tag:blogger.com,1999:blog-7709545987428077201.post1701772047541971477..comments2023-12-18T22:33:06.504-08:00Comments on Schmoilitos Way: Nobody is perfectMike Zusmanhttp://www.blogger.com/profile/12928702448334406855noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-7709545987428077201.post-38444387074806057732009-01-03T16:59:00.000-08:002009-01-03T16:59:00.000-08:00My only connection with StartCom is as a customer....My only connection with StartCom is as a customer. (Unfortunately Blogger doesn't want to work with my StartSSL OpenID at the moment).<BR/><BR/>The CertStar / Comodo certificate for mozilla.com that Eddy Nigg was able to obtain due to a lack of Domain Validation is all but neutralised now.<BR/><BR/>Comodo revoked the certificate, so anyone who configures their browser to check for revocation would not recognise the certificate as valid. Unfortunately, revocation checking is not turned on by default, not least because of the fear of causing users problem if the OCSP server isn't working properly. A recurring problem in Internet security is balancing user convenience versus security, though I believe revocation checking should be turned on with users being warned if the revocation check fails. In Firefox 3, choose Options, Advanced, Encryption Tab and press the Validation button.<BR/><BR/>Whilst talking about revocation checking, it would help if all CAs included the Authority Information Access extension for OCSP in their certificates. Some (admittedly lower value) certificates don't have this extension, such as Thawte Freemail client certificates, though it's arguably more important for server certificates.<BR/><BR/>Eddy has taken down the public server using this certificate, further neutralising it.<BR/><BR/>Hopefully we can reach a point where the situation is completely worked through and the private key is destroyed - but I would contend that Eddy can do much more serious damage to the PKI should he choose to as he has access to StartCom's root certificate.<BR/><BR/>More importantly, this and other recent PKI / certificate related news (such as the <A HREF="http://www.win.tue.nl/hashclash/rogue-ca/" REL="nofollow">MD5 collision attack on RapidSSL</A> will hopefully encourage wider use of OCSP.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7709545987428077201.post-44478525136544700792009-01-03T01:12:00.000-08:002009-01-03T01:12:00.000-08:00It's also interesting that Eddy Nigg (StartCom's f...It's also interesting that Eddy Nigg (StartCom's founder) has thus far <A HREF="https://bugzilla.mozilla.org/show_bug.cgi?id=471702" REL="nofollow">refused to give up the mozilla.com certificate</A> despite a <A HREF="https://bugzilla.mozilla.org/show_bug.cgi?id=471702#c13" REL="nofollow">request from Mozilla</A> to do so.<BR/><BR/>Seems the race to the bottom is over - the CAs are just as bad as each other.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7709545987428077201.post-2179623288021192972009-01-03T00:33:00.000-08:002009-01-03T00:33:00.000-08:00People may remember that quite some years back, Ve...People may remember that quite some years back, Verisign handed out certs for Microsoft to an unauthorized individual. It happens. In fact, according to The Byzantine General's Problem, it must occasionally happen when you have N parties involved and you cannot guarantee (N/2)+1 of them can be trusted.<BR/><BR/>In most real-world scenarios, it simply isn't cost-effective to meet that kind of guarantee, assuming you even can. Even the highest tiers of certification out there don't meet the mathematical minimum requirement and those are considered the realistic best for mission-critical stuff.<BR/><BR/>Even if you could meet such a standard, it might not help. MD5 and SHA1 are no longer considered cryptographically safe and there are question-marks over how well SSL 3.0 validates things anyway. The moment someone can reliably spoof a certificate, all the validation in the world won't help.<BR/><BR/>That doesn't mean it's all doom-and-gloom. The system does work, it mostly works very well, and kudos to all who have made it that way and will doubtless improve it in future. You're more likely to read about carelessness with unencrypted data on backup tapes, laptops or unsecured servers and those issues can certainly be fixed.<BR/><BR/>Given that banning stupidity isn't an option (a great pity), I await with interest to see what methods end up actually being used to improve security as a whole.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7709545987428077201.post-29978794512024839782009-01-02T20:02:00.000-08:002009-01-02T20:02:00.000-08:00StartCom made the "Critical Event Report" publicly...StartCom made the "Critical Event Report" publicly available <A HREF="https://blog.startcom.org/?p=161" REL="nofollow">here</A>.Unknownhttps://www.blogger.com/profile/00255111461041949750noreply@blogger.comtag:blogger.com,1999:blog-7709545987428077201.post-9000720037253939522009-01-02T19:11:00.000-08:002009-01-02T19:11:00.000-08:00Yes that's correct. Mike Zusman detected a real fl...Yes that's correct. Mike Zusman detected a real flaw in our system by using an SSL proxy tool to change the values of the validation emails. The attempt to get a certificate for www.verisign.com was detected within 8 minutes and Mike was blocked from our systems. After a short conversation, it was reproduced and correctly fixed.<BR/><BR/>Nevertheless, this is under our direct control and needless to say that our further layers of defenses succeeded to prevent an attack on a high-profile target such as Verisign. A such, you are right, no system is perfect and mistakes do happen. However exactly because of that, special care must be taken and the system itself must be protected. More than that, retaining all evidences are important as well. As such we also had the capability to verify if other such attempts happened. We've found none.<BR/><BR/>There is a huge difference in my opinion between this flaw and that of Comodo, as no validation system was in place at all. That's not a flaw, it was simply non-existent. Would StartCom outsource domain validation or a third party? Most likely not.Unknownhttps://www.blogger.com/profile/00255111461041949750noreply@blogger.com