[SSL Observatory] [cryptography] After the dust settles -- what happens next? (v. Long)

[Marsh Ray]

On 09/11/2011 11:24 PM, Paul Hoffman wrote:
>
> On Sep 11, 2011, at 6:40 PM, Marsh Ray wrote:
>
>> On 09/11/2011 07:26 PM, Paul Hoffman wrote:
>>> Some of us observe a third, more likely approach: nothing
>>> significant happens due to this event. The "collapse of faith" is
>>> only among the security folks whose faith was never there in the
>>> first place. A week after the event, who was talking about it
>>> other than folks on these lists and lists like them?
>>
>> The 300,00+ Iranians who were actively attacked and now have to
>> change their password and are wondering if they'd said anything in
>> Gmail to get them arrested and interrogated.
>
> Do you have any evidence that improving crypto is being talked about
> by those affected in Iran? I haven't seen it yet.

I don't know that they're discussing "improving crypto". But they're 
talking about it:

http://www.google.com/search?q=diginotar+site:*.ir

The title translates as "online magazine for the young":
> http://translate.google.com/translate?hl=en&sl=fa&u=http://irjavan.persianblog.ir/post/130&ei=5TFuTpneFqmQsAL4yfy5BA&sa=X&oi=translate&ct=result&resnum=3&ved=0CCoQ7gEwAjgU&prev=/search%3Fq%3Ddiginotar%2Bgmail%2Bsite:*.ir%26start%3D20%26hl%3Den%26client%3Dubuntu%26sa%3DN%26channel%3Dfs%26prmd%3Divns
> Today Google announced on its official blog of the event of a serious security problem for Internet users in Iran has.
>  Apparently, some Internet users in Iran, according to Google's Gmail to your browser when faced with security warnings.
> The security warning means that someone is trying to access their e-mail!
> SSL man-in-the-middle (MITM) attacks Google today announced an attack on
> your website with SSL man-in-the-middle (MITM) attacks on Internet users
> residing in Iran, declared that the person or group of Iranian security services
> are trying to choose between Google and the company DigiNotar security
> certificate can be forged and fake a page and create a way to access
> their email. SSL Certificate According to Google's work in Iran has been
> using Gmail for a fake SSL Certificate.


and let's not forget the alert Iranian who reported it in the first place:
https://www.google.com/support/forum/p/gmail/thread?tid=2da6158b094b225a&hl=en



>> The unknown numbers of Chinese (and people in other countries) who
>> were hoping a US product like Gmail could provide a censorship-free
>> email service.
>
> Same question. However, I have first-hand evidence that people in
> China are not talking about that,  but instead are talking about how
> to make *Chinese* services work outside of government censorship. And
> those people aren't talking about PKIX.

Uh huh. The "fix" may come in terms of a replacement and will quite 
likely not be recognized as such by those invested in the old system.

>> The Dutch IT people who have to replace the ~58,000 certs issued by
>> DigiNotar PKIoverheid CA.
>>> http://www.techworld.com.au/article/400068/dutch_government_struggles_deal_diginotar_hack/

> Look what you just wrote. Those folks aren't looking for us to fix
> PKIX: they are looking for different CAs. That's not a "collapse of
> faith", just a desire for a quick fix.

Obviously they are in desperate need of a quick fix. When they get their 
head above water again they may be more interested in shopping around.

>> The management at Google who are likely scared as hell that the
>> webmasters and security auditors of the 50% of major sites that
>> source Javascript from https://google-analytics.com/ will realize
>> that they would have been pwned too (and possibly been obligated to
>> report it) had the attacker issued a cert for that.
>
> Could be, but neither you nor I work at Google so that's pure
> speculation. (There are likely some Googlers on this list who can
> speak authoritatively on whether their management are "scared as
> hell" or even noticing.)

These are the people who are authoring the web origin, strict HTTPS, and 
related documents in the IETF.
http://tools.ietf.org/html/draft-ietf-websec-origin
http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec

They are the ones who put the pinning in the browser for their own 
certs. That's how this attack was detected. They recognize the threat.

>> The people responsible for security at Amazon, PayPal, every other
>> big retailer and the financial services companies that handle
>> high-value accounts.
>
> Again: where is your evidence that they (other than Andy) care
> enough? I have seen zero in the serious business press (Forbes,
> BusWeek, etc.) after the first few days.

Yeah, why is that? We all know it's critically important. Surely they're 
getting tired of stories about cloud computing by now.

Perhaps maybe we're not doing a good enough job communicating the 
reality of the hundreds of weakest links in the PKI reliability equation?

> If there was much interest
> on the part of their readers (as in "every other big retailer and the
> financial services companies"), they would likely be milking it, but
> they are not.

I never said the readership of Forbes and BusWeek were up in arms about 
it. But I believe that many of the disproportionally clueful and 
influential people have by now realized that Google and Microsoft 
(through Windows Update) had implemented certificate pinning for their 
own purposes.

The herd follows "best practices" (and for good reasons) established by 
the industry leaders, but "do as I say not as I do" doesn't always work 
so well.

>> The governments and government contractors who depend on SSL VPNs
>> with an in-band second factor of auth (like hardware token codes)
>> to secure their remote access.
>
> I have first-hand evidence that they are not discussing the topic.

As a point of reference, did they discuss the RSA SecurID compromise?

>> The attacker himself: https://twitter.com/#!/ichsunx2
>
> Why do you think he's not on this list? :-)

Fair enough! :-)

>> The people who've generated the 367,772 views (so far) of
>> Comodohacker's Pastebin texts: http://pastebin.com/u/ComodoHacker
>
> Pageviews != concern.

It's not completely unrelated.

> See above. Many of the people who you and I *want* to be concerned
> are not as concerned as you say.

Well that's probably true.

> Slashdot commenter are, by and large, not "influential people".
> Please show evidence of the other groups you list above.

We have an enthusiastic Iranian young man claiming he owns four CAs, 
known issued certs for things like *.*.com, working with government 
security services with the stated goal of payback for Stuxnet.

Come on. People are making phone calls and not liking the answers 
they're getting.

> True. The fact that Mozilla is doing a review that might cause them
> to delist the worst CAs is more than we have seen in the past.
> However, if they delist only a few, the result will be that people
> will think that the rest of the CAs are just fine. If they delist a
> significant proportion, *that* will cause more discussion and concern
> among the non-security-geek populace than the current news because it
> will hit businesspeople in their pocketbooks.

Yeah. It may be that the current industry structure is incapable of 
meaningful change. It may be inevitable that we end up with a fragmented 
spectrum of varying-degrees-of-inelegant solutions.

- Marsh