[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail

[Chris Palmer]

Note that it was certificate pinning that uncovered this whole mess: Chrome is born with a whitelist of the known signers for the Google domains, and a user who was being MITM posted their screenshot of Chrome saying "No way!" about the false DigiNotar *.google.com certificate. (When presented with an absolutely known-bad certificate chain, Chrome follows the HSTS spec and won't even let you click through. Spoofing becomes DoS.)

Our goal with HSTS-based certificate pinning is to provide this functionality to sites in a scalable way. (You can, not-scalably, get embedded into Chrome, if you email Adam L. http://www.imperialviolet.org/2011/05/04/pinning.html http://dev.chromium.org/sts) The Tor Project is now whitelisted, for example.

The trouble with HSTS-based pinning is that sites whose operators are not very, very careful can "brick" themselves. (What if you set a 1-year pin to a cert that you lose control of in 6 months? That's why Adam calls this a "foot cannon".)

I hope to be sending our draft extension to the HSTS spec Real Soon Now, and if it turns out to be not completely unworkable, the open source Chrome implementation after that.