Wandering Thoughts archives

2016-11-03

I suspect that browsers are not fully prepared for bad CAs

Yesterday I mentioned that I thought how slowly the browsers were moving on the WoSign/StartCom issue was a sign of real weaknesses in the ability of browsers to deal with bad CAs. Today it's time to explain that little cryptic remark, but first, a necessary disclaimer: I'm an outsider here and so I'm at least partly speculating.

So first, let's establish how the browsers are being slow. Both Chrome and Mozilla have announced cutoff dates for WoSign and StartCom certificates that will be accepted as valid in future versions of their browsers; both will distrust certificates issued after October 20th. Both Mozilla and Chrome announced this after October 20th, and while there is a case to be made for allowing people who got WoSign and StartCom certificates after the 20th some time to make alternate arrangements, I don't think there's a particularly compelling reason to give such people three months of grace time.

One of the things going on here is that at least Mozilla doesn't seem to have a general mechanism that's ready to be used for this sort of targeted restriction on a Certificate Authority. So instead of being able to add some data to a file somewhere and ship it as a trivial update, Mozilla had to add some code to Firefox to specifically implement (and test) these restrictions. Adding code, even small code, is a risk, and it's not surprising that Mozilla wants to be cautious and send such code through the regular release process. In this case the regular release process will surface this change in Firefox 51, which is expected to go into beta soon (from Mozilla's rapid release calendar page). My suspicion is that Chrome also needs to make code changes instead of just updates to data files, and so is also putting the change through their regular beta and release process instead of rushing it.

Would this distrust of WoSign and StartCom certificates have made it into Firefox 50 if it had been simply a data file update? Well, maybe; Mozilla might think that only three weeks was too little time for people with recently issued certificates. But I don't think it would have hurt.

It would be nice to think that this WoSign/StartCom issue is a one-off incident, but the odds are very good (or bad) that it isn't. It's very likely that we're only going to see more CA screwups and problems come to light in the future. When they do, it would be good if browsers had general and easily used mechanisms already in place to put some common restrictions on CAs, instead of having to write custom code each time.

(Now that this has happened, browsers developers may start working on such general features. For example, since Chrome has now had a number of cases of telling CAs 'your future certificates must be in Certificate Transparency logs', I suspect that they've now built a general feature for this and can add new CAs with just some data file updates. Of course, Chrome is theoretically moving towards requiring CT for all TLS certificates.)

PS: Browsers can relatively easily totally distrust genuinely rogue Certificate Authorities, and they ship such updates very fast (the DigiNotar case is an example of that). The tricky situation is something like here, where browsers lose confidence in a CA and its future behavior so they want to restrict it, but it's not so bad that they're going to totally distrust the CA's existing certificates.

web/BrowserPreparationsForBadCAs written at 00:17:48; Add Comment


Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.