Stories with Tag Web Security

• How to distrust a CA without any certificate errors

  permalink

  Posted: 2025-03-06 22:28:01

  Verbose tl;dr

  This blog post explores how a Certificate Authority (CA) could maliciously issue a certificate with a valid signature but an impossibly distant expiration date, far beyond the CA's own validity period. This "fake future" certificate wouldn't trigger typical browser warnings because the signature checks out. However, by comparing the certificate's notAfter date with Signed Certificate Timestamps (SCTs) from publicly auditable logs, inconsistencies can be detected. These SCTs provide proof of inclusion in a log at a specific time, effectively acting as a timestamp for when the certificate was issued. If the SCT is newer than the CA's validity period but the certificate claims an older issuance date within that validity period, it indicates potential foul play. The post further demonstrates how this discrepancy can be checked programmatically using open-source tools.

  This blog post by Dadrian, titled "How to distrust a Certificate Authority without any certificate errors," explores a nuanced vulnerability related to Signed Certificate Timestamps (SCTs), which are crucial for ensuring the transparency and integrity of certificate issuance. The core issue revolves around the "notAfter" field within these SCTs. While a certificate itself has a validity period defined by its own "notAfter" date, the SCTs that vouch for its inclusion in a Certificate Transparency (CT) log also possess their own "notAfter" dates. The post highlights a potential scenario where a malicious or compromised Certificate Authority (CA) could issue a perfectly valid certificate – meaning the certificate's own "notAfter" date is in the future – yet manipulate the SCTs associated with that certificate. Specifically, the CA could backdate the SCTs, setting their "notAfter" dates to a point in the past.

  This manipulation wouldn't immediately trigger certificate errors in browsers or other relying parties because the certificate itself remains technically valid. However, it undermines the core principle of Certificate Transparency. Certificate Transparency logs are designed to provide an auditable record of all issued certificates, allowing for public scrutiny and detection of mis-issued or fraudulent certificates. The "notAfter" date of an SCT serves as a timestamp guaranteeing the certificate's inclusion in the log up to that specific point in time. By backdating the SCTs, the CA effectively creates a situation where the proof of inclusion in the CT log expires prematurely. This creates a window of opportunity where the CA could potentially issue other, fraudulent certificates without those certificates being reflected in the CT logs, as the now-expired SCTs no longer offer valid proof of inclusion. This undermines the entire auditability and transparency mechanism.

  The blog post details a practical demonstration of this vulnerability, showing how one can programmatically examine SCTs embedded in a certificate and compare their "notAfter" dates with the current time. This allows for the identification of certificates with potentially backdated SCTs, raising a red flag regarding the trustworthiness of the issuing CA, even in the absence of traditional certificate errors. The post concludes by emphasizing the importance of validating SCT "notAfter" dates as a critical part of robust certificate verification procedures and underscores the subtle ways in which the Certificate Transparency ecosystem can be compromised, requiring vigilance beyond simply checking for standard certificate validity. It implies that relying solely on the validity of the certificate itself isn't sufficient for guaranteeing trustworthiness and that scrutiny of associated SCTs is paramount.

  • TLS
  • SSL
  • certificates
  • Certificate Authority
  • CA
  • PKI
  • Security
  • Web Security
  • SCT
  • Signed Certificate Timestamps
  • transparency
  • X.509
  • Not After
  • Expiration
  • Distrust
  • verification
  • Cryptography

  Summary of Comments ( 43 )
  https://news.ycombinator.com/item?id=43285671

  Verbose tl;dr

  Hacker News users discuss the practicality and implications of the blog post's method for detecting malicious Sub-CAs. Several commenters point out the difficulty of implementing this at scale due to the computational cost and potential performance impact of checking every certificate against a large CRL set. Others express concerns about the feasibility of maintaining an up-to-date list of suspect CAs, given their dynamic nature. Some question the overall effectiveness, arguing that sophisticated attackers could circumvent such checks. A few users suggest alternative approaches like using DNSSEC and DANE, or relying on operating system trust stores. The overall sentiment leans toward acknowledging the validity of the author's points while remaining skeptical of the proposed solution's real-world applicability.

  The Hacker News post "How to distrust a CA without any certificate errors" sparked a discussion with several insightful comments. Many commenters engaged with the core concept of the blog post, which explored how a Certificate Authority (CA) could potentially manipulate certificates without triggering typical browser warnings.

  One commenter highlighted the difficulty in detecting this type of manipulation, emphasizing that the trust model inherently relies on the CA. They pointed out the unlikelihood of a user independently verifying the certificate chain, especially given the complexity involved. This reinforced the article's point about the potential vulnerability.

  Another commenter discussed the "certificate pinning" technique, which involves hardcoding expected certificate information into an application. While effective against the specific attack described in the article, they acknowledged that it's not a widespread solution and introduces its own set of management challenges, such as the need to update pinned certificates regularly.

  The conversation also touched upon the broader issues of trust and security in the digital landscape. One commenter expressed a general lack of trust in CAs, citing past incidents of compromised CAs and questionable practices. This sentiment resonated with other users who echoed concerns about the centralized nature of the CA system.

  Some commenters suggested alternative approaches to enhance security. One idea involved using DNSSEC combined with DANE (DNS-based Authentication of Named Entities), allowing domain owners to specify which CAs are authorized to issue certificates for their domain. Another suggestion was to explore decentralized identity solutions, moving away from the reliance on centralized CAs altogether.

  Several comments also delved into the technical details of the attack described in the article, with users discussing specific aspects of certificate validation and the potential implications for different browsers and operating systems. There was some debate about the practicality of the attack and the likelihood of it being exploited in the wild, with some arguing that the complexity involved would make it a less attractive option for attackers.

  Overall, the comments section reflected a general understanding of the potential vulnerabilities associated with the current CA system and a desire for more robust and transparent security solutions. While no single solution emerged as a clear winner, the discussion provided valuable insights into the challenges and potential future directions of certificate management and online trust.

• Why do we have both CSRF protection and CORS?

  permalink

  Posted: 2025-03-02 15:32:46

  Verbose tl;dr

  CSRF and CORS address distinct web security risks and therefore both are necessary. CSRF (Cross-Site Request Forgery) protects against malicious sites tricking a user's browser into making unintended requests to a trusted site where the user is already authenticated. This is achieved through tokens that verify the request originated from the trusted site itself. CORS (Cross-Origin Resource Sharing), on the other hand, dictates which external sites are permitted to access resources from a particular server, focusing on protecting the server itself from unauthorized access by scripts running on other origins. While they both deal with cross-site interactions, CSRF prevents malicious exploitation of a user's existing session, while CORS restricts access to the server's resources in the first place.

  The blog post "Why do we have both CSRF protection and CORS?" explores the distinct roles of Cross-Site Request Forgery (CSRF) protection and Cross-Origin Resource Sharing (CORS) in web security, explaining why both mechanisms are necessary despite appearing to address similar issues. The author emphasizes that while both deal with cross-site requests, they protect against different types of attacks and operate under different assumptions.

  CSRF protection is primarily concerned with preventing malicious websites from leveraging a user's existing authenticated session on a target website. It assumes that the user is already logged in and that the attacker's site can trick the user's browser into sending requests to the target site without the user's explicit intent. The core vulnerability lies in the fact that browsers automatically include cookies (including session cookies) with requests to the same origin, even if those requests are initiated from a different origin. CSRF tokens, generated by the server and embedded in forms or request headers, act as a proof of intent, verifying that the request originated from the genuine website and not a malicious actor.

  Conversely, CORS focuses on restricting which origins are allowed to make cross-origin requests to a specific server. It's a browser-enforced mechanism that intercepts requests originating from a different origin than the target server and checks whether the server explicitly permits such requests via specific HTTP headers (like Access-Control-Allow-Origin). CORS's primary goal is to prevent malicious websites from directly reading the responses of cross-origin requests, safeguarding sensitive data that might be returned by the server. Without CORS, a malicious script could make requests to a different domain while operating within the context of the user's browser, potentially gaining access to private information if the browser's same-origin policy wasn't enforced.

  The author highlights a critical distinction: CORS doesn't prevent the request itself from reaching the server; it merely prevents the malicious script from accessing the response. This is where CSRF protection becomes crucial. A malicious site can still send a POST request to a vulnerable server, even with CORS in place, potentially modifying data or performing unwanted actions if the server lacks proper CSRF protection. Therefore, both mechanisms are essential. CORS protects against unauthorized reading of responses, while CSRF protection prevents unauthorized modification of state through forged requests. They work in tandem to create a more secure web environment. The author concludes by noting that while they may seem redundant at first glance, understanding the distinct threats they address reveals the necessity of both mechanisms.

  • Web Security
  • CSRF
  • CORS
  • Cross-Site Request Forgery
  • Cross-Origin Resource Sharing
  • HTTP
  • Web Development
  • Security Best Practices
  • Browser Security
  • Website Security

  Summary of Comments ( 64 )
  https://news.ycombinator.com/item?id=43231411

  Verbose tl;dr

  Hacker News users discussed the nuances of CSRF and CORS, pointing out that while they both address security concerns related to cross-origin requests, they protect against different threats. Several commenters emphasized that CORS primarily protects the server from unauthorized access by other origins, controlled by the server itself. CSRF, on the other hand, protects users from malicious sites exploiting their existing authenticated sessions on another site, controlled by the user's browser. One commenter offered a clear analogy: CORS is like a bouncer at a club deciding who can enter, while CSRF protection is like checking someone's ID to make sure they're not using a stolen membership card. The discussion also touched upon the practical differences in implementation, like preflight requests in CORS and the use of tokens in CSRF prevention. Some comments questioned the clarity of the original blog post's title, suggesting it might confuse the two distinct mechanisms.

  The Hacker News post titled "Why do we have both CSRF protection and CORS?" generated a robust discussion with numerous comments exploring the nuances and interplay between these two security mechanisms. The central theme revolves around the distinct, yet complementary, roles CSRF protection and CORS play in securing web applications.

  Several commenters emphasize that while both mechanisms address security concerns related to cross-origin requests, they target different attack vectors. CORS, they explain, is primarily browser-enforced and focuses on protecting the server from unauthorized access by scripts running in a different origin. It acts as a gatekeeper, allowing the server to specify which origins are permitted to make requests and what types of requests are allowed. This helps prevent malicious websites from directly accessing resources on a different domain without explicit server authorization.

  CSRF protection, on the other hand, is focused on protecting the user from unknowingly making requests to a trusted site while authenticated. Commenters highlight how CSRF attacks exploit the browser's automatic inclusion of cookies and other authentication details in cross-origin requests. By tricking a user into interacting with a malicious website, an attacker can leverage the user's existing session to perform unwanted actions on the trusted site. CSRF tokens, as explained in the comments, act as a secret, unpredictable value included with each request that the server can verify to ensure the request originated from a legitimate source, not a malicious third-party site.

  A key point of discussion revolves around how CORS alone does not prevent CSRF attacks. Commenters explain scenarios where a malicious website, even if blocked by CORS from reading the response from a cross-origin request, can still send the request. This means a CSRF attack can still be executed, potentially modifying data or performing actions on the targeted website without the user's knowledge, even if the attacker cannot directly see the results.

  Some comments delve into the specific mechanics of how CSRF tokens work, explaining how they are typically generated on the server, embedded in forms or included as custom headers, and validated upon submission. They also touch upon different methods of implementing CSRF protection, such as double submit cookies and the Synchronizer Token Pattern.

  Several commenters provide practical examples to illustrate the differences between CSRF and CORS, using scenarios involving banking transactions, social media interactions, and other web applications. These examples help clarify the distinct vulnerabilities each mechanism addresses and why both are necessary for comprehensive security.

  Finally, some commenters discuss the limitations of both CSRF protection and CORS and highlight the importance of employing multiple layers of security. They mention other security best practices, such as proper input validation and output encoding, as essential components of a robust security strategy. The general consensus is that while CSRF and CORS are vital tools, they are not silver bullets, and a comprehensive approach to web security is crucial.

• Certificate Transparency in Firefox: A Big Step for Web Security

  permalink

  Posted: 2025-02-25 18:52:59

  Verbose tl;dr

  Firefox now fully enforces Certificate Transparency (CT) logging for all TLS certificates, significantly bolstering web security. This means that all newly issued website certificates must be publicly logged in approved CT logs for Firefox to trust them. This measure prevents malicious actors from secretly issuing fraudulent certificates for popular websites, as such certificates would not appear in the public logs and thus be rejected by Firefox. This enhances user privacy and security by making it considerably harder for attackers to perform man-in-the-middle attacks. Firefox’s complete enforcement of CT marks a major milestone for internet security, setting a strong precedent for other browsers to follow.

  Mozilla's implementation of Certificate Transparency (CT) enforcement in Firefox represents a significant advancement in web security. Certificate Transparency is a system designed to enhance the security and integrity of digital certificates by publicly logging their issuance. This public logging creates an auditable record, making it substantially more difficult for malicious actors to issue fraudulent certificates without detection. Firefox's adoption of mandatory CT enforcement means that certificates for websites accessed via Firefox must now adhere to these stricter transparency requirements.

  Prior to this change, Firefox, like other browsers, relied on Certificate Transparency logs for monitoring and detection of suspicious certificates, but did not mandate their inclusion for website access. This meant that while malicious certificates could be identified through CT logs, they could still be used to secure connections, at least temporarily, before being revoked or flagged. With mandatory enforcement, Firefox now actively requires certificates to be present in these public logs. If a certificate is not appropriately logged, Firefox will refuse to establish a secure connection, effectively blocking access to the website.

  This enforcement mechanism provides several key security benefits. Firstly, it significantly reduces the window of opportunity for malicious actors exploiting fraudulently issued certificates. By requiring inclusion in CT logs, the issuance becomes immediately public, allowing for quicker identification and revocation of rogue certificates. Secondly, it increases the overall transparency of the certificate issuance process. The public nature of the logs allows security researchers, website owners, and other interested parties to monitor certificate issuance, identifying potential problems and holding Certificate Authorities (CAs) accountable.

  The implementation in Firefox involved a multi-phased rollout, beginning with monitoring and pre-certification warning phases to allow website operators to adapt and ensure their certificates were properly logged. This phased approach minimized disruption while ensuring a smooth transition to full enforcement. Furthermore, Mozilla implemented specific mechanisms to address unique situations, such as private or internal networks, acknowledging that the public logging requirement might not be suitable for all use cases. These exceptions are carefully managed to maintain security while accommodating legitimate private network usage.

  In conclusion, mandatory Certificate Transparency enforcement in Firefox represents a considerable stride towards a more secure web browsing experience. By requiring public logging of certificates, Firefox significantly reduces the risk of attacks utilizing fraudulent certificates, promotes transparency in the certificate issuance process, and bolsters the overall security posture of the internet for its users. This move by Mozilla sets a strong precedent for other browsers and contributes significantly to the ongoing evolution of online security.

  • Certificate Transparency
  • Firefox
  • Web Security
  • SSL/TLS
  • HTTPS
  • Browser Security
  • Digital Certificates
  • X.509
  • PKI
  • Mozilla

  Summary of Comments ( 78 )
  https://news.ycombinator.com/item?id=43175793

  Verbose tl;dr

  HN commenters generally praise Mozilla for implementing Certificate Transparency (CT) enforcement in Firefox, viewing it as a significant boost to web security. Some express concern about the potential for increased centralization and the impact on smaller Certificate Authorities (CAs). A few suggest that CT logs themselves are a single point of failure and advocate for further decentralization. There's also discussion around the practical implications of CT enforcement, such as the risk of legitimate websites being temporarily inaccessible due to log issues, and the need for robust monitoring and alerting systems. One compelling comment highlights the significant decrease in mis-issued certificates since the introduction of CT, emphasizing its positive impact. Another points out the potential for domain fronting abuse being impacted by CT enforcement.

  The Hacker News post discussing Mozilla's blog post about Certificate Transparency in Firefox has generated a moderate number of comments, most of which express general approval of the move toward greater transparency and security.

  Several commenters delve into the technical intricacies of Certificate Transparency (CT) and its implementation. One commenter points out the importance of CT logs being available and questions the robustness of the system if a major log provider were to experience an outage. Another echoes this concern, emphasizing the need for redundancy and geographically diverse log servers to prevent single points of failure. They also discuss the potential performance implications of browser-side CT enforcement, though they acknowledge that the impact is likely minimal with modern hardware.

  Another thread discusses the issue of "rogue" Certificate Authorities (CAs) and how CT helps to mitigate the risks associated with them. Commenters explain that while CT doesn't prevent a rogue CA from issuing a certificate, it does make it much harder for them to do so undetected, as the certificate would be publicly logged and visible to scrutiny. This increased visibility acts as a deterrent and allows for quicker identification and revocation of improperly issued certificates.

  A few commenters touch upon the history of CT and its gradual adoption by browsers and CAs. They express satisfaction that Firefox is now fully enforcing CT, bringing it in line with other major browsers and further solidifying the technology's role in web security.

  One commenter raises the concern that while CT is beneficial, it also introduces a new potential attack vector: the CT logs themselves. If a malicious actor were to compromise a CT log, they could potentially insert fake entries or suppress legitimate ones. However, other users counter this point by explaining the mechanisms in place to ensure the integrity of CT logs, such as Signed Certificate Timestamps (SCTs) and the distributed nature of the logs.

  Some of the more technically inclined commenters discuss the nuances of different CT log implementations and the challenges associated with monitoring and auditing them. They also touch upon the potential for using CT data for purposes beyond security, such as research and analysis of certificate issuance trends.

  Overall, the comments on the Hacker News post reflect a positive reception to Firefox's implementation of mandatory CT. While some concerns and potential challenges are raised, the general consensus is that CT represents a significant advancement in web security and that its widespread adoption is a positive development for the internet.

• DigiCert: Threat of legal action to stifle Bugzilla discourse

  permalink

  Posted: 2025-02-25 01:40:14

  Verbose tl;dr

  DigiCert, a Certificate Authority (CA), issued a DMCA takedown notice against a Mozilla Bugzilla post detailing a vulnerability in their certificate issuance process. This vulnerability allowed the fraudulent issuance of certificates for *.mozilla.org, a significant security risk. While DigiCert later claimed the takedown was accidental and retracted it, the initial action sparked concern within the Mozilla community regarding potential censorship and the chilling effect such legal threats could have on open security research and vulnerability disclosure. The incident highlights the tension between responsible disclosure and legal protection, particularly when vulnerabilities involve prominent organizations.

  This Bugzilla report, titled "DigiCert: Threat of legal action to stifle Bugzilla discourse," details a concerning interaction between Mozilla developers and representatives of DigiCert, a prominent Certificate Authority (CA). The issue at hand revolves around public discussion on the Mozilla Bugzilla platform regarding a specific certificate issuance incident involving DigiCert. The report alleges that DigiCert, instead of engaging in open and constructive dialogue about the technical aspects and potential security implications of the incident being discussed on the platform, resorted to legal threats aimed at suppressing further conversation and removing existing commentary.

  The author of the Bugzilla report expresses apprehension that such actions by a trusted CA like DigiCert could have a chilling effect on the vital role Bugzilla plays in fostering transparency and collaborative security research. They argue that open discussion of potential vulnerabilities and certificate issuance problems is paramount to maintaining the integrity and security of the internet ecosystem. The report highlights the potential conflict between the desire of a CA to protect its reputation and the broader community interest in openly analyzing and addressing potential weaknesses in certificate issuance processes. The author underscores the importance of Bugzilla as a crucial platform for facilitating this essential public discourse and argues that legal threats against such discourse are detrimental to the collective security efforts of the internet community. The report concludes by calling for a reaffirmation of Mozilla's commitment to maintaining an open and transparent platform for discussing security issues, even in the face of pressure from external entities. The implication is that succumbing to such pressure could set a dangerous precedent, potentially discouraging future disclosures and hindering the collaborative identification and resolution of security vulnerabilities.

  • DigiCert
  • Bugzilla
  • Mozilla
  • Certificate Authority
  • CA
  • Legal Threat
  • Censorship
  • Open Source
  • Security
  • SSL/TLS
  • Web Security
  • privacy
  • vulnerability disclosure
  • Free Speech

  Summary of Comments ( 125 )
  https://news.ycombinator.com/item?id=43167087

  Verbose tl;dr

  HN commenters largely express outrage at DigiCert's legal threat against Mozilla for publicly disclosing a vulnerability in their software via Bugzilla, viewing it as an attempt to stifle legitimate security research and responsible disclosure. Several highlight the chilling effect such actions can have on vulnerability reporting, potentially leading to more undisclosed vulnerabilities being exploited. Some question the legality and ethics of DigiCert's response, especially given the public nature of the Bugzilla entry. A few commenters sympathize with DigiCert's frustration with the delayed disclosure but still condemn their approach. The overall sentiment is strongly against DigiCert's handling of the situation.

  The Hacker News post "DigiCert: Threat of legal action to stifle Bugzilla discourse" (linking to a Mozilla Bugzilla report about DigiCert's revocation of a certificate used for WireGuard) sparked a lively discussion with several compelling comments.

  Many commenters expressed outrage and concern over DigiCert's handling of the situation, viewing their legal threat as an attempt to suppress legitimate discussion of a potential security issue. They saw it as a heavy-handed response that discouraged responsible disclosure and could have chilling effects on future vulnerability reporting. Some specifically criticized the use of legal threats in response to public interest concerns around certificate revocation practices, arguing it sets a bad precedent.

  Several comments focused on the technical aspects of certificate revocation, debating the merits of DigiCert's actions and whether the revocation was justified. Some questioned if the key compromise was genuine or a result of a misunderstanding, while others discussed the broader challenges and limitations of certificate revocation mechanisms. This sparked a back-and-forth about best practices and responsibilities in such scenarios.

  A few comments highlighted the potential implications for WireGuard users, expressing concern about the disruption caused by the revocation and the potential for similar incidents in the future. They discussed the importance of clear communication and transparency from Certificate Authorities (CAs) during such events.

  Some commenters questioned the Bugzilla forum as the appropriate venue for this discussion, suggesting that a more private channel might have been more suitable for addressing the legal concerns raised by DigiCert. However, others countered that the public nature of the discussion was crucial for transparency and accountability.

  There was also discussion about the legal aspects of the situation, with commenters speculating about the basis of DigiCert's legal threat and the potential outcomes. Some pointed to potential defamation or tortious interference claims, while others questioned the validity of such claims in this context.

  Finally, several commenters offered alternative interpretations of DigiCert's actions, suggesting they might have been motivated by a desire to protect their reputation or avoid potential liability, rather than to stifle legitimate discourse. They encouraged considering the perspectives of all involved parties.

• How (not) to sign a JSON object (2019)

  permalink

  Posted: 2025-02-09 14:38:52

  Verbose tl;dr

  Latacora's blog post "How (not) to sign a JSON object" cautions against signing JSON by stringifying it before applying a signature. This approach is vulnerable to attacks that modify whitespace or key ordering, which changes the string representation without altering the JSON's semantic meaning. The correct method involves canonicalizing the JSON object first – transforming it into a standardized, consistent byte representation – before signing. This ensures the signature validates only identical JSON objects, regardless of superficial formatting differences. The post uses examples to demonstrate the vulnerabilities of naive stringification and advocates using established JSON Canonicalization Schemes (JCS) for robust and secure signing.

  This blog post from Latacora, titled "How (not) to sign a JSON object (2019)," discusses the intricacies and common pitfalls of digitally signing JSON objects, specifically focusing on ensuring the integrity and authenticity of the data. The author emphasizes that simply signing a JSON string representation is insufficient due to the flexibility of JSON syntax. Variations in whitespace, key ordering, and numeric representation can all result in different string representations of the same underlying JSON object, leading to signature verification failures even though the semantic meaning of the data remains unchanged.

  The post meticulously dissects several flawed approaches, illustrating the vulnerabilities they introduce. One such approach is naively signing the stringified JSON. This is problematic because different JSON libraries might produce slightly different string outputs for the same JSON object, causing signature verification to fail. Another inadequate method involves canonicalizing the JSON before signing, but relying on insufficiently rigorous canonicalization methods. For example, simply sorting keys alphabetically doesn't account for variations in numeric representation or whitespace.

  The author then proposes a more robust solution: using a deterministic JSON serialization method. This method ensures that a given JSON object will always be serialized into the exact same string, regardless of the platform or library used. By signing this deterministic representation, the signature will reliably verify as long as the underlying data remains unchanged. The post highlights the importance of using a well-defined and widely adopted canonicalization algorithm to avoid interoperability issues.

  Furthermore, the blog post delves into the security implications of using non-deterministic JSON serialization. It explains how an attacker could potentially manipulate the JSON structure, altering insignificant details like whitespace or key order, to create a different string representation that still carries the same semantic meaning but invalidates the signature. This could allow for undetected tampering with the data.

  The post concludes by recommending specific libraries and tools for implementing secure JSON signing, emphasizing the critical need for careful consideration of these seemingly minor details to guarantee the integrity and authenticity of signed JSON objects. The overall message is that signing JSON requires a meticulous and deliberate approach, relying on established standards and deterministic serialization to prevent vulnerabilities and ensure the reliability of digital signatures.

  • JSON
  • Security
  • Signing
  • Digital Signatures
  • Cryptography
  • JWT
  • JWS
  • Web Security
  • best practices
  • data integrity
  • serialization
  • Encoding
  • 2019

  Summary of Comments ( 0 )
  https://news.ycombinator.com/item?id=42990948

  Verbose tl;dr

  HN commenters largely agree with the author's points about the complexities and pitfalls of signing JSON objects. Several highlighted the importance of canonicalization before signing, with some mentioning specific libraries like JWS and json-canonicalize to ensure consistent formatting. The discussion also touches upon alternatives like JWT (JSON Web Tokens) and COSE (CBOR Object Signing and Encryption) as potentially better solutions, particularly JWT for its ease of use in web contexts. Some commenters delve into the nuances of JSON's flexibility, which can make secure signing difficult, such as varying key order and whitespace handling. A few also caution against rolling your own cryptographic solutions and advocate for using established libraries where possible.

  The Hacker News post "How (not) to sign a JSON object (2019)" has generated several comments discussing various aspects of JSON signing and security practices.

  Several commenters focus on the importance of canonicalization before signing. One commenter emphasizes that the article's core message boils down to "canonicalize before signing," highlighting how failing to do so can introduce vulnerabilities. They further illustrate the point by referencing Python's json.dumps function and how different keyword arguments can lead to different string representations of the same JSON object, ultimately resulting in different signatures. Another commenter points out that using JSON for signing is inherently tricky due to the numerous variations possible in a serialized JSON object. They recommend CBOR (Concise Binary Object Representation) as a more suitable alternative for signing because of its consistent binary representation. This reinforces the idea that using a standardized, unambiguous data format is crucial for secure signing.

  The discussion also delves into specific vulnerabilities related to different JSON parsing libraries. One commenter mentions that some libraries accept duplicate keys, which can be exploited by attackers. They suggest that "canonicalization is about enforcing a schema and rejecting invalid input," emphasizing that strict validation is essential for preventing such attacks. Another user highlights specific problems with PHP’s json_decode function and how it handles duplicate keys, which could further expose systems to security risks if not carefully addressed.

  Another thread in the comments explores the concept of "deterministic JSON," where commenters discuss the challenges in achieving consistent serialization. One commenter notes the difficulty of creating a truly deterministic JSON representation across different languages due to variations in floating-point representations, character encoding, and key ordering.

  Several users shared examples of libraries and tools designed for secure JSON signing, including json-canonicalize and various JWS (JSON Web Signature) libraries. These comments offer practical solutions for developers seeking to implement secure signing practices.

  Finally, there's some discussion around JSON Web Signatures (JWS) and JWT (JSON Web Tokens). One commenter criticizes the use of JWT, arguing that JWS provides more flexibility and is sufficient for most use cases. They imply that JWT adds unnecessary complexity and might encourage less secure practices. Another user reinforces this by suggesting the use of detached signatures, emphasizing that signing only the relevant data minimizes the attack surface.

  In summary, the comments on the Hacker News post highlight the critical importance of canonicalization before signing JSON, discuss the challenges and vulnerabilities associated with inconsistent JSON representations, recommend alternative formats like CBOR, and provide practical advice on using tools and libraries designed for secure JSON signing. The discussion also touches upon the nuances of JWS and JWT, suggesting simpler approaches for enhanced security.

• A brief history of code signing at Mozilla

  permalink

  Posted: 2025-02-07 17:51:49

  Verbose tl;dr

  Mozilla's code signing journey began with a simple, centralized system using a single key and evolved into a complex, multi-layered approach. Initially, all Mozilla software was signed with one key, posing significant security risks. This led to the adoption of per-product keys, offering better isolation. Further advancements included build signing, allowing for verification even before installer creation, and update signing to secure updates delivered through the application. The process also matured through the use of hardware security modules (HSMs) for safer key storage and automated signing infrastructure for increased efficiency. These iterative improvements aimed to enhance security by limiting the impact of compromised keys and streamlining the signing process.

  This blog post by "hearsum" meticulously chronicles the evolution of code signing practices at Mozilla, providing a detailed account of the challenges, adaptations, and technical decisions made over the years to enhance the security and integrity of their software distributions. The narrative begins with the early days of Mozilla's code signing efforts, highlighting the initial reliance on a single code signing certificate and the manual processes involved. This period is characterized by its simplicity, but also by its vulnerability to potential security breaches and operational inefficiencies. The author underscores the inherent risk of a single point of failure represented by the sole certificate.

  As Mozilla's software offerings expanded and diversified, so too did the complexity of their code signing infrastructure. The blog post describes the transition to a more sophisticated system involving multiple code signing certificates, carefully differentiated by product and platform. This approach aimed to mitigate the risk associated with a single compromised certificate, isolating potential damage to a specific product line rather than the entire software ecosystem. The author elaborates on the logistical challenges of managing multiple certificates across various teams and geographical locations.

  A key turning point in Mozilla's code signing journey is the introduction of hardware security modules (HSMs). These specialized devices provide a secure and tamper-resistant environment for storing and managing cryptographic keys, significantly enhancing the security posture of the code signing process. The blog post details the complexities involved in integrating HSMs into the existing workflow, emphasizing the need for robust access control mechanisms and secure key handling procedures. The author specifically mentions the exploration of different HSM solutions and the eventual selection of a cloud-based HSM service, underscoring the advantages of scalability, availability, and disaster recovery capabilities offered by this approach.

  The narrative then delves into the challenges of automating the code signing process, a critical requirement for ensuring efficiency and repeatability. The author describes the initial reliance on manual scripting and the subsequent migration to a more robust and scalable automation framework. This evolution enabled Mozilla to streamline the code signing workflow, reducing the risk of human error and accelerating the release cycle. Furthermore, the blog post highlights the importance of integrating code signing into the Continuous Integration/Continuous Delivery (CI/CD) pipeline, enabling seamless and automated code signing during the build process.

  Finally, the author discusses the ongoing efforts to enhance the security and resilience of Mozilla's code signing infrastructure. This includes exploring advanced techniques such as dual code signing, which involves signing code with both an internal certificate and an external certificate from a trusted Certificate Authority (CA), adding an extra layer of verification and protection against potential CA compromises. The post concludes by emphasizing the continuous commitment to improving the security and integrity of Mozilla's software releases through ongoing refinement and adaptation of their code signing practices. This commitment reflects the organization's dedication to protecting its users from malicious software and ensuring the trustworthiness of its products.

  • Code Signing
  • Mozilla
  • History
  • Software Security
  • Digital Signatures
  • certificates
  • Browser Security
  • Web Security
  • PKI
  • Software Development

  Summary of Comments ( 80 )
  https://news.ycombinator.com/item?id=42975436

  Verbose tl;dr

  HN commenters generally praised the article for its clarity and detail in explaining a complex technical process. Several appreciated the focus on the practical, real-world challenges and compromises involved, rather than just the theoretical ideal. Some shared their own experiences with code signing, highlighting additional difficulties like the expense and bureaucratic hurdles, particularly for smaller developers. Others pointed out the inherent limitations and potential vulnerabilities of code signing, emphasizing that it's not a silver bullet security solution. A few comments also discussed alternative or supplementary approaches to software security, such as reproducible builds and better sandboxing.

  The Hacker News post "A brief history of code signing at Mozilla" generated a moderate discussion with several insightful comments. Many commenters focused on the complexities and frustrations of code signing, particularly in the context of Mozilla's cross-platform support and evolving security landscape.

  One commenter highlighted the often overlooked fact that code signing isn't a silver bullet guarantee of security, but rather a measure of provenance. They emphasized that signed code can still be malicious, and users should exercise caution even with signed applications. This commenter also touched on the economics of code signing, mentioning the costs associated with certificates and the challenges smaller developers face.

  Another commenter shared their personal experience with code signing, recounting the hassle and expense involved, particularly for distributing software across different platforms like Windows and macOS. They expressed frustration with the opaque nature of the process and the lack of clear documentation, echoing a sentiment shared by several others. This commenter also questioned the efficacy of code signing given the potential for vulnerabilities in the signing process itself.

  Several commenters discussed the technical details of code signing, including the different types of certificates, the use of timestamping, and the challenges of managing certificates within a large organization like Mozilla. They explored the trade-offs between security and usability, and the difficulties of balancing user experience with the need to protect against malware.

  One commenter specifically mentioned the increasing complexity of code signing on macOS, noting Apple's increasingly stringent requirements and the challenges this poses for developers. They pointed out the potential for disruptions and the difficulty of keeping up with Apple's evolving policies.

  Finally, several comments touched upon the broader implications of code signing for the open-source community. Some expressed concern that the costs and complexity of code signing could create barriers to entry for smaller projects and discourage open-source development. Others suggested alternative approaches, such as reproducible builds, as a potential solution to some of the challenges posed by code signing.

  Overall, the comments on the Hacker News post paint a picture of code signing as a necessary but complex and often frustrating aspect of software development, particularly for large organizations like Mozilla that support multiple platforms. The discussion highlights the ongoing challenges of balancing security, usability, and cost, and the need for clearer documentation and more streamlined processes.

• What's OAuth2, anyway?

  permalink

  Posted: 2025-01-26 10:15:22

  Verbose tl;dr

  OAuth2 is a delegation protocol that lets a user grant a third-party application limited access to their resources on a server, without sharing their credentials. Instead of handing over your username and password directly to the app, you authorize it through the resource server (like Google or Facebook). This authorization process generates an access token, which the app then uses to access specific resources on your behalf, within the scope you've permitted. OAuth2 focuses solely on authorization and not authentication, meaning it doesn't verify the user's identity. It relies on other mechanisms, like OpenID Connect, for that purpose.

  Roman Glushko's blog post, "What's OAuth2, anyway?", provides a comprehensive, analogy-driven explanation of the OAuth2 authorization framework, aiming to demystify its purpose and mechanics. He begins by establishing the central problem OAuth2 solves: granting third-party applications limited access to user resources held by another service, like accessing your Google photos from a photo printing website, without sharing your Google password. This is achieved by utilizing an intricate system of delegated authorization.

  The post uses the analogy of a valet key service to illustrate the concept. Just as you wouldn't give your car keys with full access to your glove compartment and trunk to a valet, you wouldn't want to give a third-party application your full account credentials. OAuth2 provides a secure method to grant specific permissions, likened to a valet key granting limited access only to start and park the car.

  The process begins with the third-party application requesting authorization from the user. This request redirects the user to the resource server (e.g., Google), where they are prompted to authenticate themselves and grant specific permissions to the application. This interaction is crucial, as it ensures that the user, the actual owner of the data, is in control of which permissions are granted.

  Once authorized, the resource server issues a temporary credential, known as an authorization code, to the application. This code acts like a claim ticket, proving that the user has granted specific permissions. The application then exchanges this authorization code with the authorization server (which may or may not be the same as the resource server) for an access token. This exchange happens behind the scenes, away from the user's browser.

  The access token, analogous to the valet key, grants the application limited access to the user's resources, as defined by the previously granted permissions. The application can then use this token to make API requests to access the user’s data without ever needing to know the user’s actual password. This token has a limited lifespan and can be revoked by the user at any time, further enhancing security.

  Furthermore, the post explains the different grant types within OAuth2, specifically highlighting the authorization code grant type as the most common and secure method for web applications. It also touches upon refresh tokens, which allow applications to obtain new access tokens without requiring the user to re-authorize every time, thus providing a seamless experience.

  Finally, the post concludes by emphasizing the importance of OAuth2 in the modern web landscape for securely delegating access to user resources, allowing for a rich ecosystem of interconnected services without compromising user security. It successfully breaks down a complex topic into digestible parts, using real-world analogies and clear explanations to provide a solid understanding of the core principles behind OAuth2.

  • OAuth2
  • OAuth
  • Authentication
  • Authorization
  • Security
  • Web Security
  • API Security
  • Access Tokens
  • identity
  • Single Sign-On
  • SSO
  • Open Standard
  • Protocol
  • Web Development

  Summary of Comments ( 16 )
  https://news.ycombinator.com/item?id=42829149

  Verbose tl;dr

  HN commenters generally praised the article for its clear explanation of OAuth2, calling it accessible and well-written, particularly appreciating the focus on the "why" rather than just the "how." Some users pointed out potential minor inaccuracies or areas for further clarification, such as the distinction between authorization code grant with PKCE and implicit flow for client-side apps, the role of refresh tokens, and the implications of using a third-party identity provider. One commenter highlighted the difficulty of finding good OAuth2 resources and expressed gratitude for the article's contribution. Others suggested additional topics for the author to cover, such as the challenges of cross-domain authentication. Several commenters also shared personal anecdotes about their experiences implementing or troubleshooting OAuth2.

  The Hacker News post "What's OAuth2, anyway?" with the ID 42829149 generated a moderate amount of discussion with several insightful comments.

  Many commenters praised the article for its clarity and simplicity in explaining a complex topic. One user appreciated the straightforward explanation, saying it was the first time they truly understood OAuth2. Another highlighted the article's effectiveness in breaking down the jargon and making the concepts accessible. Several others echoed this sentiment, expressing gratitude for the clear and concise explanation.

  A significant part of the discussion revolved around the practical complexities and security considerations of OAuth2. One commenter pointed out the challenges of implementing OAuth2 securely, noting the potential for vulnerabilities if not handled carefully. They specifically mentioned the complexity introduced by refresh tokens and the potential for token leakage. Another user discussed the different OAuth2 grant types and their suitability for various use cases, highlighting the importance of choosing the appropriate grant type for the specific application.

  Some commenters delved into the historical context of OAuth2, discussing its evolution and comparing it to previous authentication methods. One user explained how OAuth2 addressed some of the shortcomings of earlier approaches, while acknowledging its own complexities. Another discussed the challenges of migrating from older systems to OAuth2.

  Several commenters shared their personal experiences and anecdotes related to OAuth2. One recounted a story about a challenging OAuth2 integration, emphasizing the practical difficulties encountered in real-world implementations. Another shared a helpful tip for debugging OAuth2 issues.

  A few comments focused on specific aspects of the article, offering corrections or alternative perspectives. One commenter suggested a minor clarification regarding the terminology used, while another offered a different interpretation of a particular concept.

  Overall, the comments on the Hacker News post provide a valuable supplement to the article itself, offering practical insights, diverse perspectives, and real-world experiences related to OAuth2 and its complexities. They highlight both the benefits of OAuth2 as a powerful authorization framework and the challenges involved in its proper implementation and use.