does it make sense to trust any govt key?

Governments have their agendas, but rarely sell out.

Funniest comment ever!

Please show me a government - anywhere in the world, anywhere at all, really - that represents the people that voted them into power. By and large politicians are scumbag lawyers and millionaire businessmen that are only getting into politics to increase their personal wealth and the wealth of their families and business partners.

Re:Does it make sense to trust any govt key?

[Lord+Crc]

At least for browsers you can add an exception for the gov't certs that you trust.

Re:Does it make sense to trust any govt key?

[mellon]

This is absolutely true, but if it's a PKI signing key, trust is binary, so that's not one of the options (correct me if I'm wrong here—this is my understanding).

Re:Does it make sense to trust any govt key?

[sjames]

Worse, most of the brokenness including not being able to sign sub-certs with a cert from my primary domain and the lack of conditional trust are driven by the desire to sell more certs rather than security concerns or technical limitations.

Re:Does it make sense to trust any govt key?

[AHuxley]

An encryption watch setting that shows if more than average use, requests, networking suddenly starts with .gov encryption?
Some sort of extension in FF that tells a user any gov cert is been used on a non .gov/mil site more than expected?
A question that asks a user if they are in the EU and/or expect to communicate a lot with EU governments?
If a third party is tracking encrypted .com. net and .org sites with the user and the user never visited an EU nations .gov site?

Re:Does it make sense to trust any govt key?

[omnichad]

With that said, we know the supposed intent is to only sign for *.gov, so browsers should only trust the CA for that TLD. This is a good time to evaluate all similar CAs in this way.

Re:Does it make sense to trust any govt key?

[sjames]

You can add exceptions for individual certs, but only if you either blindly trust them or use an external mechanism to validate the signature. But you can't, for example, set the browser to trust a cert signed by the U.S. government ONLY if the cert is for a domain in *.gov.

Re:Does it make sense to trust any govt key?

[sjames]

That goes back to my original statement. Browsers really should be able to conditionally trust a CA like that, and users should be able to set conditions on trust, but no browser has either feature currently. It should be part of the standard, but that might have cut into sales so it was right out of the question.

Re:Does it make sense to trust any govt key?

[slashrio]

Let's shorten the question a bit:
Does it make sense to trust any govt?

Well... one could argue that it makes sense to trust the Dutch govt, as they are clearly announcing that they will abuse their authority to issue certificates.
Actually I find that an extremely stupid move.

Re:Does it make sense to trust any govt key?

[syzler]

However if crypto toolkits would finally implement and actually validate certificates using "DNS-Based Authentication of Named Entities" (DANE), then all of this is moot since the DNS operator for a site would be able to specify which specific TLS key is being used by the site with a few DNS records. A government entity wouldn't be able to man in the middle a TLS connection without either cracking the TLS keys themselves or by compromising the the root DNS server keys.

Re:Does it make sense to trust any govt key?

The Dutch are pretty transparent about their survailance.
They tap more phones than any other country, but that is probably because the Dutch actually own up to that.

Re:Does it make sense to trust any govt key?

[tsa]

In the US gouvernment eavesdropping rules may be secret but at least they seem to have rules they stick by. Being a Dutch citizen and having read about the ways of our government, I would not be surprised if this law that we will get now (of which many dictators will be mighty jealous. Even the FBI was impress with what we can do) just legalises only a part of the ways my gouvernment uses to eavesdrop and spy on its people.

Re:Does it make sense to trust any govt key?

[sjames]

That would raise the bar considerably.

Re: Does it make sense to trust any govt key?

[Delta]

Actually, there are name constraints that would allow you to sign for yourself if you could anchor your own CA to the trust chain. Weâ(TM)re closer than many think.

In order for that to work though, the name constraint would need to be marked critical (refuse trust chain if not supported), and itâ(TM)s mostly just Apple that doesnâ(TM)t support it.

If Apple fixes that, and Letâ(TM)s Encrypt (for example) would let you anchor from them, things could move in that direction.

Personally Iâ(TM)d have liked to see these things integrated into DNSSEC as well.

Re:Does it make sense to trust any govt key?

[jrumney]

Not trusting any foreign government's CA is probably an easy starting point. Not trusting your own government's CA will probably make it difficult to file taxes, renew passports and any other interaction you need to do with your own government though, so while the threat of them eavesdropping on your communication is probably highest, it is more difficult to mitigate without side-effect. PKI used to be quite good when there were half a dozen trusted certificates in Netscape's default CA store. But for at least the last 15 years, browsers have been heavily compromised out of the box.

Re:Does it make sense to trust any govt key?

[jrumney]

Are you sure you would trust relax.trust.us.gov to never ever issue a fake cert for gmail.com even if the FBI says pretty please and pinky swears they'll get a warrant eventually?

This is why public key pinning must be removed in future versions of Chrome, and the ability to check the details of a certificate has already been well buried within the developer tools UI.

Re:Does it make sense to trust any govt key?

[jrumney]

all of this is moot since the DNS operator

By DNS operator, you mean the government agency in control of the endpoint to which you are connecting, right?

And all you could find on the topic...

... was breathless bullcrap by bleepingcomputer.

What a wasteland.

Governments, take note

[Opportunist]

This is what happens when you try to pull a stunt like this.

Certificates are based on a system of trust. I trust a certificate because the issuer promises that it belongs to the party it was issued to. If that party now not only has the ability but also the obvious intent to intercept and snoop on traffic, the certificate is intrinsically untrustworthy. Because it can easily be used for such nefarious applications.

The Netherlands just made all their certificates along with every certificate issuing company under their jurisdiction untrustworthy.

Re:Governments, take note

This is what happens when you try to pull a stunt like this.

Certificates are based on a system of trust. I trust a certificate because the issuer promises that it belongs to the party it was issued to. If that party now not only has the ability but also the obvious intent to intercept and snoop on traffic, the certificate is intrinsically untrustworthy. Because it can easily be used for such nefarious applications.

The Netherlands just made all their certificates along with every certificate issuing company under their jurisdiction untrustworthy.

What do you do when all certificate issuing company in every jurisdiction is "untrustworthy?"

Re:Governments, take note

[Opportunist]

Then we're down to doing what organizations with elevated security needs already do. Issue their own certificates, transport them to their partner via a secure channel and pin the certificate, i.e. to be valid, the site has to present this certificate, exactly this certificate and only this certificate.

Re: Governments, take note

Issue your own cert.

Re:Governments, take note

[AmiMoJo]

They should distrust all certificate authorities in countries where there are secret legal means to force the creation of bogus certificates, e.g. the UK.

The whole system needs replacing but while we have to work with it it's important to take a firm stance on not allowing governments to interfere with or subvert it.

Re:Governments, take note

IOW, the PKI system of "distributing trust" is broken such that it only seems to work: You can only use it as envisioned by the *cough* wonderful and talented *cough* mind that thought the whole thing up, or you can not use it at all. Except you'll get nowhere if you try to not use it. So you have to trust everyone in the list or you end up with weird holes in your universe. You can't simply untrust a single key, though you have to be able to because some issuers just aren't as trustworthy of others.

Did I mention that PKI is terminally broken? That's what it comes down to. And the problem is right in the design, that you can only have one signer for every certificate and there is no meaningful way to pick and choose.

For verily, the whole hierarchy thing exists so you don't have to cart your own certificates around over secure channels. That right there again means PKI is broken. Of course, there are at least a hundred more ways in which PKI is broken. Why are we still using this broken crap called PKI?

Re:Governments, take note

[cstacy]

This is what happens when you try to pull a stunt like this.

Certificates are based on a system of trust. I trust a certificate because the issuer promises that it belongs to the party it was issued to. If that party now not only has the ability but also the obvious intent to intercept and snoop on traffic, the certificate is intrinsically untrustworthy. Because it can easily be used for such nefarious applications.

The Netherlands just made all their certificates along with every certificate issuing company under their jurisdiction untrustworthy.

What makes anyone think that certain various intelligence agencies (such as those in the USA and Europe in general) do not already have the means to sign "false certificates"? Through government intimidation, secret procedures, etc. In what way are the corporate-based CAs not secretly influenced by the government(s)?

Re:Governments, take note

[Opportunist]

Too high a risk to take.

Blanket use of forged certificates would make it near impossible that such behaviour isn't eventually noticed, which would instantly lead to the whole certificate chain system coming down.

If anything, such a tool would be used very carefully for high profile targets.

Re:Governments, take note

[Maritz]

You forgot to provide a link to your alternative.

And you can untrust any cert you like. Go into your fucking certificate store and delete it.

Referendum

Btw, Netherlands will hold a referendum on this new surveillance law, so Mozilla's action is warranted https://www.reuters.com/articl...

Re:Referendum

[bokkepoot]

Btw, Netherlands will hold a referendum on this new surveillance law

The referendum to be held is only valid if 30% of the eligible voters actually vote, and even if it is valid, it is (only) an advisory referendum.

Also, 2 of the major parties have already spoken out as to ignore the results of the referendum, whatever they may be, and continue with this surveillance law.

Re:Referendum

[Opportunist]

That's ok. Most Dutch also ignore what these two parties say.

Re:Referendum

The referendum will be held simultaneously with the coming municipal elections, so it is actually rather likely that the turnout will be above 30%.

Re:Referendum

[JaredOfEuropa]

Sadly they are in government...

Re:Referendum

[Opportunist]

You say this like it mattered.

The more governments act against the interests of their subjects, the less said subjects feel obliged to heed their laws. Or report those that break them.

This is, by the way, one of the reasons the East Bloc fell. In the end people felt more committed to their fellow sufferers than their government.

Re:Referendum

[JaredOfEuropa]

We're a long way off from that point. Especially since there's a sizable silent majority who think they "have nothing to hide"

Re:Referendum

[Opportunist]

But they also don't want to get involved with government. My neighbor is stealing public property? I'd rather not get involved, it's not like it's my business.

Re:Referendum

[tsa]

Next time they won't be.
The thing with having untrustworthy gouvernments and a democracy is that diring the next elections the people always punish the parties for their behaviour. This results in difficult formations and absolutely no possibility of long term planning. Which means the Netherlands are now way behind in education, technology and are far below even the US with regard to doing battling climate change.

Re:Referendum

> Netherlands will hold a referendum on this new surveillance law

Switzerland did, too, and the populace voted *for* adoption of unprecedented snooping powers (now in full effect). 'Nothing to hide' and all that...

Who do you trust?

[Midnight+Thunder]

We have been existing for a long time without https, but now we want a certificate for everything, even places where is trust isnâ(TM)t needed. One of the issues I see is that there is a difference between trust and encryption, but the average user may not make the distinction.

Also, to the average user it isnâ(TM)t clear who the third party they are trusting is and whether they are any more trustworthy. This leads to the risk of blind trust and the consequences that go with it. A bit like afreeing to a EULA, without reading it.

Re:Who do you trust?

[Aighearach]

I have no idea who hosts the server, and I have no need to trust them. It is useful though if I know that they're the source of the data.

This encryption isn't about trusting the other party you agreed to exchange network data with, it is about trust in the network pipe itself!

Re:Who do you trust?

[omnichad]

For sites where trust isn't needed, that's only true when there's not a mitm attack and/or fake ads, fake downloads, or even something as simple as an email subscribe form where you don't want information in the wrong hands.

Re:Who do you trust?

[Opportunist]

In this time of fake news, https based communication is more important than ever. Less even for the encryption part.

Encryption, despite what most people think, is only the side effect. The main, far more important, aspect is to verify that I am actually talking to whom I think I'm talking to. Encryption means exactly nothing if I cannot determine whether a MitM is taking place.

And neither does it mean anything if I get information from someone without the ability to verify that whoever I'm talking to is actually who I expect to be talking to. Imagine someone pretending to be someone saying increasingly stupid things in an attempt to ruin that person's credibility...

Re:Who do you trust?

Why would it be more important than ever? https doesn't prevent fake news. It is a matter of trust. People no longer trust mainstream media. Some of trust the fake news sites for some reason, but most people no longer trust any news source anymore. It doesn't matter what country you got to in the West. Everywhere people complain about mainstream media. They create news, is an often heard complaint. Who knew that all the merges in the news paper industry and television industry would lead to a distrust in mass media?

Re:Who do you trust?

This encryption isn't about trusting the other party you agreed to exchange network data with, it is about trust in the network pipe itself!

Ever worked in a Top 500 company or a mining multinational? All of your HTTPS communications are signed by their re-encrypting SSL proxy servers. They monitor everything you do on the internet in the name of "due dilligence." You have no guarantee that the source of your data is actually the origin server you expected.

Re:Who do you trust?

[CrashNBrn]

Except we are moving towards a situation where the "site" is just a front for CDN's (Content Delivery Networks): CloudFlare, AWS, Google AMP, etc, etc.

Re:Who do you trust?

[CrashNBrn]

The "site" can also be sitting behind a proxy server - which can delivery "content" from anywhere for the domain in question.

Claiming there is any real trust in this house of cards is almost laughable.

Re:Who do you trust?

[Z34107]

Also, to the average user it isn't clear who the third party they are trusting is and whether they are any more trustworthy.

Blindly trusting a third party, or even a small number of third parties, is still a huge improvement over blindly trusting a far greater (but unknown) number of third parties. Quit being lazy and fix your website.

Re:Who do you trust?

Only if you use a shitty browser that fails to alert you to being MiTMed. Any decent browser will show when your employer is doing this.

Re:Who do you trust?

[Opportunist]

https doesn't prevent fake news. But it prevents impersonation. A lot of misinformation is based on someone pretending to be someone else.

Re:Who do you trust?

[Midnight+Thunder]

Only if you use a shitty browser that fails to alert you to being MiTMed. Any decent browser will show when your employer is doing this.

Problem is the certificate is trusted by the browser, because your employer manages all infrastructure. See this as a ‘trusted’ or ‘enforced’ man-in-the-middle

Re:Who do you trust?

https doesn't prevent fake news. But it prevents impersonation.

No it doesn't prevent impersonation at all.

PKI trust was already on shaky ground but it was Mozilla itself that totally screwed the pooch when they launched Let's Encrypt. There is no verification whatsoever of who's requesting a certificate only that they control a server end point for the CN they're requesting.

Re:Who do you trust?

[Maritz]

It'll show you if you examine the certificate closely, sure. But it will show up green and not as a warning, because the certificate will be in the trusted certificate store, probably pushed there by group policy. Average user will object...? Nope, blissfully unaware.

Re:Who do you trust?

I work for a large multi-national. I install Firefox myself (this is neither recommended on the one hand or disallowed on the other). Firefox uses its own certificate store. So I can be sure the company does not MITM my SSL. So your assertion that *all* large companies do this is false.

In fact, *given that we are specifically allowed reasonable personal use of work devices*, they would be very, very foolish to use MITM on SSL; suppose this led to leaking of employee banking credentials they could be in severe legal trouble, probably with the bank as well as the employees.
If they wanted to MITM us they would need to cover their backs by warning us and disallowing personal use.

Re:Who do you trust?

[Aighearach]

The BOFH is on my side. I could even be the BOFH for all you know.

The law will need to pass parliament.

[Teun]

So far this law is a proposal and it needs to be passed by parliament.

After some seven months of negotiations we've (the Dutch) just received a new coalition government based on four parties.
For some inexplicable reason they all believe this is a good plan though it looks like majority of the population is not convinced.
An advisory referendum will be held but one of the larger parties already announced they would ignore the outcome.

This government has a parliamentary majority of one and I would be surprised if they can pass this law without serious amendments.
Now I'm absolutely sure other nations do similar, except they did not pass these tricks by their parliament or in a publicised law.

Re:The law will need to pass parliament.

[Calydor]

Then it only makes sense that Mozilla are already now telling the Dutch government what the consequences will be of their actions, while it's still possible to simply abandon the proposed law.

Re:The law will need to pass parliament.

it looks like majority of the population is not convinced

To be exact, polls suggest a majority of the people support the law, but of the people who will actually vote, a majority are against the law (dutch source).
One can argue that actual votes are what counts, but one can also argue that since it's announced the law will come despite the referendum outcome, the people who are pro-surveillance and anti-referendum, won't even bother.
Anyway, it's such a small margin the government can easily (find an excuse to) ignore the outcome, given that they themselves support the law and they can legally ignore the referendum outcome.
But there is still time for campaigning/education/changes of course.

Re:The law will need to pass parliament.

The same Dutch party that ignored the last referendum. Your democracy at work

Firefox removes a CA while Google removes PKP

[WaffleMonster]

It's good to see more governments acting to grant themselves the ability to overtly subvert PKI on a global basis while Google is busy removing the only technology standing any chance of offering end users a clue.

Re:Firefox removes a CA while Google removes PKP

Google invented a technology that does everything HPKP did, and also handles key rotations, allows you to monitor for someone else issuing keys in your name, doesn't have the "HPKP ransom" vulnerability and actually scales well. You should read about certificate transparency and the Expect-CT header.

It's really gauche to accuse Google of doing anti-security things when they're single-handedly advancing the state of the art and have caught state actors breaking PKI. In fact that's the incident which led Google to invent HPKP in the first place, and they knew the problems with it at the time which is why they then went on to invent certificate transparency to replace it.

Re:Firefox removes a CA while Google removes PKP

[viperidaenz]

What about "Expect-CT" ?

If a site is using Expect-CT, the mis-issued certificate would need to be added to a publicly verifiable append-only log or if the header mysteriously went missing, it gets reported.

Re:Firefox removes a CA while Google removes PKP

[WaffleMonster]

What about "Expect-CT" ?

What about an experimental draft no browser supports? This isn't even a standards track document.

If a site is using Expect-CT, the mis-issued certificate would need to be added to a publicly verifiable append-only log or if the header mysteriously went missing, it gets reported.

Section 4 of draft-ietf-httpbis-expect-ct-02
"Site operators could themselves only cure this situation by one of:" ...
"obtaining a certificate from an alternative certificate authority". ...

This doesn't fix the problem of states controlling CAs - it ignores it completely.

One RFC gives users control over what is valid while a different experimental draft intentionally takes it away.

Anyone can submit a poem about UFOs controlled by bigfoot to the IETF with only automated normative review simply by marking a document experimental. People who do this either mean it... they really want it to be an experiment in which case asking me about "Expect-CT" is premature at best OR they are actively seeking to bypass scrutiny associated with a standards track document.

Re:Firefox removes a CA while Google removes PKP

[WaffleMonster]

It's really gauche to accuse Google of doing anti-security things when they're single-handedly advancing the state of the art and have caught state actors breaking PKI.

It's not an accusation. It's a statement of fact. Google *IS* removing PKP and there is nothing available to replace it.

In fact that's the incident which led Google to invent HPKP in the first place, and they knew the problems with it at the time which is why they then went on to invent certificate transparency to replace it.

Here are actual facts:

1. HPKP *IS* a standards track RFC.

2. Expect-CT is NOT a standards track document. It's an experimental draft.

3. Other major browser vendors with notable exception of Microsoft have already implemented RFC "standard".

4. Google is UNILATERALLY abandoning PKP with no industry wide consensus on replacement.

5. Google has failed to offer evidence supporting a coherent technical justification for abandonment of PKP other than subjective nonsense... "It's too hard" and "hijacking risk" which is of course an inherently necessary property of any effective security latch of this type.

6. Section 4 of the draft openly admits to allowing state sponsored hijacking.

" Site operators could themselves only cure this situation by one of:
      reconfiguring their web server to transmit SCTs using the TLS
      extension defined in Section 6.5 of [I-D.ietf-trans-rfc6962-bis],
      obtaining a certificate from an alternative certificate authority"

HPKP on the other hand gives operators full control over what is valid without the possibility of third party override. Let me know when Expect-CT is able to achieve the same.

Re:Firefox removes a CA while Google removes PKP

[viperidaenz]

Supported by Blink and enabled by default in Chrome 61 and Opera 48. Mozilla has publicly voiced their support for it and are currently developing support for it.
https://www.chromestatus.com/f...

It stops any CA from mis-issuing a certificate without first publicly declaring so. They have to submit their certificate to a public log before they use it. They can't remove it from the log.

Re:Firefox removes a CA while Google removes PKP

[WaffleMonster]

It stops any CA from mis-issuing a certificate without first publicly declaring so. They have to submit their certificate to a public log before they use it. They can't remove it from the log.

PKP gives operators control over what CAs are considered valid by FORCE.

This is Expect-CT
https://www.youtube.com/watch?...

They are not the same things. Not even close.

Re:Firefox removes a CA while Google removes PKP

[viperidaenz]

PKP doesn't stop your CA from issuing another certificate to anyone else.
It also makes it hard to change CA's.

It also makes is possible for an attack to have long lasting impacts on your website. If someone gains access to your web server, they can install their own certificate and set the HPKP header to a large value. Everyone who now visits the website will be unable to access it using any other CA that what the attacker chose.

All it takes is one disgruntled employee.

It's a very easy to fuck up system with huge impacts for fucking up. And it still doesn't stop your regular CA (or back-up CA) from mis-issuing a certificate to someone else. All it stops is other CA's from doing so.

Re:Mozilla is awesome

[Calydor]

I'm sorry to break it to you, but your IQ was 50 before the name change too, as evidenced by the fact that you changed your name to Hognoxious Turkeydance Mightymartian.

Centralized trust is broken.

Centralized trust leads to the center of trust being co-opted by those who wish to centralize power. In so doing they break the trust. When they become untrustworthy the people try to organize using the tools they were told lead to equitable government at which point the armed police are sent in to restore law and order. Other governments condemn violence on 'both sides', those being hit and those doing the hitting, but implicitly condoning the action for fear of their own people getting the wrong message.

Re:Does it make sense to trust any key?

[Z00L00K]

The current system with the hierarchy where a single CA is the only one deemed trustworthy enough is broken since a long time. A new solution is necessary where cross-signing with multiple CAs on a single certificate is necessary to measure how trustworthy a certain certificate is.

Done correctly this would ensure that a single CA isn't able to hold the full key for signing either. This would of course require a completely different architecture in the trust structure.

In addition to this - the keys used to get authorized by a CA could be built redundant so even if one single CA expires your key the redundancy would keep it valid - this would lower the risk caused by CAs going bad, suffer an intrusion or going out of business - or just suffer a denial of service attack.

They made their cert *publically* untrustable

I am willing to bet all my money that the US gov has long had the same capability - just not said publicly, and just used by only CIA/NSA and nobody else.

Re: They made their cert *publically* untrustable

[guruevi]

The US state has little in the form of public CA authorities. I think Staat der Nederlanden was the first âoegovernment owned CAâ publicly trusted in browsers.

Re: They made their cert *publically* untrustable

[Reverend+Green]

Bluecoat Systems. Google it.

E-Government Massacre

So this is how electronic government services are killed -- not by a fierceness of a DDOS attack, but by conflicting values and goals in the global Internet.

Re:E-Government Massacre

[cstacy]

So this is how electronic government services are killed -- not by a fierceness of a DDOS attack, but by conflicting values and goals in the global Internet.

You forgot the thunderous applause.

What happened to the alternatives?

[jonwil]

There are a number of proposals out there for alternatives that would supplant or replace CAs as the root of trust on the web. Storing keys in DNS via DNSSEC and DANE for one .EFF Sovereign Keys proposal. And I swear there are others but I cant find any right now.

Right now we are in a situation where any one of who knows how many CAs can produce a valid certificate for a web site without the web site even knowing it (and can do so for any number of reasons including a rogue employee, a government or government agency forcing them to do it or a hacker compromising the system and stealing the keys as happened to another Dutch CA, DigiNotar)

Why has there been no interest in supporting these alternatives that eliminate the possibility of CAs producing bogus certificates?

Re:What happened to the alternatives?

why? money. power. control. whatever.

and of course keys should be in dns. all our keys.
DNS is the best system to manage identity and credibility that we have.
it should be used for people, aliases and of course sites.
it could be the only foolproofable integrated system we need/have.
which is why it won't happen.

any more questions?

Re: What happened to the alternatives?

[guruevi]

The issue comes down to trust. If someone controls your pipe, even DNSSEC wonâ(TM)t help.

If you use it, then you have to trust the root DNS servers, which are generally controlled by the U.N. and thus by extension the US/UK etc.

The system we have now allows you to at least selectively trust one or more CA and itâ(TM)s relatively easy to take the trust out, if you put it in DNS and the DNS goes rogue or is exploited, then you canâ(TM)t trust anything anymore.

What should happen is that CA advertise what domains theyâ(TM)re authoritative for (LetsEncrypt does it). If they sign out a domain thatâ(TM)s not on that list, the trust gets automatically revoked. In the case of this particular CA they could just say they are authoritative for *.gov.nl and that would fix this entire brouhaha.

Re:What happened to the alternatives?

[AHuxley]

Re "Why has there been no interest in supporting these alternatives that eliminate the possibility of ... bogus ...?"
The same reason why decades ago the world trusted the Data Encryption Standard.
Why the internet generation did not block/find/expose/stop/publish about/detect the gov/mil with PRISM https://en.wikipedia.org/wiki/...
The world wants a GUI and and easy internet from site the site.
The 5 eye gov/mil wants access to all consumer grade crypto to collect it all.
I hope this kind of gov decryption starts a new way of thinking about browser use and security for people not in the EU but who could be collected on by a random EU gov/mil due to a "trusted" browser globally.
Even some chart of unexpected/new cert use? If a not average gov cert gets used a lot more when a gov or police "activate" it?

Re: What happened to the alternatives?

Excuse me, but who told you the root DNS servers are controlled by the U.N.? This is blatantly false.

Re: What happened to the alternatives?

It's very easy to set your own rules about which DNSSEC keys to trust for any given domain. It would even be possible to set up a whole parallel signing system using lookaside.

What's Chrome doing in this case?

The real question should be, What is Chrome doing? Firefox's market share has dropped to the low single digits, making it essentially irrelevant. Chrome, on the other hand, is used by about 60% of web users. It's what Chrome does that really matters. If Chrome works with these certs but Firefox doesn't, then Firefox will appear to be broken as far as users are concerned. If Chrome blocks them, then Firefox will have no choice but to block them, too, otherwise it will appear to be insecure. Chrome determines how these certs should be handled, even for Firefox and the other browsers.

Islamization in action

Nothing to see here, this is just islamization in action. We want absolute freedom for Muslims world wide to settle in Europe and absolute freedom to let them create their own sharia state within Europe, so everyone has to give up their privacy and security to prevent non Muslims from being islamophobe and Muslims from killing others. What better way to allow absolute freedom of religion by taking away some freedom of speech and freedom of non-islamic thought? We must do everything that is possible to prevent Europeans from choosing a Trump like leader who isn't afraid to offend those poor Muslims. We want an inclusive, diverse and multicultural Europe where you don't have to be afraid to be offended by the speech of someone else! At least that is what the 5th colon and their political pamperers want us to want. Now with total surveillance of what news we consume and what we type online, the multicultural, inclusive and diverse utopia can no longer fail!

Re:Islamization in action

Hey anders, how did you get the internet in jail?

Vote Pirate Party

[tom.wieland]

This is why Dutch people should vote pirate party. The pirate party has been opposing these kind of regulations since it's inception, for good reasons. If they would get only one seat in the dutch house of parliament (tweede kamer) that would mean having the chance to be heard instead of years long silence in this digital age. Why would you let technology-scared people rule the future?

MOD PARENT UP

[mellon]

This is exactly right. If a browser trusts a signing authority, that authority can sign for any domain.

Re:Does it make sense to trust any key?

[mellon]

You don't need to split the key to do this, so this is actually not that hard. A simple matter of standardization... :)

Re:Does it make sense to trust any key?

[K.+S.+Kyosuke]

A new solution is necessary where cross-signing with multiple CAs on a single certificate is necessary to measure how trustworthy a certain certificate is.

That sounds awfully like PGP's web of trust. Which, come to think of it, isn't a bad idea.

Government = mafia cartel

Government is a criminal mafia enterprise masquerading as being in the public interest. You are forced to pay it for protection, when really it is government you most need protecting from.

Re: Government = mafia cartel

Found the 20-something libertarian.

Government is the only thing that can protect people from large monied interests. That is why those interests take over as much government as they can while also funding anti government think tanks. That is also why government that represents the people is something we must strive for always, because it is what the rich fear.

Government often doesn't work in the public interest, but it can be made to. Corporations only work in the public interest when it suits them, and they can only be forced to do so by proper government. They will never do it on their own.

This is why I laugh at libertarians. They want us to unilaterally disarm ourselves against the greatest threats to our lives and freedom--corporations and the rich.

Re: Government = mafia cartel

[Maritz]

Libertarians; they just can't wait to stick a quarter into a toll booth on a coca-cola sponsored sidewalk, and scrape the dung off a nice, juicy steak.

Trust and encryption almost require each other

[raymorris]

> One of the issues I see is that there is a difference between trust and encryption, but the average user may not make the distinction.

There actually isn't much difference, in use cases TLS is normally used for. Or more specifically, you can't usefully have one without setting up the other. To have useful encryption you must identify the other party, and to trust their identity you must have, at minimum, cryptographic signatures of the your personal challenge key with server's key and the data (at which point enciphering the data comes almost for free).

Suppose you wish to have encryption, without trusted authentication of identity. You want the connection between your browser and your bank to be encrypted (not readable by anyone else), without ever ensuring that you're talking to the bank's server. You'll end up with an encrypted connection between you and the bad guy. You think your browser is talking to the bank's server, but it's really talking to the bad guy's server. Given that the whole point is to prevent the bad guy from reading exchange, setting up an encrypted connection to the bad guy is effectively the same as no encryption at all. The bad guy can read the data.

Suppose you want identity (confirm the message was actually sent to you from the bank). You must ensure that no man-in-middle has changed the message along the way, or the message you receive is no longer the message from the bank, but instead a message from hacker. The message must therefore include at least a cryptographic signature on the bank's public key and your challenge bytes (for replay prevention). While not exactly encryption per-se, that's 90% of the way to encryption.

So encryption and trust of identity are very closely linked. Useful encryption requires trusted identity. In special cases you can theoretically use null encryption to throw away the encryption and maintain only identity, but at that point you already have everything you need for encryption and you haven't made anything easier.

Brave

Brave is going to take a big chunk out of both Chrome and Firefox once it exits desktop beta.

Re:Brave

That would be the browser made by the guy who is competing with Trump over the title for "biggest asshole"?

Domain hijacking

https://www.icann.org/news/blog/documentation-is-key-to-recovering-hijacked-domain-names

Asking whether to trust CAs or domain registrars to guarantee that you are connecting to the site you think you are, is like asking whether to trust Hillary or Donald on their promises to help the middle class (as defined outside Manhattan).

sslsniff newbie juice

[epine]

This is only tangentially related, but it needs to be reposted at least once a year.

BlackHat USA 2011: SSL And The Future Of Authenticity — Moxie Marlinspike

Hilarious Comodo story begins around 5 m mark.

Slide at 10:48 has only become funnier in the meantime.

Everyone does this

Sorry, have to post this as AC. I can assure you that all governments (including the one in *your* country, whatever your country may be) actively do the same thing all the time. Every one of the big cert issuers is fully cooperating with their respective government. Dutch are being somewhat naively honest here.

Block Them From the Internet

The Internet does not need this country. Block them from access.

Nice project idea

What we need is someone to make a nice project that does deep packet inspection looking for TLS packets and alerts any certificate is found that leads back to a list of dodgy CAs. In the case of the Dutch government they only sign government sites so you should very rarely encounter a certificate signed by them. The alerting of course should not use services outside of your own network.

This project could be expanded by building a database of certificate signatures to all your commonly used sites. If the chain should suddenly change, you could also be alerted. But if firefox don't remove the CA start with the simple case and just alert wheneven the Dutch government CA is being used to certify a connection. Could also make it automatically kill the connection if found.

One problem with the Dutch increasing their surveillance on the citizens is that they are not simultaneously increasing the government's own accountability. The Dutch government is notoriously unaccountable for their actions for a country presents itself as civilised. Even for very unimportant things and at local level if they government is involved in shady practises they have numerous mechanisms for screwing the civilian by being unaccountable for their actions. The government has written into law that they do not have to handle a complaint about anything if the incident occurred more than a year ago, which is almost all the time. The onbudsman is anything but impartial and has no interest at all in investigating any complaints, particularly the sort of complaints that need really need dealing with, and they also have a rule that you can't switch them in unless you have already complained directly to the part of the government that may be screwing you. And the freedom of information act is regularly countered even out of trivial objections from the government. In short, it's shocking just how ineffective Dutch citizens in calling in government accountability. Most Dutch people don't realise how lacking in integrity their government can be until they actually come to test it.

The Dutch people should group together and start another referendum to change the law to try and improve the accountability of the Dutch government to go hand in hand with the increase of surveillance on their own citizens.

Hypocrites...

[SuperDre]

If they remove the dutch CA, then they should also remove every american CA as they have the same duty to obey to create certificates if an US government agency asks them to (and in most cases aren't even able to talk about it).. So blocking the dutch CA is only a very hypocritical move if they don't do it with other CA's.

Re:Mozilla is awesome

[Wootery]

But you're still Anonymous Coward to your friends, right?

Re:Mozilla is awesome

[Maritz]

You're one desperately sad fucker.

Very few people will notice this...

[zifn4b]

because: http://gs.statcounter.com/brow...

It worked for ancient Roms, Greeks, and 1930s Germ

[Impy+the+Impiuos+Imp]

Thank god the Dutch have no living experience with a mass-murdering dictatorship that would abuse such power to maintain its power, and the last time they did was so distantly remote in the past that they can so rest assured of it never happening again that they can hand over such power for prosaic crimes and never fear a loss of freedom again!