[SSL Observatory] Number of CAs

Thu Dec 8 13:38:20 PST 2011

Just go to the DigiCert Chain Checker at http://www.digicert.com/help/ and
enter www.facebook.com or try login.facebook.com, secure.facebook.com, or
just "facebook.com".   Digicert and Symantec (Verisign/Geotrust/Equifax)
issue certificates to Facebook.  What you get depends on which browser you
use and which server you hit.

-----Original Message-----
From: observatory-bounces at eff.org [mailto:observatory-bounces at eff.org] On
Behalf Of Daniel Kahn Gillmor
Sent: Thursday, December 08, 2011 2:09 PM
To: Erwann Abalea; EFF Observatory
Subject: Re: [SSL Observatory] Number of CAs

Bonsoir Erwann--

On Thu, 8 Dec 2011 21:26:45 +0100, Erwann Abalea <eabalea at gmail.com> wrote:
> Strange. Asking with OpenSSL shows a path up to VeriSign (a 2048 bits
key).
> Using Firefox or Safari shows a path up to DigiCert (a 2048 bits key). 
> I'm in France.

Try looking at the top DigiCert certificate in the chain in firefox or
safari -- is it self-signed, or is it issued by Entrust.net?

0 dkg at pip:/tmp/cdtemp.ma5ZAf$ echo | openssl s_client -CAfile
Entrust.net_Secure_Server_CA.crt -connect facebook.com:443
CONNECTED(00000003)
depth=3 C = US, O = Entrust.net, OU = www.entrust.net/CPS incorp. by ref.
(limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Secure
Server Certification Authority verify return:1
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High
Assurance EV Root CA verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High
Assurance CA-3 verify return:1 depth=0 C = US, ST = California, L = Palo
Alto, O = "Facebook, Inc.", CN = www.facebook.com verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=www.facebook.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
CA-3
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
CA-3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV
Root CA
 2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV
Root CA
   i:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGMjCCBRqgAwIBAgIQDG/IWVf6H1/JZyyf5lzb5jANBgkqhkiG9w0BAQUFADBm
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBDQS0zMB4XDTEwMTExNTAwMDAwMFoXDTEzMTIwMjIzNTk1OVowajELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEX
MBUGA1UEChMORmFjZWJvb2ssIEluYy4xGTAXBgNVBAMTEHd3dy5mYWNlYm9vay5j
b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMHffWNBvcTk+mUzE3jVYjeW
p2HzsZa/I466h6ftB/neLeuox7ytd6ZejQMDNuNN99Dxq2byty4zFr4mD11BFn//
twCe+g6ZFWxSGtcKxq375AciP9sEpLZppe3Wh7aIxYP16Maz/8AOH52jhXDtonYU
e3A+77BCCzjWggAj3WN1AgMBAAGjggNaMIIDVjAfBgNVHSMEGDAWgBRQ6nOJ2yn7
EI+e5QEg1N55mUiD9zAdBgNVHQ4EFgQUqldKM7bs1W6BE6Y2XvR7Q1jzj0QwKQYD
VR0RBCIwIIIQd3d3LmZhY2Vib29rLmNvbYIMZmFjZWJvb2suY29tMHsGCCsGAQUF
BwEBBG8wbTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEUG
CCsGAQUFBzAChjlodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRI
aWdoQXNzdXJhbmNlQ0EtMy5jcnQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
MAAwZQYDVR0fBF4wXDAsoCqgKIYmaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2Nh
My0yMDEwaS5jcmwwLKAqoCiGJmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMt
MjAxMGkuY3JsMIIBxgYDVR0gBIIBvTCCAbkwggG1BgtghkgBhv1sAQMAATCCAaQw
OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVw
b3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUA
IABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4A
cwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQA
aABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQA
aABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUA
bgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkA
IABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUA
cgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAlM16QP60C/t6S
0p4S9+8Wao26ZqBarmZ2vEoSE+OS1vcPlLwBlSDo8P2sZt4kGK/uor9fo+xectYg
GtLGjwcNev+lj30HfO6ZgQBqjYCnjcAAFsUd2AY39+wD6KK0QFyVdQwUAdF1p1aY
8DggH3cVeau14wQKd8nDtZlXdk8ObncaYTdvmrpTUT9RPpXAtMQgl+kmE0DDGeRB
2Sb3OUvyoaTDtQXFvuJlhcspgGHW14e6yCX+hXG70mZjUkkLHWqAYkM8J/w8Khwu
gqeCEJjrS1oyfLGPXDkAxC9xtb3+v2DdAEOj8xCWg/hvleSrYh1SBXmU1zHyHHVE
yieOb6nD
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=www.facebook.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
CA-3
---
No client certificate CA names sent
---
SSL handshake has read 4489 bytes and written 347 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : RC4-SHA
    Session-ID:
29B561B5096EA1D63BCE883F853D9758CA7154B5D53168E431F34E055284C503
    Session-ID-ctx: 
    Master-Key:
37362E291FF0F4960841D265696159D83517A06215ACC6129EBD29CFC7E5A460782FC98CFFCA
83446DFCF99D4688C321
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1323378110
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
DONE
0 dkg at pip:/tmp/cdtemp.ma5ZAf$ 

> A root can't revoke itself. Trust has to come off-band, and is removed 
> off-band.

This is news to me.  What are all these CRL Distribution point extensions
doing in CA certificates then?  How should an application used by a relying
party be notified if a Root CA is compromised?

What should an application used by a relying party do if it fetches the CRL
listed at the distribution point and finds a valid CRL containing the root
certificate's serial number?

Is there some reference that you could point me to that suggests that
X.509's revocation infrastructure is insufficient for revoking root
certificates?  What sorts of threat does this limitation mitigate?

I understand that establishing root trust does need to come out-of-band at
some point.  I don't understand why you shouldn't believe a trusted party if
it tells you that its key is no longer reliable.

Regards,

      --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5461 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/observatory/attachments/20111208/a968f0a0/attachment.bin>