Mozilla, Symantec, SHA-1 certificates, and the balance of power

February 24, 2016

In theory, all CAs are supposed to have stopped issuing SHA-1 certificates on January 1st. In Payment Processors Still Using Weak Crypto (via), Mozilla has now announced that they will allow Symantec to issue a limited number of SHA-1 certificates. The reactions I've seen are reasonably harsh. While I don't entirely disagree, I have an additional cynical perspective that's based on the balance of power between CAs and browsers.

Let us be blunt here: Symantec wants to issue these certificates. They are undoubtedly getting to charge a large amount of money for them (especially under the circumstances) and we have plenty of evidence that many CAs do not care one whit about phasing out SHA-1. Browser demands to the contrary are an irritating distraction from the important business of taking money for random numbers.

Browser people are caught in a difficult three-way situation. On the one hand, they hold significant power given the only purpose of most TLS certificates is to display a lock in the browser. On the other hand, browsers are generally commodities themselves. If a browser stops working for you, which includes 'letting you browse HTTPS sites that you want to browse', most people are going to switch to one that does work. The result is that browsers are engaged in a giant game of CA chicken with each other, much like XHTML chicken and DRM chicken. If all browsers remove a popular CA for violating policies, all is fine. But if one or more browsers blink and do not do so, the remaining strict browsers lose; some decent amount of their users will find important sites not working and move one of the browsers that still include the CA. So if you are a CA, you actually hold a fair amount of power over browser vendors provided that you can deal with them in isolation. Finally, on the gripping hand I think that many browser people genuinely want to do what's right, which includes not screwing people in various ways, especially over risks that are (unfortunately) theoretical at the moment.

If Mozilla were to take a hard line here but no other browser were to do so, it feels likely that Symantec would issue those SHA-1 certificates anyways. If Mozilla were to make Firefox stop trusting Symantec certificates, a lot of people would switch away from Firefox (and it doesn't have a huge user base any more). If Mozilla didn't, its threats to do so in the future to misbehaving CAs would be much less credible. So it comes down to whether other browsers will pull Symantec's root certificates over this. Will they? I suspect not, although we'll find out soon enough.

(For the record: I don't think that the Mozilla people involved made the decision they did because of fear of this happening. I'm sure they're sincere in their desire to do the right thing, and I'm sure the harm to various people of Symantec not issuing these certificates weighed on their minds. But I can't see this situation and not think of the balance of power behind the scenes and would probably happen if Mozilla's decision had gone differently.)

Written on 24 February 2016.
« I'm often an iterative and experimental programmer
Our problem with iSCSI connections at boot on OmniOS »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Wed Feb 24 23:54:42 2016
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.