Wandering Thoughts archives

2016-11-01

Encouragingly, browsers have not backed down over WoSign

I mentioned WoSign back in September. At that point everything was up in the air but I thought that things did not good for WoSign, and one of the things I was worried about was browsers blinking and finding excuses to not de-trust WoSign. Since then, what we've had is a series of good news (for people who care about TLS security), not bad news. The first to act was Apple, who apparently never had WoSign root certificates but took steps to explicitly block the ones that were cross-signed by StartCom roots that they did have. Mozilla moved slowly but reached the conclusion that I expected them to, first issuing a damning draft report and then an official decision. Yesterday the penny finally dropped with Chrome. This leaves Microsoft as the only major browser vendor to not speak out on WoSign and StartCom so far.

(Unlike Mozilla and Chrome, Apple has not said anything about StartCom's root certificates, but they have also said that they may take more actions.)

On the one hand, everyone is moving very slowly. Chrome, for instance, will only stop trusting recently issued WoSign and StartCom certificates in Chrome 56, which is apparently expected only in late January of 2017 (ie, about three months from now); Mozilla has a similar timeline with Firefox 51. Apple hasn't even said anything about their timing. On the other hand, everyone actually is doing things and they've committed to them in public (and everyone has reserved the ability to act more strongly and more abruptly if needed).

Although I'd like faster action, the action that has happened encourages me. To the best of my memory, WoSign/StartCom is the first CA where the core flaw has been sloppy practices instead of anything worse (like compromise and loss of control over their signing keys, such as DigiNotar), and in the form of StartCom, it's also a reasonably popular CA. Yet at least two out of the four major browsers are willing to cut WoSign and StartCom off entirely, basically putting them out of business. This is a positive sign for the overall health of TLS in practice and the CA system (as broken as it still is), and it suggests that the browsers may be able to cut off or limit a bigger and more important CA that misbehaves significantly (as may have come up already).

(At the same time, how slowly this has to move has shown real weaknesses in the ability of browsers to deal with this sort of problem. But that's another blog entry.)

web/WoSignBrowsersNotBlinking written at 23:46:48; Add Comment


Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.