IE is killing it too, and, as this post points out, so is Mozilla.
Sign a Google Mail certificate for Iran? Fuck you. You're done.
In the medium term, I think a lot of HN people should also take a hard look at CONVERGENCE.IO. For now, though, it's heartening to see the real power behind Internet trust (hint: it's not Verisign and it's not the IETF) taking this seriously.
IMHO, just blacklisting these resellers is worthless as there is obviously not enough oversight over who can be a reselling CA.
This is the third time this year that a Comodo reseller has been breached. Comodo should scrutinize their customers better or THEY should get blacklisted (taking all their other resellers with them) at least until they made sure that their clients have all resolved their security issues
It's heartening but it's also not. Surely there have been many other cases of invalid certs being granted for lower profile sites, perhaps by this very same CA, without any of us ever hearing about it. And surely the granter of one of those is still considered valid within many browser/OS configurations. But because this was an invalid Google cert the CA gets shut down.
It kind of highlights the difficult problem of when to decide to blacklist a CA in the current model.
And for clarity, who/what do you think is the real power behind Internet trust? I've been thinking about it for five minutes and can't come up with a good answer.
And OS vendors. And whoever configures the computer. You buy a computer that was made in China, and it has root certs already in there (thanks to either Microsoft or Apple, or the shop who sold it, or the guys who assembled it - who knows?). Chome / Safari uses the system certs. All good, right?
who/what do you think is the real power behind Internet trust
Nobody, it's all fiat. Verisign started this scam and we're just seeing the follow-on effects. There has never been anything more than the words and policies supporting the CA industry.
Either the CA was complicit, or they weren't secure. Regardless of which it is, the CA's root certificate is not trustworthy.
If they were hacked into, spoofed into giving out a certificate, or raided by special forces and had data physically stolen from their servers, then perhaps they can generate a new key and have that become trusted once they've taken steps to ensure something like this doesn't happen again.
But there's no way anyone can trust their old root key anymore.
Really? If Chrome's had updates pushed to it recently, how do I know that my browser itself, as installed on my filesystem, isn't now innately subverted by the Iranian government? (Note the domain in question in this particular case.)
I don't know about Chrome's update process, but they can simply have their own verification without root certificates (i.e. just like what most Mac software with Sparkle updater do: keep a public key inside the app, and verify the signature of updates).
The auto-update process should be far more secure than SSL certificates. They'll have keys in the current Chrome which it'll use to check any updates are legitimate before they get unpacked/installed.
Just incredible: They were hacked and they knew it, then forgot to clean up a certificate the hackers generated.
On July 19th 2011, DigiNotar detected an intrusion into
its Certificate Authority (CA) infrastructure, which
resulted in the fraudulent issuance of public key
certificate requests for a number of domains, including
Google.com.
Once it detected the intrusion, DigiNotar has acted in
accordance with all relevant rules and procedures.
At that time, an external security audit concluded that
all fraudulently issued certificates were revoked.
Recently, it was discovered that at least one fraudulent
certificate had not been revoked at the time. After
being notified by Dutch government organization Govcert,
DigiNotar took immediate action and revoked the
fraudulent certificate.
The attack was targeted solely at DigiNotar's Certificate
Authority infrastructure for issuing SSL and EVSSL
certificates. No other certificate types were issued or
compromised. DigiNotar stresses the fact that the vast
majority of its business, including his Dutch government
business (PKIOverheid) was completely unaffected by the
attack.
FF nightly builds also block the PKIOverheid CA which signs the certificates for key Dutch government websites and services (DigiD). Mozilla is going to have a fun time with Dutch users/Dutch Government/DigiNotar
Do we really need all those Certificate Authorities that are trusted by the browser? I remember 10 years ago Verisign would spend time verifying a business digging through legal documents, addresses, company officers, notarized docs, etc. Nowadays I'm supposed to trust a bunch of fly-by-night operations issuing certificates for a dollar and a song.
You're building a new startup in (whatever) Bulgaria. Funds are low, but you want to protect your users by using TLS/SSL. That's easy today, but your 'Think of the good old days' line is kind of killing that option. I know that in my early 'put something on the net' days I didn't pay for a certificate because it was just too expensive.
Nevermind that the process you seem to expect doesn't scale internationally and that I seriously dislike the US centric bias anyway (too much power in one country, without the privacy laws I consider basic standard).
What we need, I think, is for browsers to display the CA as well as the URL. As in, 'DigiNotar certifies that you are connected to gmail'. This won't wholly solve the problem, but it will a) broaden the knowledge that CA's actually exist, and thus the problem of trusting them and b) provide some reputational disincentive to being a bad CA.
Unfortunately chrome seems to be headed in the opposite direction, removing the URL bar.
There are lots of people between 'a HN reader' and 'your grandmother'.
There will always be people who don't understand what a CA is; but the more people who do, the more pressure there will be for them to do their job correctly.
Also, they don't need to understand the technical details. If every time they go to their bank it says 'connection to your bank certified by verisign', and then one day it says 'certified by <someone else>', then a cautious person will be suspicious, even if they are completely nontechnical.
There are much better ways to notify users than trying to convince them of the value of monitoring their bank's CA. The browser could simply keep track of the cert and notify the user if it changes unexpectedly. This doesn't require the user to understand anything new, and it still works in the case that the fraudulent cert is signed by Verisign.
It's a shame that the only real protection against rogue (or compromised) CAs is still to have a whitelist directly in the browser.
For Google, this was easy as they control both their domains and their browser, but for everybody else who isn't maintaining a browser, they'd have to fall back to solutions like STS which, don't work if the first connection a user sees is already man-in-the-middle'd
I get redirected to http after clicking on the first link, just like you did, but when I visit the URL you posted in Chrome (on OS X), I'm able to view the encrypted page without a warning.
I changed the settings in Keychain Access hours ago.
I got the same result. For some reason Chrome trusts intermediate certificate even if the root certificate is marked as untrusted. Screenshot: http://i.imgur.com/qW6V3.png (Chrome 14.0.835.109 beta)
Lock with the warning icon is here because "Unable to check whether the certificate has been revoked."
Maybe their intermediate is signed by some other root CA?
Wow, the security features Chrome used to nullify the attack were just implemented in June. I wonder if that was a reaction to another incident like this, or if it was just good foresight?
They ship one of the Big 4 browsers and run the Internet's most popular mail server (and thus biggest TLS target). They're uniquely poised to do things like this.
> In addition in Chromium 13, only a very small subset of CAs have the authority to vouch for Gmail (and the Google Accounts login page). This can protect against recent incidents[1][2] where a CA has its authority abused, and generally protects against the proliferation of signing authority.
This isn't the first time something like this has happened. I don't know if they did it in response to any one particular incident, but they have every reason in the world to implement something like that.
It was easily noticeable thanks to Chrome not trusting it in the first place (which also would have prevented spoofing the download server, though I suspect there's more to protect that than just a key).
The (partial) solution to this problem is very well known and is already implemented by SSH and several other packages that rely on public cryptography:
1) When user visits a new site, the certificate is presented to the user for inspection.
2) On subsequent visits, the site's certificate is compared to the one stored in the browser cache. If they are the same, then the connection is made silently. If there is difference, then the new cert is presented to the user for inspection.
The only problem is that this would kill user experience for 99% of the users who don't care about security in the first place. Thus, browsers need to do some clever UI tricks (e.g. color the thingy in url bar in a different color, etc.) to indicate potential problem to the user yet make it less intrusive.
The bottom line is that the fault is not on the SSL/x509. This infrastructure is not perfect but there is nothing better even in the design. The fault is on the browser developers who are not trying to protect users.
Anyone know a way to remove DigiNotar as a system root CA in OS X? I spent a few minutes struggling with Keychain to no avail, and couldn't Google my way to useful help.
I have un-trusted the Chinese CNNIC two operating system versions ago (10.5), and it is still set to the same setting. This seems less fragile than deleting the cert to me.
What's to keep an OS upgrade from restoring the certificate?
A system or user-maintained blacklist seems like a more tenable solution. You don't want to delete the cert, you want to hang a scarlet letter on it. Oh, and not trust it for anything (or better, use it to blacklist any site that attempts to use it).
At least for me there's no such choice as delete in the System Roots keychain.
The only thing I can do is to set it to "never trust" and still Chrome/Safari show it as trusted: http://imgur.com/NcUYf
This seems like a very expensive, targeted, specific attack. The perpetrators will likely succeed (or have already succeeded) at breaking into their intended target.
Someone high-profile in Iran is probably going to get screwed as a result.
I don't know how the CA in question works, but for many CAs it's sufficient to be able to receive mails at the postmaster address of the domain in order to receive a certificate.
So basically you only need to find a single CA that uses this techniques and which uses a DNS server vulnerable to cache poisoning. Probing all of the CAs may be a little bit of an effort, but it's something even a single individual could manage. I would not find it suprising if this was the technique applied in that case.
I really wish Chrome would warn me when a site jumps to a new CA or even a new certificate. Last I checked, details on the current certificate wasn't made available to plugins, so I can't easily write it myself.
For somebody else to pretend to be then, in this case, they need their private key. As a CA, you can't have your private key leaked and then still be trusted by a browser.
Or they issued the *.google.com certificate by accident, but if you accidentally issue a certificate as a CA, you can't be trusted by a browser either.
They're being revoked in Firefox and IE too. Their certs are hopefully going to be worthless soon. The ONE THING you ask a CA to do is NOT LET ITS PRIVATE KEY BE USED FOR EVIL. ONE THING.
The only way this attack would have worked is if DigiNotar's private key, whose public key is included in the major CA whitelist in major browsers, signed the domain. So either they did it, or somebody stole their private key. Either way it is very much their responsibility.
Sign a Google Mail certificate for Iran? Fuck you. You're done.
In the medium term, I think a lot of HN people should also take a hard look at CONVERGENCE.IO. For now, though, it's heartening to see the real power behind Internet trust (hint: it's not Verisign and it's not the IETF) taking this seriously.