Stories with Tag PKI

• How to distrust a CA without any certificate errors

  permalink

  Posted: 2025-03-06 22:28:01

  Verbose tl;dr

  This blog post explores how a Certificate Authority (CA) could maliciously issue a certificate with a valid signature but an impossibly distant expiration date, far beyond the CA's own validity period. This "fake future" certificate wouldn't trigger typical browser warnings because the signature checks out. However, by comparing the certificate's notAfter date with Signed Certificate Timestamps (SCTs) from publicly auditable logs, inconsistencies can be detected. These SCTs provide proof of inclusion in a log at a specific time, effectively acting as a timestamp for when the certificate was issued. If the SCT is newer than the CA's validity period but the certificate claims an older issuance date within that validity period, it indicates potential foul play. The post further demonstrates how this discrepancy can be checked programmatically using open-source tools.

  This blog post by Dadrian, titled "How to distrust a Certificate Authority without any certificate errors," explores a nuanced vulnerability related to Signed Certificate Timestamps (SCTs), which are crucial for ensuring the transparency and integrity of certificate issuance. The core issue revolves around the "notAfter" field within these SCTs. While a certificate itself has a validity period defined by its own "notAfter" date, the SCTs that vouch for its inclusion in a Certificate Transparency (CT) log also possess their own "notAfter" dates. The post highlights a potential scenario where a malicious or compromised Certificate Authority (CA) could issue a perfectly valid certificate – meaning the certificate's own "notAfter" date is in the future – yet manipulate the SCTs associated with that certificate. Specifically, the CA could backdate the SCTs, setting their "notAfter" dates to a point in the past.

  This manipulation wouldn't immediately trigger certificate errors in browsers or other relying parties because the certificate itself remains technically valid. However, it undermines the core principle of Certificate Transparency. Certificate Transparency logs are designed to provide an auditable record of all issued certificates, allowing for public scrutiny and detection of mis-issued or fraudulent certificates. The "notAfter" date of an SCT serves as a timestamp guaranteeing the certificate's inclusion in the log up to that specific point in time. By backdating the SCTs, the CA effectively creates a situation where the proof of inclusion in the CT log expires prematurely. This creates a window of opportunity where the CA could potentially issue other, fraudulent certificates without those certificates being reflected in the CT logs, as the now-expired SCTs no longer offer valid proof of inclusion. This undermines the entire auditability and transparency mechanism.

  The blog post details a practical demonstration of this vulnerability, showing how one can programmatically examine SCTs embedded in a certificate and compare their "notAfter" dates with the current time. This allows for the identification of certificates with potentially backdated SCTs, raising a red flag regarding the trustworthiness of the issuing CA, even in the absence of traditional certificate errors. The post concludes by emphasizing the importance of validating SCT "notAfter" dates as a critical part of robust certificate verification procedures and underscores the subtle ways in which the Certificate Transparency ecosystem can be compromised, requiring vigilance beyond simply checking for standard certificate validity. It implies that relying solely on the validity of the certificate itself isn't sufficient for guaranteeing trustworthiness and that scrutiny of associated SCTs is paramount.

  • TLS
  • SSL
  • certificates
  • Certificate Authority
  • CA
  • PKI
  • Security
  • Web Security
  • SCT
  • Signed Certificate Timestamps
  • transparency
  • X.509
  • Not After
  • Expiration
  • Distrust
  • verification
  • Cryptography

  Summary of Comments ( 43 )
  https://news.ycombinator.com/item?id=43285671

  Verbose tl;dr

  Hacker News users discuss the practicality and implications of the blog post's method for detecting malicious Sub-CAs. Several commenters point out the difficulty of implementing this at scale due to the computational cost and potential performance impact of checking every certificate against a large CRL set. Others express concerns about the feasibility of maintaining an up-to-date list of suspect CAs, given their dynamic nature. Some question the overall effectiveness, arguing that sophisticated attackers could circumvent such checks. A few users suggest alternative approaches like using DNSSEC and DANE, or relying on operating system trust stores. The overall sentiment leans toward acknowledging the validity of the author's points while remaining skeptical of the proposed solution's real-world applicability.

  The Hacker News post "How to distrust a CA without any certificate errors" sparked a discussion with several insightful comments. Many commenters engaged with the core concept of the blog post, which explored how a Certificate Authority (CA) could potentially manipulate certificates without triggering typical browser warnings.

  One commenter highlighted the difficulty in detecting this type of manipulation, emphasizing that the trust model inherently relies on the CA. They pointed out the unlikelihood of a user independently verifying the certificate chain, especially given the complexity involved. This reinforced the article's point about the potential vulnerability.

  Another commenter discussed the "certificate pinning" technique, which involves hardcoding expected certificate information into an application. While effective against the specific attack described in the article, they acknowledged that it's not a widespread solution and introduces its own set of management challenges, such as the need to update pinned certificates regularly.

  The conversation also touched upon the broader issues of trust and security in the digital landscape. One commenter expressed a general lack of trust in CAs, citing past incidents of compromised CAs and questionable practices. This sentiment resonated with other users who echoed concerns about the centralized nature of the CA system.

  Some commenters suggested alternative approaches to enhance security. One idea involved using DNSSEC combined with DANE (DNS-based Authentication of Named Entities), allowing domain owners to specify which CAs are authorized to issue certificates for their domain. Another suggestion was to explore decentralized identity solutions, moving away from the reliance on centralized CAs altogether.

  Several comments also delved into the technical details of the attack described in the article, with users discussing specific aspects of certificate validation and the potential implications for different browsers and operating systems. There was some debate about the practicality of the attack and the likelihood of it being exploited in the wild, with some arguing that the complexity involved would make it a less attractive option for attackers.

  Overall, the comments section reflected a general understanding of the potential vulnerabilities associated with the current CA system and a desire for more robust and transparent security solutions. While no single solution emerged as a clear winner, the discussion provided valuable insights into the challenges and potential future directions of certificate management and online trust.

• Certificate Transparency in Firefox: A Big Step for Web Security

  permalink

  Posted: 2025-02-25 18:52:59

  Verbose tl;dr

  Firefox now fully enforces Certificate Transparency (CT) logging for all TLS certificates, significantly bolstering web security. This means that all newly issued website certificates must be publicly logged in approved CT logs for Firefox to trust them. This measure prevents malicious actors from secretly issuing fraudulent certificates for popular websites, as such certificates would not appear in the public logs and thus be rejected by Firefox. This enhances user privacy and security by making it considerably harder for attackers to perform man-in-the-middle attacks. Firefox’s complete enforcement of CT marks a major milestone for internet security, setting a strong precedent for other browsers to follow.

  Mozilla's implementation of Certificate Transparency (CT) enforcement in Firefox represents a significant advancement in web security. Certificate Transparency is a system designed to enhance the security and integrity of digital certificates by publicly logging their issuance. This public logging creates an auditable record, making it substantially more difficult for malicious actors to issue fraudulent certificates without detection. Firefox's adoption of mandatory CT enforcement means that certificates for websites accessed via Firefox must now adhere to these stricter transparency requirements.

  Prior to this change, Firefox, like other browsers, relied on Certificate Transparency logs for monitoring and detection of suspicious certificates, but did not mandate their inclusion for website access. This meant that while malicious certificates could be identified through CT logs, they could still be used to secure connections, at least temporarily, before being revoked or flagged. With mandatory enforcement, Firefox now actively requires certificates to be present in these public logs. If a certificate is not appropriately logged, Firefox will refuse to establish a secure connection, effectively blocking access to the website.

  This enforcement mechanism provides several key security benefits. Firstly, it significantly reduces the window of opportunity for malicious actors exploiting fraudulently issued certificates. By requiring inclusion in CT logs, the issuance becomes immediately public, allowing for quicker identification and revocation of rogue certificates. Secondly, it increases the overall transparency of the certificate issuance process. The public nature of the logs allows security researchers, website owners, and other interested parties to monitor certificate issuance, identifying potential problems and holding Certificate Authorities (CAs) accountable.

  The implementation in Firefox involved a multi-phased rollout, beginning with monitoring and pre-certification warning phases to allow website operators to adapt and ensure their certificates were properly logged. This phased approach minimized disruption while ensuring a smooth transition to full enforcement. Furthermore, Mozilla implemented specific mechanisms to address unique situations, such as private or internal networks, acknowledging that the public logging requirement might not be suitable for all use cases. These exceptions are carefully managed to maintain security while accommodating legitimate private network usage.

  In conclusion, mandatory Certificate Transparency enforcement in Firefox represents a considerable stride towards a more secure web browsing experience. By requiring public logging of certificates, Firefox significantly reduces the risk of attacks utilizing fraudulent certificates, promotes transparency in the certificate issuance process, and bolsters the overall security posture of the internet for its users. This move by Mozilla sets a strong precedent for other browsers and contributes significantly to the ongoing evolution of online security.

  • Certificate Transparency
  • Firefox
  • Web Security
  • SSL/TLS
  • HTTPS
  • Browser Security
  • Digital Certificates
  • X.509
  • PKI
  • Mozilla

  Summary of Comments ( 78 )
  https://news.ycombinator.com/item?id=43175793

  Verbose tl;dr

  HN commenters generally praise Mozilla for implementing Certificate Transparency (CT) enforcement in Firefox, viewing it as a significant boost to web security. Some express concern about the potential for increased centralization and the impact on smaller Certificate Authorities (CAs). A few suggest that CT logs themselves are a single point of failure and advocate for further decentralization. There's also discussion around the practical implications of CT enforcement, such as the risk of legitimate websites being temporarily inaccessible due to log issues, and the need for robust monitoring and alerting systems. One compelling comment highlights the significant decrease in mis-issued certificates since the introduction of CT, emphasizing its positive impact. Another points out the potential for domain fronting abuse being impacted by CT enforcement.

  The Hacker News post discussing Mozilla's blog post about Certificate Transparency in Firefox has generated a moderate number of comments, most of which express general approval of the move toward greater transparency and security.

  Several commenters delve into the technical intricacies of Certificate Transparency (CT) and its implementation. One commenter points out the importance of CT logs being available and questions the robustness of the system if a major log provider were to experience an outage. Another echoes this concern, emphasizing the need for redundancy and geographically diverse log servers to prevent single points of failure. They also discuss the potential performance implications of browser-side CT enforcement, though they acknowledge that the impact is likely minimal with modern hardware.

  Another thread discusses the issue of "rogue" Certificate Authorities (CAs) and how CT helps to mitigate the risks associated with them. Commenters explain that while CT doesn't prevent a rogue CA from issuing a certificate, it does make it much harder for them to do so undetected, as the certificate would be publicly logged and visible to scrutiny. This increased visibility acts as a deterrent and allows for quicker identification and revocation of improperly issued certificates.

  A few commenters touch upon the history of CT and its gradual adoption by browsers and CAs. They express satisfaction that Firefox is now fully enforcing CT, bringing it in line with other major browsers and further solidifying the technology's role in web security.

  One commenter raises the concern that while CT is beneficial, it also introduces a new potential attack vector: the CT logs themselves. If a malicious actor were to compromise a CT log, they could potentially insert fake entries or suppress legitimate ones. However, other users counter this point by explaining the mechanisms in place to ensure the integrity of CT logs, such as Signed Certificate Timestamps (SCTs) and the distributed nature of the logs.

  Some of the more technically inclined commenters discuss the nuances of different CT log implementations and the challenges associated with monitoring and auditing them. They also touch upon the potential for using CT data for purposes beyond security, such as research and analysis of certificate issuance trends.

  Overall, the comments on the Hacker News post reflect a positive reception to Firefox's implementation of mandatory CT. While some concerns and potential challenges are raised, the general consensus is that CT represents a significant advancement in web security and that its widespread adoption is a positive development for the internet.

• A brief history of code signing at Mozilla

  permalink

  Posted: 2025-02-07 17:51:49

  Verbose tl;dr

  Mozilla's code signing journey began with a simple, centralized system using a single key and evolved into a complex, multi-layered approach. Initially, all Mozilla software was signed with one key, posing significant security risks. This led to the adoption of per-product keys, offering better isolation. Further advancements included build signing, allowing for verification even before installer creation, and update signing to secure updates delivered through the application. The process also matured through the use of hardware security modules (HSMs) for safer key storage and automated signing infrastructure for increased efficiency. These iterative improvements aimed to enhance security by limiting the impact of compromised keys and streamlining the signing process.

  This blog post by "hearsum" meticulously chronicles the evolution of code signing practices at Mozilla, providing a detailed account of the challenges, adaptations, and technical decisions made over the years to enhance the security and integrity of their software distributions. The narrative begins with the early days of Mozilla's code signing efforts, highlighting the initial reliance on a single code signing certificate and the manual processes involved. This period is characterized by its simplicity, but also by its vulnerability to potential security breaches and operational inefficiencies. The author underscores the inherent risk of a single point of failure represented by the sole certificate.

  As Mozilla's software offerings expanded and diversified, so too did the complexity of their code signing infrastructure. The blog post describes the transition to a more sophisticated system involving multiple code signing certificates, carefully differentiated by product and platform. This approach aimed to mitigate the risk associated with a single compromised certificate, isolating potential damage to a specific product line rather than the entire software ecosystem. The author elaborates on the logistical challenges of managing multiple certificates across various teams and geographical locations.

  A key turning point in Mozilla's code signing journey is the introduction of hardware security modules (HSMs). These specialized devices provide a secure and tamper-resistant environment for storing and managing cryptographic keys, significantly enhancing the security posture of the code signing process. The blog post details the complexities involved in integrating HSMs into the existing workflow, emphasizing the need for robust access control mechanisms and secure key handling procedures. The author specifically mentions the exploration of different HSM solutions and the eventual selection of a cloud-based HSM service, underscoring the advantages of scalability, availability, and disaster recovery capabilities offered by this approach.

  The narrative then delves into the challenges of automating the code signing process, a critical requirement for ensuring efficiency and repeatability. The author describes the initial reliance on manual scripting and the subsequent migration to a more robust and scalable automation framework. This evolution enabled Mozilla to streamline the code signing workflow, reducing the risk of human error and accelerating the release cycle. Furthermore, the blog post highlights the importance of integrating code signing into the Continuous Integration/Continuous Delivery (CI/CD) pipeline, enabling seamless and automated code signing during the build process.

  Finally, the author discusses the ongoing efforts to enhance the security and resilience of Mozilla's code signing infrastructure. This includes exploring advanced techniques such as dual code signing, which involves signing code with both an internal certificate and an external certificate from a trusted Certificate Authority (CA), adding an extra layer of verification and protection against potential CA compromises. The post concludes by emphasizing the continuous commitment to improving the security and integrity of Mozilla's software releases through ongoing refinement and adaptation of their code signing practices. This commitment reflects the organization's dedication to protecting its users from malicious software and ensuring the trustworthiness of its products.

  • Code Signing
  • Mozilla
  • History
  • Software Security
  • Digital Signatures
  • certificates
  • Browser Security
  • Web Security
  • PKI
  • Software Development

  Summary of Comments ( 80 )
  https://news.ycombinator.com/item?id=42975436

  Verbose tl;dr

  HN commenters generally praised the article for its clarity and detail in explaining a complex technical process. Several appreciated the focus on the practical, real-world challenges and compromises involved, rather than just the theoretical ideal. Some shared their own experiences with code signing, highlighting additional difficulties like the expense and bureaucratic hurdles, particularly for smaller developers. Others pointed out the inherent limitations and potential vulnerabilities of code signing, emphasizing that it's not a silver bullet security solution. A few comments also discussed alternative or supplementary approaches to software security, such as reproducible builds and better sandboxing.

  The Hacker News post "A brief history of code signing at Mozilla" generated a moderate discussion with several insightful comments. Many commenters focused on the complexities and frustrations of code signing, particularly in the context of Mozilla's cross-platform support and evolving security landscape.

  One commenter highlighted the often overlooked fact that code signing isn't a silver bullet guarantee of security, but rather a measure of provenance. They emphasized that signed code can still be malicious, and users should exercise caution even with signed applications. This commenter also touched on the economics of code signing, mentioning the costs associated with certificates and the challenges smaller developers face.

  Another commenter shared their personal experience with code signing, recounting the hassle and expense involved, particularly for distributing software across different platforms like Windows and macOS. They expressed frustration with the opaque nature of the process and the lack of clear documentation, echoing a sentiment shared by several others. This commenter also questioned the efficacy of code signing given the potential for vulnerabilities in the signing process itself.

  Several commenters discussed the technical details of code signing, including the different types of certificates, the use of timestamping, and the challenges of managing certificates within a large organization like Mozilla. They explored the trade-offs between security and usability, and the difficulties of balancing user experience with the need to protect against malware.

  One commenter specifically mentioned the increasing complexity of code signing on macOS, noting Apple's increasingly stringent requirements and the challenges this poses for developers. They pointed out the potential for disruptions and the difficulty of keeping up with Apple's evolving policies.

  Finally, several comments touched upon the broader implications of code signing for the open-source community. Some expressed concern that the costs and complexity of code signing could create barriers to entry for smaller projects and discourage open-source development. Others suggested alternative approaches, such as reproducible builds, as a potential solution to some of the challenges posed by code signing.

  Overall, the comments on the Hacker News post paint a picture of code signing as a necessary but complex and often frustrating aspect of software development, particularly for large organizations like Mozilla that support multiple platforms. The discussion highlights the ongoing challenges of balancing security, usability, and cost, and the need for clearer documentation and more streamlined processes.