Slashdot Mirror
Starting Today, Google Chrome Will Show Warnings for Non-Logged SSL Certificates (bleepingcomputer.com)
Starting today, Google Chrome will show a full-page warning whenever users are accessing an HTTPS website that's using an SSL certificate that has not been logged in a public Certificate Transparency (CT) log. From a report: By doing so, Chrome becomes the first browser to implement support for the Certificate Transparency Log Policy. Other browser makers have also agreed to support this mechanism in the future, albeit they have not provided more details. This new policy was first proposed by Google engineers in 2016, and was scheduled to enter into effect in October 2017, but was later delayed for 2018.
You'll need an SPF record ... oh, and DKIM ... oh yeah, and DMARC ...
So how is this going to be implemented? Every SSL cert is going to be sent to Google for "verification" or is the CT log going to be local and the browser will just search it every time?
No, we need warnings for certificates that aren't trusted. Otherwise SSL does nothing to prevent man-in-the-middle attacks.
What would be ideal is to support secure DNS with certificates in the DNS. Then you know you have the right certificate and don't need any certificate authorities at all. Of course, you have to trust the secure DNS. so it's just pushing the trust problem down the road.
No, we need warnings for certificates that aren't trusted. Otherwise SSL does nothing to prevent man-in-the-middle attacks.
But without a fully qualified domain name, CAs shall not issue a trusted certificate. So we also need a reliable way to provide trustable names for devices on a non-technical users' home network that have a web-based administration interface, such as a modem, router, printer, or NAS.
What would be ideal is to support secure DNS with certificates in the DNS.
I agree that DANE would be ideal. But DANE relies on DNSSEC, which has faced practical problems that hinder adoption. Before about a year and a half ago, DNSSEC's root zone key was too short (1024 bit RSA) for browsers to accept as part of a certificate chain. And many domain name registrars bundle zone hosting with a domain, but a lot of these (such as GoDaddy) have charged more for zone hosting with DNSSEC than for zone hosting without DNSSEC.
This seems more and more like an effort to compel website owner/operators to buy into the SSL certificate scheme.
Revenue.
deleting the extra space after periods so i can stay relevant, yeah.
internal apps / ipmi / other things that are not online don't need real certs much less running let's LetsEncrypt with ports open so that runs.
If they did care about the end user's security, they wouldn't make stupid changes like not trusting end-user / admin installed CA certs by default.
Chrome opts in through its network security config file, and Firefox has its own TLS engine. So this affects mostly native apps that use Android's TLS engine.
Since when does removing / forbidding the user's input on trust somehow boost their security?!?!?
Malware has in the past added certificates as a means of intercepting apps' traffic. So have governments.
A lot of people, including myself use LetsEncrypt on a CPanel based hosting account to generate certs for a website.
Are those local, self-signed certificates or something that is registered somewhere? I'd never really paid attention since it just worked and was one less thing to deal with.
Since it's not retroactive there is no problem now, but wondering what will happen when I generate new certs going forward.
You don't understand what the certificate is for. It is not the about the half page of data. It is about is the Corporation ABC LTD that is asking for certificate really Corporation ABC. This is because ultimately on the browser side you only see mapping between a certificate and domain name. But the CAs are separate from domain registries, and while domain registries guarantee uniqueness of the domain name, the CAs do not guarantee uniqueness of a certificate.
With Let's Decrypt any compromise of DNS registration, routing or similar can result in legitimately looking certificate being issued to an illegitimate actor. Having both EV and DV does not work, or rather, in order to know if there is an EV cert, while you are seeing DV served to you, you need another system - this is where CT comes into play.
IMO all certificates should be EV in the current internet if we want security.
All certificates being DV (and no EV at all) is also feasible is we don't have CAs as separate entries from domain registries.
But the current situation - Let's decrypt being able to issue a DV for any EV issued domain, is completely wrong.
All websites with a fully qualified domain name qualify for a domain-validated certificate without charge from Let's Encrypt. Every certificate that Let's Encrypt issues is logged in CT.
A lot of people, including myself use LetsEncrypt on a CPanel based hosting account to generate certs for a website.
Are those local, self-signed certificates or something that is registered somewhere?
You could answer that question with five seconds on a search engine. Google Search for let's encrypt certificate transparency produces, as its first result, a document stating the following: "We submit all certificates to Certificate Transparency logs as we issue them."
In answer to your subject, from https://letsencrypt.org/certif...:
So LetsEncrypt certs will work fine with Chrome.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
IMO all certificates should be EV in the current internet if we want security.
I thought EV certificates were available only to corporations or LLCs, not to individuals. If someone puts up a site to show her personal portfolio, would you prefer to require her to incorporate first?
But the current situation - Let's decrypt being able to issue a DV for any EV issued domain, is completely wrong.
That's what certificate authority authorization (CAA) records are for. If a domain owner publishes a CAA record that doesn't include Let's Encrypt, Let's Encrypt will not issue a certificate for that domain.
Ctrl-F "letsencrypt" Worries eased.
Certificate authorities are entities that grant certificates. If certs were passed with DNS, a CA would still be needed, even if it's just the DNS server itself.
Of course then the CA could not be airgapped, and the system as a whole would be more interesting to attackers and have a much larger attack surface.
Right now there are warnings for certificates that are not trusted. If they do not have a path to a root of trust there is a warning. If they have been revoked there is a warning. If they are self-signed there is a warning.
This logging system, it does not appear to provide any new services of meaningful value aside from making moderate-knowledgeable people more able to understand a cert and query it's nature. Sounds good but who decides what constitutes a threat? The cert logging policy website indicates CA certificates are strange. They are not. They are mandatory for trust. Apparently the people who made this logging feature get to decide what is and is not a concern to the rest of us, without accepting the fundamental nature of PKI as being strange.
I think the parent of your comment was saying we need the current system. Given that the GP's goals are pure fantasy.
Why do home devices need to have trusted SSL certs?
Because Service Workers and several other web platform APIs are restricted to secure contexts per W3C's spec. For example, a browser may restrict the Fullscreen API or Presentation API to secure contexts as a mitigation against phishing by replicating the chrome of the operating system and web browser. In such a browser, the web interface of a NAS on which video is stored will not be able to present the video in the full screen.
Great, another thing to add to my checklist. All "letsencrypt" root CA certs must be checked for and removed, if present, before logging onto an SSL site.
Perhaps, on the other hand, without letsencrypt most of us would not have websites. The poor people of the world would be completely cut off from having their own website, that was not the dream of the internet.
We cannot be putting restrictions that cut off chunks of the population because they do not meet our criteria, the internet and having your own website should be free and open to all.
In the bad old days you could only get an SSL certificate if you were incorporated, provided your contact phone number, real name, address, and pay a hefty sum of money. This was completely unacceptable and went entirely against the whole point of the internet. With letsencrypt the playing field has been leveled and this is a good thing and it is keeping the internet operational in the hands of the people.
Honestly though I am still of the opinion that we should completely eradicate centralized certificate authorities. The certificates should be there to provide encryption which they do whether they come from an authority or not. We should allow free self signed certificates with no warnings. I should not have to link myself up to some 3rd party of any kind to operate my website.
Just to get a ballpark figure to guide further discussion of your opinion on Let's Encrypt: How much do you think someone ought to have to pay per year in order to host a personal portfolio site?
Let's Encrypt certificates are issued under an intermediate that has always been cross-signed by IdenTrust, an older and more established CA.
What doesn't make sense is [appliances on LANs] using https with default certificates just to tick of the "it's secure" checkbox.
That's partly a reaction to browser implementation of Secure Contexts, a W3C spec that reserves certain web APIs for HTTPS sites.
Like a standard cert from someone else requires anything beyond rudimentary photochop skills?
Pinning would do a LOT more for security than the CAs ever have, but since that doesn't present any exciting new business opportunities, it remains unimplemented.
We should allow free self signed certificates with no warnings. I should not have to link myself up to some 3rd party of any kind to operate my website.
Under your proposal, what distinguishes the self-signed certificate that you generated for your domain from the self-signed certificate that the operator of an intercepting proxy (a "man in the middle") generated for your domain, particularly on a client's first visit?
CAA records are useless when I hijack the DNS in the first place.
I'm interested to see how you plan to hijack the DNS in a way that evades the following three defenses:
Breadth of hijacking At what point would you hijack the DNS? A domain-validating certificate authority queries DNS through several Internet routes. How had you planned to hijack them all, especially if the domain's authoritative DNS servers are on differentIMO all certificates should be EV in the current internet if we want security.
Every house should be made of solid steel and have no windows either. But total security is impractical and also quite pointless. I don't care about some random hacker taking over all of Slashdot via a sophisticated attack in order to read some user comments. That doesn't however mean I want to blast those comments back and forth across the airwaves in plain text at an internet cafe.
There are solutions in between Fort Knox and having a house made entirely of paper, and there are needs for those solutions too.
LetsEncrypt is literally the worst thing to happen to Security on the internet. Its theater and its dangerous.
Oh? Please expand on your reasoning. What makes Lets Encrypt any worse than any other DV issuer? When you're done answering I'll tell you why they are a damn sight better than most.
If you're a betting man let's make a bet. I could do with some very easy money.
Cool I win. I see the green "Secure" symbol at the top of the screen. Oh wait you didn't realise Slashdot has a DV certificate from Lets Encrypt did you... You're funny.
Maybe you should do it now. Please. And make sure you change your settings so you can't override and then accept an untrusted certificate
Come post on your reply here on Slashdot when you're done.
Let me try to rephrase how I understood DarkOx's comment:
Issuing TLS certificates based on domain validation, not organization validation, is literally the worst thing to happen to security on the internet. It's theater and it's dangerous.
I run a small operation and usually try to find the $50 SSL certificate so I can keep going for another year. What does this mean for me?
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
When you say this affects native apps that use Android's TLS engine... well, how does that help the enterprise which has users using Android devices?
I don't see how your response helps sites that use an internal CA, which is a perfectly legitimate activity.
There are all kinds of places where it's completely unnecessary to pay extortion for a global certificate, yet it's mandatory to have encryption (and mutual validation) to protect sensitive traffic flying around on the corporate WAN. Enterprises also have the right to keep their internal CA's certificates off the open internet -- where does it make sense to provide Google with every hostname in your WAN? What right do they have to the information? They have none..
Preventing an enterprise from implementing sane, industry-accepted practices is asinine. Admins have every right to install and set trust for internal certificate authorities.
If anything, I fault Google (and other browser makers) for hiding certificate information - all a user gets without having to go into developer mode is a green padlock and "secure".
-- Sometimes you have to turn the lights off in order to see.
But I understand the GGPs frustration. As a networking consultant, I am having to clickthough self signed certs all day. If there was a good browser that I could globally allow self signed certs, I would switch in a heartbeat! The cure is worse then the disease for me.
You don't understand what the certificate is for. It is not the about the half page of data. It is about is the Corporation ABC LTD that is asking for certificate really Corporation ABC.
Really? I thought it was for encrypting passwords to networking devices so they were not sent in clear text. At least that is what i use them for most of the time. And my self signed certs send my browser into fits of impropriety!
But like DarkOx I am asking you to explain your reasoning. DV certificates identify the machine on the other end for the purposes of creating an encrypted channel. So explain why its so bad?
Is SSH nothing more than security theater and we should all either fork out $600 for EV certificates on our servers or just settle with Telnet as well?
Typically the people who say DVs are theater are those who don't understand the purpose of DVs.
And [a personal portfolio site] doesn't need to be encrypted
Let's say a web developer's portfolio site contains demonstrations of web applications, and the users of these web application can create accounts. Without encryption, how should the web developer protect the passwords and session tokens of the users of the web application from interception when exhibiting this application to the public?
Let's say a web developer's portfolio site contains demonstrations of web applications, one of which uses Service Workers or another web API that has been restricted to secure contexts. Without encryption, how should the web developer exhibit this application to the public?
This logging system, it does not appear to provide any new services of meaningful value aside from making moderate-knowledgeable people more able to understand a cert and query it's nature.
The point of the Certificate Transparency logging system is to make it extremely difficult for any CAs to get away with quietly issuing extra certificates for your domains to state actors and others to enable them to carry out MitM attacks. Since any CA can issue certificates for any domain, this is a real threat which undermines confidence in the entire CA system; it's only as strong as its weakest link. With browsers enforcing CT logging this attack is no longer possible; the certificates will not be accepted unless they are first made public, and any CA that issued such certificates openly would immediately lose its trusted status and be finished as a CA.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
I think it's more a reaction to browsers popping up security warnings on all non-HTTPS sites.
On the one hand, getting public websites to use HTTPS is almost inarguably a good thing. On the other hand, getting intranets to use HTTPS is nearly useless, and getting mDNS devices to use HTTPS is impossible. That last one is going to be a real problem, and I'm really not sure how the industry is going to solve it. The only way I can think of would be to:
Either way, I'm pretty sure it can't be done practically without making some sort of changes to the standards themselves. That said, I can't be certain of that, because contrary to security best practices, the people who designed the X.509 specification will not make the specification available to security researchers unless they pay $130. So I can only speculate on what the standards say. Aren't standards grand?
Check out my sci-fi/humor trilogy at PatriotsBooks.
how does that help the enterprise which has users using Android devices?
I don't see how your response helps sites that use an internal CA, which is a perfectly legitimate activity.
If they're websites, they'd be viewed using either Chrome, whose network security config allows use of user-installed certificates, or Firefox, which has its own TLS engine that also allows use of user-installed certificates. If they're not "sites" but native apps distributed as free software that access an internal HTTPS server's REST API, then the business can download each application's source code from the repository linked on F-Droid and rebuild the APK with a network security config referring to a pinned copy of the internal certificate.
DV certificates identify the machine on the other end for the purposes of creating an encrypted channel. So explain why its so bad?
Consider this: bankofarnerica.com has an "RN" in it, but it's hard for especially non-technical users to see. Homoglyphs like this can be and have been used in phishing attacks. Under domain validation, what prevents widespread typosquatting the way organization validation can?
Using a DNS entry as a root of trust will work once DNSSEC support becomes a standard feature in the zone hosting that major domain name registrars bundle with registration. Until that comes to pass, anyone with power to spoof DNS can also spoof your certificate.
Sometimes, not protecting against a MITM attack is fine and I don't need to worry about preventing it. Examples include "being on a LAN and accessing something that is required to be behind https by W3C standards" or "local development of secure services before they're uploaded to test".
Your ad here. Ask me how!
Unless Let's Encrypt has changed their policy since I started using them, a certificate has to have an FDQN that's routable on the open internet, and they verify the host(s) are listening on port 443 at least once during the creation or renewal process.
That is true of the http-01 challenge (though the port is 80). But instead of the http-01 challenge, you can use the dns-01 challenge, which requires a FQDN that's routable on the open Internet and listening on port 53. The machine involved need not be on your private network.
Let's Encrypt won't issue or renew certs for anybody's internal networks
Yes it will. Here's the overall procedure to obtain a certificate from Let's Encrypt or another ACME CA using the dns-01 challenge:
1. Buy a domain, preferably from a registrar whose bundled zone hosting has an API supported by an ACME client's.
2. Set up zone hosting for that domain on the public Internet.
3. Using your ACME client, begin a dns-01 challenge with the CA.
4. Post the response to this challenge as TXT records in your domain. Your ACME client may be able to perform this step automatically if your zone host's API is supported.
5. Using your ACME client, notify the CA that the response is ready, and retrieve your certificates.
In step 5, Let's Encrypt will contact your zone host through several routes on the open Internet. Nobody will attempt to connect to your internal network.
Just having your data "encrypted" is not good enough...
You need to ensure that not only is your data encrypted, but that only the intended recipient has the decryption key. That's where certificates come in, to verify the remote peer.
Without certificates or some form of pre shared keys, anyone can sit in the middle and establish an encrypted connection to you, then create a separate encrypted connection to the target you were intending to connect to and watch all the traffic as it gets decrypted by the attacker's machine and then re-encrypted for onward transmission.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
how hard would it be for them to work a command line flag like -gov to not log the certificate they are forging?
Not hard at all, but it doesn't matter since browsers won't accept the certificate if it isn't in the log. That's the point of making CT logging mandatory.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
Nope. Keys are for encryption. Keys wrapped and bound to identity are called certificate. Gutting what the certificate meant, just to get to keys, is extremely stupid.
Good catch as I didn't know slashdot.org actually use Let's Encrypt SSL service. Figured it's a commercial website would use something like GoDaddy to provide high level of trust.
Figured it's a commercial website would use something like GoDaddy to provide high level of trust.
Are you aiming for a +5 Funny? Because That's how you get a +5 Funny. I hope mods are watching :)
This is not retroactive, meaning SSL certificates that were issued prior to May 1, 2018, will continue to work without warnings, even if they are not in a public CT log.
From TFA: The new CT policy is not retroactive. This means that older certs issued before today that have not been recorded in a CT log will continue to work. But if a CA has issued a new SSL cert starting today and has not recorded it in a public CT log, Chrome will show an error.
For those who use self signed certs for whatever reason (I do for some things), simply turn the clock back prior to May 1, 2018 and issue a new cert that has a long expiration date (say 2+ years). Until they make this retroactive, those certs will not generate an error.
Lets Encrypt and other free services are fairly easy to use, but may not work well with internal-only domains, as they do verification via having you either add a specific DNS entry or a web page on the site's web server, and you have to renew it every 90 days (Lets Encrypt issues SSL certs for a 90-day validity period, others may have a longer validity period).
I don't use chrome but I do some testing with it every once in a while.
All of these security bullshit droppings in chrome is going to cause error fatigue for problems that are either not problems at all or worthless to most users.
All kinds of shit get errors that only appear in chrome. Certs that have a CN but not SAN are flagged only in Chrome for no sane reason.
Well known sites like https://www.kernel.org/ are flagged as insecure. Again only in chrome.
All resources protected by internal/corporate CA's I assume will now be flagged because none of them participate in log transparency.
I don't have a problem with CT if deployed properly /w user controls and privacy to avoid CT being another excuse for data leakage with widespread coordination and agreement among all stakeholders. But that isn't what happened here. Specifically:
Only Google requiring it with not much in the way of industry buy in.
RFC6962 is an experimental RFC not a standards track document.
Chrome requiring Google CT servers is over the top abuse of power.
I'll admit I don't know the technical specs, but it sounds like a solid solution. I would like to hear if anyone knows if there's a technical reason for not moving forward with it, or if it's just money and politics.
something like GoDaddy to provide high level of trust
I turned my head just in time. So now I have a mess to wipe up, but don't need a new keyboard. It was a near thing.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
And if they’re apps that are not open source, and it accesses the internal HTTPS server’s REST API (with an internal CA Certificate)?
For example, an enterprise install of HipChat, with users using Atlassian’s HipChat for Andoid?
It sounds like the App will be broken, and users will have to use the web interface (and not get things like notifications).
-- Sometimes you have to turn the lights off in order to see.
And if they’re apps that are not open source
Develop, or fund the development of, a free replacement for said non-free app. Or file a support ticket with the application's publisher to whitelist your company's internal server's certificate in a customized build of the application for your company.
Nice to see that you can view the certificate details by clicking on the "Secure" icon in the address-bar again. It was insane when they hid that under Developer Tools so you had to jump through hoops to check why a site was showing up as Insecure.
In other words, a giant "F U" to enterprises that use internal CA's: Google is breaking working applications, and giving no solution that doesn't cost a significant investment of time and effort.
Got it.
-- Sometimes you have to turn the lights off in order to see.
WTH Why is this even needed. SSL Certificates are just that, a certificate. From trusted source. So why do we even need this.
Are you really sure this certificate is ok?
Misunderstood. Never heard of LetsEncrypt before, and it sounded, from the parent of the post I replied to, like LetsEncrypt was not verifying against actual public domains. Ie. Essentially blindly trusting all self-signed certs rendering the purpose of a Root CA ineffective. Given that another verification methodology was mentioned, and most of the context here seemed to be pushing LetsEncrypt for home devices and such, which would not normally be matched with public registered domains, I misunderstood.
In reviewing the certificate chain for Slashdot, Let's Encrypt is an intermediate authority, and not a root CA.
I will step back and reassess the situation with the appropriate information.
Yeah I can provide you a bit of information. Lets Encrypt is a project that provides free SSL DV certificates. It's a CA that is cross signed by IdenTrust (giving it support in all usual systems), but also has it's own root which isn't widely used.
A lot of the flack Lets Encrypt gets comes from a few silly misconceptions:
1) They are free. Free means no people involved. Therefore it must be bad because where is the trust right?
2) They only issue DVs. CAs that only issue DVs can't be trusted because they aren't doing all the necessary checks right?
3) I was able to get a DV without sending through my passport or other ID, therefore they aren't doing the checks right?
4) Lets Encrypt gives you certificates in seconds, so it can't be through right?
All three of those basically come down to a misconception of what DV proves: That a machine actually controls content on a domain. Nothing more. Lets Encrypt achieves this free of charge through automated scripting. If you want a certificate for you host, the script works with the Lets Encrypt API through a challenge and response type exercise proving that the host the script is running on is able to modify a specific file in a specific folder associated with the domain that is having the DV issued. The certificates are only valid for 3 months at a time.
They do something similar with a wildcard certificate but rather than modifying just a file being served up by the host it also needs to modify a DNS record to prove the machine controls the entire domain.
Some people say that without humans in the process it's not a good verification. I say that because there are no humans in the process it's not a good verification.
Though one legitimate criticism is that this process is vulnerable to hacking in that if you can take control of routing you can pretend to be the domain owner for the purposes of fraudulently obtaining a certificate. My response to that is that DV certificates are like the door lock to your house and not a bank vault. Just like your house is susceptible to a brick through the window doesn't mean door locks don't serve a purpose, and if you have a bank vault maybe a DV certificate is not for you.