Wandering Thoughts archives


We're probably going to see a major Certificate Authority de-trusted

I mentioned WoSign the other day. To be blunt, at least from my perspective things do not look for WoSign. Unlike some CAs they do not seem to have been compromised or acting with actual malice; however, they are behaving extremely sloppily, do not seem to care much about security, and certainly appear to be lying about multiple issues. At this point it seems less like a question of if they should be de-trusted by browsers and more a question of when.

Under normal circumstances, this might be nothing for big concern (at least for most people); to the limited extent that I can find information on this on the Internet, WoSign doesn't seem to be a major CA with lots of TLS certificates issued, especially outside of China. But the problem isn't confined to WoSign, because WoSign owns StartCom, also known to people as StartSSL. Before Let's Encrypt launched, StartSSL was most people's best source of free certificates. They issued a lot of them (and then annoyed a bunch of people by charging for certificate revocations, even in the face of a major incident). Especially given that StartCom has already cross-signed one WoSign CA certificate, there is very little point to de-trusting WoSign without also de-trusting StartCom. And de-trusting StartCom is very likely to have a real impact on a lot of websites.

(Even WoSign themselves don't dispute that they've bought StartCom; they just claim that the transaction hasn't closed yet. And this claim is not in accordance with the facts that Mozilla has obtained.)

One of the problems here is that it is hard to partially revoke trust in a CA, especially if they've already demonstrated they're willing to do things like backdate newly issued certificates. If you say 'trust no certificates issued after <X>', then such a CA will just backdate their certificates; they have very little reason not to and every reason to do so, because for a CA not being able to issue new certificates is a death sentence. CT logs only help somewhat, because they're ultimately an after-the-fact tool that lets you know bad certificates have been issued but doesn't stop the issuing. If you believe that a CA will continue to issue bad certificates, requiring them to be publicly visible is not really a solution even though it helps.

Unfortunately, de-trusting WoSign and StartCom is not something that one browser can do alone in practice. As I've written about before, browsers are engaged in a giant game of CA chicken with each other as far as major CAs are concerned. Users want browsers that work and refusing to trust websites that you want to visit doesn't count as working. If Mozilla de-trusts WoSign and StartCom without support from Chrome and probably Apple and Microsoft as well, the most likely effect is that Firefox loses more users. Is WoSign's conduct sufficiently egregious to also get at least Chrome to drop them? We don't know, and may not for a while. Since there is no clear large danger, things may move slowly here. To put it one way, I expect all the browsers to give WoSign a lot more time to make more excuses.

(I myself am not courageous enough to de-trust StartCom in my Firefox; I expect that that would just be too inconvenient due to StartSSL certificates that I encounter without realizing it. So I can't blame anyone.)

PS: the DigiNotar case demonstrates that browsers can move fast on de-trusting CAs if things are sufficiently bad. But barring a major new issue, things aren't that bad with WoSign, or at least we lack a sufficiently large smoking gun that WoSign can't wave away.

web/WoSignExplosionToCome written at 01:51:41; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.