[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail

Jacob Appelbaum jacob at appelbaum.net
Mon Sep 5 03:54:16 PDT 2011 

On 09/05/2011 12:33 PM, Gervase Markham wrote:
> On 05/09/11 11:21, Jacob Appelbaum wrote:
>> An interesting problem here is that even if OCSP worked... it doesn't
>> appear that browsers want people to use this feature generally.
>>
>> In Firefox, I see:
>> security.OCSP.enabled and it is set to 1.
>> security.OCSP.require and it is set to false.
>>
>> So it's on but it's not a hard fail?
> 
> That is correct. We are not yet confident enough in the general OCSP
> infrastructure to enable hard fail. (Some CAs are doubtless much better
> than others.) Large website owners have also told us (and, I believe, at
> least one is on record in public as saying) that if we enable hard fail
> for OCSP, they would seriously have to consider requesting certificates
> without OCSP responder information. This is because it then becomes
> possible to DOS the site by DOSing its CA - and there are very few or no
> CAs whose OCSP infrastructure is currently up to repelling the level of
> DOS which major sites on the net are constantly under. If the bad guys
> were just to re-point their botnets...
> 

I'm aware of this problem and I agree that it can't be easily overlooked.

Who are the large website owners? Do they want to commit engineers to
helping implement OCSP stapling for Firefox?

That seems like a nice compromise, doesn't it?

I've heard similar grumbling from companies and another solution might
be to do CAA like pinning and not force OCSP for some domains because
there is something comparable happening. It's certainly not the same but
it's a step up from where we are now and it is what stopped Google
Chrome users from being MITM'ed in Iran last week.

No such possibility exists in Firefox as I understand it and as someone
(*.torproject.org) that was a target of the MITM, I'm quite sad that
Firefox isn't keeping pace with Chrome. Tor is now in the HSTS/Cert
Pinning code for Chrome - when can we expect such a thing from Firefox?
How can people help to get it there?

>> Ironically, I also see:
>> services.sync.prefs.sync.security.OCSP.enabled and it is set to true.
>> services.sync.prefs.sync.security.OCSP.require and it is set to true.
>>
>> It looks like the CA that runs Mozilla's OCSP server probably gets a
>> record of all people that use sync unless you guys use OCSP stapling.
> 
> s/all people/all IP addresses/, but yes, I suppose so.
> 
> Firefox does not yet implement OCSP stapling :-(
> https://bugzilla.mozilla.org/show_bug.cgi?id=360420
> 

That's pretty bad news.

> In general, I would say that a very good way to make things better in
> Firefox is for more people to join us in working on NSS.
> 

Sure - What's the big picture? Where is Mozilla trying to go?

I know that Mike Perry has been working on Firefox for a long time and
basically spent five years on a single SOCKS proxy time out bug (The
Great SOCKS Bug) - that seems like a poor investment of time.

Is there a road map for these kinds of features? Things that will stop
patches from being accepted? Bugs that will block releases if they're
not done, etc?

All the best,
Jacob

More information about the Observatory mailing list