Mozilla Might Distrust Dutch Government Certs Over 'False Keys' (bleepingcomputer.com) 112
Long-time Slashdot reader Artem Tashkinov quotes BleepingComputer:
Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys". If the plan is approved, Firefox will not trust certificates issued by the Staat der Nederlanden (State of the Netherlands) Certificate Authority (CA)...
This new law gives Dutch authorities the powers to intercept and analyze Internet traffic. While other countries have similar laws, what makes this one special is that authorities will have authorization to carry out covert technical attacks to access encrypted traffic. Such covert technical capabilities include the use of "false keys," as mentioned in Article 45 1.b, a broad term that includes TLS certificates.
"Fears arise of mass Dutch Internet surveillance," reads a subhead on the article, citing a bug report which notes, among other things, the potential for man-in-the-middle attacks and the fact that the Netherlands hosts a major internet transit point.
This new law gives Dutch authorities the powers to intercept and analyze Internet traffic. While other countries have similar laws, what makes this one special is that authorities will have authorization to carry out covert technical attacks to access encrypted traffic. Such covert technical capabilities include the use of "false keys," as mentioned in Article 45 1.b, a broad term that includes TLS certificates.
"Fears arise of mass Dutch Internet surveillance," reads a subhead on the article, citing a bug report which notes, among other things, the potential for man-in-the-middle attacks and the fact that the Netherlands hosts a major internet transit point.
Does it make sense to trust any govt key? (Score:5, Insightful)
This is a tough question, because arguably corporate-held keys aren't trustworthy either, but if we are to trust government keys, we need to know what the terms of governance are, and in general we don't. In the U.S., for example, government eavesdropping rules are secret. So trusting a PKI cert issued by the U.S. government is crazy. Of course, governments can also often compel private industry, and as we've seen, private industry can also engage in corrupt practices or careless practices. Honestly, PKI is pretty rickety.
Re: (Score:1)
It makes sense to trust government keys when communicating with the government that issues them.
Re:Does it make sense to trust any govt key? (Score:4, Informative)
The problem is the whole system is set up so you either trust a key signer for any key they sign or you don't trust them at all. There isn't currently a mechanism where you can conditionally trust a key signed by a government.
Re:Does it make sense to trust any govt key? (Score:4, Informative)
True, the current system is and always had been broken by design. It only takes one foul apple to spoil the whole dish.
Re: (Score:3)
Worse, most of the brokenness including not being able to sign sub-certs with a cert from my primary domain and the lack of conditional trust are driven by the desire to sell more certs rather than security concerns or technical limitations.
Re: (Score:3)
Right, but the US government doesn't issue certificates for anyone else. In the Dutch case, however, I do support removing trust.
Re: (Score:2)
It's a matter of who they MIGHT create a fake cert for if they want to snoop. Are you sure you would trust relax.trust.us.gov to never ever issue a fake cert for gmail.com even if the FBI says pretty please and pinky swears they'll get a warrant eventually?
MOD PARENT UP (Score:2)
This is exactly right. If a browser trusts a signing authority, that authority can sign for any domain.
Re: (Score:2)
With that said, we know the supposed intent is to only sign for *.gov, so browsers should only trust the CA for that TLD. This is a good time to evaluate all similar CAs in this way.
Re: (Score:2)
That goes back to my original statement. Browsers really should be able to conditionally trust a CA like that, and users should be able to set conditions on trust, but no browser has either feature currently. It should be part of the standard, but that might have cut into sales so it was right out of the question.
Re: (Score:2)
Are you sure you would trust relax.trust.us.gov to never ever issue a fake cert for gmail.com even if the FBI says pretty please and pinky swears they'll get a warrant eventually?
This is why public key pinning must be removed [slashdot.org] in future versions of Chrome, and the ability to check the details of a certificate has already been well buried within the developer tools UI.
Re: (Score:2)
At least for browsers you can add an exception for the gov't certs that you trust.
Re: (Score:2)
You can add exceptions for individual certs, but only if you either blindly trust them or use an external mechanism to validate the signature. But you can't, for example, set the browser to trust a cert signed by the U.S. government ONLY if the cert is for a domain in *.gov.
Re:Does it make sense to trust any govt key? (Score:4, Insightful)
Re: (Score:2)
That would raise the bar considerably.
Re: (Score:2)
all of this is moot since the DNS operator
By DNS operator, you mean the government agency in control of the endpoint to which you are connecting, right?
Re: Does it make sense to trust any govt key? (Score:1)
A goverment might want to spy - so don't trust government keys for yor terror/revolution plans.
Corporate keys are even worse, they might sell access to the highest bidder. Such as your competitors - or governments. Governments have their agendas, but rarely sell out.
Re: (Score:2)
Re: (Score:2)
This is absolutely true, but if it's a PKI signing key, trust is binary, so that's not one of the options (correct me if I'm wrong here—this is my understanding).
Re: (Score:2)
If it's important enough you obviously shouldn't trust any third party to verify anyone's identity, but if I don't know who you are should I start fingerprinting and DNA testing you or should I ask for a driver's license or passport? It's a bit the same with websites, for the most part I'm satisfied with a CA backing the claim. The alternative is that I have no clue, because there's no practical way for me to verify everything in person.
Re: (Score:2)
Some sort of extension in FF that tells a user any gov cert is been used on a non
A question that asks a user if they are in the EU and/or expect to communicate a lot with EU governments?
If a third party is tracking encrypted
Re:Does it make sense to trust any key? (Score:2)
The current system with the hierarchy where a single CA is the only one deemed trustworthy enough is broken since a long time. A new solution is necessary where cross-signing with multiple CAs on a single certificate is necessary to measure how trustworthy a certain certificate is.
Done correctly this would ensure that a single CA isn't able to hold the full key for signing either. This would of course require a completely different architecture in the trust structure.
In addition to this - the keys used to g
Re: (Score:2)
You don't need to split the key to do this, so this is actually not that hard. A simple matter of standardization... :)
Re: (Score:2)
A new solution is necessary where cross-signing with multiple CAs on a single certificate is necessary to measure how trustworthy a certain certificate is.
That sounds awfully like PGP's web of trust. Which, come to think of it, isn't a bad idea.
Brave (Score:1)
Brave is going to take a big chunk out of both Chrome and Firefox once it exits desktop beta.
Re: (Score:2)
Does it make sense to trust any govt?
Well... one could argue that it makes sense to trust the Dutch govt, as they are clearly announcing that they will abuse their authority to issue certificates.
Actually I find that an extremely stupid move.
Re: (Score:2)
In the US gouvernment eavesdropping rules may be secret but at least they seem to have rules they stick by. Being a Dutch citizen and having read about the ways of our government, I would not be surprised if this law that we will get now (of which many dictators will be mighty jealous. Even the FBI was impress with what we can do) just legalises only a part of the ways my gouvernment uses to eavesdrop and spy on its people.
Re: (Score:2)
Governments, take note (Score:5, Insightful)
This is what happens when you try to pull a stunt like this.
Certificates are based on a system of trust. I trust a certificate because the issuer promises that it belongs to the party it was issued to. If that party now not only has the ability but also the obvious intent to intercept and snoop on traffic, the certificate is intrinsically untrustworthy. Because it can easily be used for such nefarious applications.
The Netherlands just made all their certificates along with every certificate issuing company under their jurisdiction untrustworthy.
Re:Governments, take note (Score:5, Interesting)
Then we're down to doing what organizations with elevated security needs already do. Issue their own certificates, transport them to their partner via a secure channel and pin the certificate, i.e. to be valid, the site has to present this certificate, exactly this certificate and only this certificate.
Re: (Score:2)
You forgot to provide a link to your alternative.
And you can untrust any cert you like. Go into your fucking certificate store and delete it.
Re: They made their cert *publically* untrustable (Score:2)
The US state has little in the form of public CA authorities. I think Staat der Nederlanden was the first âoegovernment owned CAâ publicly trusted in browsers.
Re: They made their cert *publically* untrustable (Score:2)
Bluecoat Systems. Google it.
Re: (Score:2)
They should distrust all certificate authorities in countries where there are secret legal means to force the creation of bogus certificates, e.g. the UK.
The whole system needs replacing but while we have to work with it it's important to take a firm stance on not allowing governments to interfere with or subvert it.
Re:Governments, take note (Score:4, Insightful)
This is what happens when you try to pull a stunt like this.
Certificates are based on a system of trust. I trust a certificate because the issuer promises that it belongs to the party it was issued to. If that party now not only has the ability but also the obvious intent to intercept and snoop on traffic, the certificate is intrinsically untrustworthy. Because it can easily be used for such nefarious applications.
The Netherlands just made all their certificates along with every certificate issuing company under their jurisdiction untrustworthy.
What makes anyone think that certain various intelligence agencies (such as those in the USA and Europe in general) do not already have the means to sign "false certificates"? Through government intimidation, secret procedures, etc. In what way are the corporate-based CAs not secretly influenced by the government(s)?
Re:Governments, take note (Score:5, Insightful)
Too high a risk to take.
Blanket use of forged certificates would make it near impossible that such behaviour isn't eventually noticed, which would instantly lead to the whole certificate chain system coming down.
If anything, such a tool would be used very carefully for high profile targets.
Referendum (Score:2, Informative)
Re: (Score:3, Informative)
Btw, Netherlands will hold a referendum on this new surveillance law
The referendum to be held is only valid if 30% of the eligible voters actually vote, and even if it is valid, it is (only) an advisory referendum.
Also, 2 of the major parties have already spoken out as to ignore the results of the referendum, whatever they may be, and continue with this surveillance law.
Re: (Score:2)
That's ok. Most Dutch also ignore what these two parties say.
Re: (Score:2)
Re: (Score:2)
You say this like it mattered.
The more governments act against the interests of their subjects, the less said subjects feel obliged to heed their laws. Or report those that break them.
This is, by the way, one of the reasons the East Bloc fell. In the end people felt more committed to their fellow sufferers than their government.
Re: (Score:2)
Re: (Score:2)
But they also don't want to get involved with government. My neighbor is stealing public property? I'd rather not get involved, it's not like it's my business.
Re: (Score:2)
Next time they won't be.
The thing with having untrustworthy gouvernments and a democracy is that diring the next elections the people always punish the parties for their behaviour. This results in difficult formations and absolutely no possibility of long term planning. Which means the Netherlands are now way behind in education, technology and are far below even the US with regard to doing battling climate change.
Who do you trust? (Score:2)
We have been existing for a long time without https, but now we want a certificate for everything, even places where is trust isnâ(TM)t needed. One of the issues I see is that there is a difference between trust and encryption, but the average user may not make the distinction.
Also, to the average user it isnâ(TM)t clear who the third party they are trusting is and whether they are any more trustworthy. This leads to the risk of blind trust and the consequences that go with it. A bit like afreeing
Re: (Score:1)
I have no idea who hosts the server, and I have no need to trust them. It is useful though if I know that they're the source of the data.
This encryption isn't about trusting the other party you agreed to exchange network data with, it is about trust in the network pipe itself!
Re: (Score:2)
Only if you use a shitty browser that fails to alert you to being MiTMed. Any decent browser will show when your employer is doing this.
Problem is the certificate is trusted by the browser, because your employer manages all infrastructure. See this as a ‘trusted’ or ‘enforced’ man-in-the-middle
Re: (Score:2)
Re: (Score:2)
The BOFH is on my side. I could even be the BOFH for all you know.
Re: (Score:2)
Except we are moving towards a situation where the "site" is just a front for CDN's (Content Delivery Networks): CloudFlare, AWS, Google AMP, etc, etc.
Re: (Score:2)
The "site" can also be sitting behind a proxy server - which can delivery "content" from anywhere for the domain in question.
Claiming there is any real trust in this house of cards is almost laughable.
Re: (Score:2)
For sites where trust isn't needed, that's only true when there's not a mitm attack and/or fake ads, fake downloads, or even something as simple as an email subscribe form where you don't want information in the wrong hands.
Re: (Score:2)
In this time of fake news, https based communication is more important than ever. Less even for the encryption part.
Encryption, despite what most people think, is only the side effect. The main, far more important, aspect is to verify that I am actually talking to whom I think I'm talking to. Encryption means exactly nothing if I cannot determine whether a MitM is taking place.
And neither does it mean anything if I get information from someone without the ability to verify that whoever I'm talking to is act
Re: (Score:2)
https doesn't prevent fake news. But it prevents impersonation. A lot of misinformation is based on someone pretending to be someone else.
Re: (Score:2)
Blindly trusting a third party, or even a small number of third parties, is still a huge improvement over blindly trusting a far greater (but unknown) number of third parties. Quit being lazy and fix your website.
Trust and encryption almost require each other (Score:2)
> One of the issues I see is that there is a difference between trust and encryption, but the average user may not make the distinction.
There actually isn't much difference, in use cases TLS is normally used for. Or more specifically, you can't usefully have one without setting up the other. To have useful encryption you must identify the other party, and to trust their identity you must have, at minimum, cryptographic signatures of the your personal challenge key with server's key and the data (at w
The law will need to pass parliament. (Score:2)
After some seven months of negotiations we've (the Dutch) just received a new coalition government based on four parties.
For some inexplicable reason they all believe this is a good plan though it looks like majority of the population is not convinced.
An advisory referendum will be held but one of the larger parties already announced they would ignore the outcome.
This government has a parliamentary majority of one and I would be su
Re: (Score:2)
Then it only makes sense that Mozilla are already now telling the Dutch government what the consequences will be of their actions, while it's still possible to simply abandon the proposed law.
Firefox removes a CA while Google removes PKP (Score:3)
It's good to see more governments acting to grant themselves the ability to overtly subvert PKI on a global basis while Google is busy removing the only technology standing any chance of offering end users a clue.
Re: (Score:2)
It's really gauche to accuse Google of doing anti-security things when they're single-handedly advancing the state of the art and have caught state actors breaking PKI.
It's not an accusation. It's a statement of fact. Google *IS* removing PKP and there is nothing available to replace it.
In fact that's the incident which led Google to invent HPKP in the first place, and they knew the problems with it at the time which is why they then went on to invent certificate transparency to replace it.
Here are actual facts:
1. HPKP *IS* a standards track RFC.
2. Expect-CT is NOT a standards track document. It's an experimental draft.
3. Other major browser vendors with notable exception of Microsoft have already implemented RFC "standard".
4. Google is UNILATERALLY abandoning PKP with no industry wide consensus on replacement.
5. Google has failed to offer evidence supporting a coherent t
Re: (Score:2)
What about "Expect-CT" ?
If a site is using Expect-CT, the mis-issued certificate would need to be added to a publicly verifiable append-only log or if the header mysteriously went missing, it gets reported.
Re: (Score:2)
What about "Expect-CT" ?
What about an experimental draft no browser supports? This isn't even a standards track document.
If a site is using Expect-CT, the mis-issued certificate would need to be added to a publicly verifiable append-only log or if the header mysteriously went missing, it gets reported.
Section 4 of draft-ietf-httpbis-expect-ct-02 ... ...
"Site operators could themselves only cure this situation by one of:"
"obtaining a certificate from an alternative certificate authority".
This doesn't fix the problem of states controlling CAs - it ignores it completely.
One RFC gives users control over what is valid while a different experimental draft intentionally takes it away.
Anyone can submit a poem about
Re: (Score:2)
Supported by Blink and enabled by default in Chrome 61 and Opera 48. Mozilla has publicly voiced their support for it and are currently developing support for it.
https://www.chromestatus.com/f... [chromestatus.com]
It stops any CA from mis-issuing a certificate without first publicly declaring so. They have to submit their certificate to a public log before they use it. They can't remove it from the log.
Re: (Score:2)
It stops any CA from mis-issuing a certificate without first publicly declaring so. They have to submit their certificate to a public log before they use it. They can't remove it from the log.
PKP gives operators control over what CAs are considered valid by FORCE.
This is Expect-CT
https://www.youtube.com/watch?... [youtube.com]
They are not the same things. Not even close.
Re: (Score:2)
PKP doesn't stop your CA from issuing another certificate to anyone else.
It also makes it hard to change CA's.
It also makes is possible for an attack to have long lasting impacts on your website. If someone gains access to your web server, they can install their own certificate and set the HPKP header to a large value. Everyone who now visits the website will be unable to access it using any other CA that what the attacker chose.
All it takes is one disgruntled employee.
It's a very easy to fuck up system wit
Re: (Score:2)
So this is how electronic government services are killed -- not by a fierceness of a DDOS attack, but by conflicting values and goals in the global Internet.
You forgot the thunderous applause.
What happened to the alternatives? (Score:3)
There are a number of proposals out there for alternatives that would supplant or replace CAs as the root of trust on the web. Storing keys in DNS via DNSSEC and DANE for one .EFF Sovereign Keys proposal. And I swear there are others but I cant find any right now.
Right now we are in a situation where any one of who knows how many CAs can produce a valid certificate for a web site without the web site even knowing it (and can do so for any number of reasons including a rogue employee, a government or government agency forcing them to do it or a hacker compromising the system and stealing the keys as happened to another Dutch CA, DigiNotar)
Why has there been no interest in supporting these alternatives that eliminate the possibility of CAs producing bogus certificates?
Re: What happened to the alternatives? (Score:2)
The issue comes down to trust. If someone controls your pipe, even DNSSEC wonâ(TM)t help.
If you use it, then you have to trust the root DNS servers, which are generally controlled by the U.N. and thus by extension the US/UK etc.
The system we have now allows you to at least selectively trust one or more CA and itâ(TM)s relatively easy to take the trust out, if you put it in DNS and the DNS goes rogue or is exploited, then you canâ(TM)t trust anything anymore.
What should happen is that CA adver
Re: (Score:2)
The same reason why decades ago the world trusted the Data Encryption Standard.
Why the internet generation did not block/find/expose/stop/publish about/detect the gov/mil with PRISM https://en.wikipedia.org/wiki/... [wikipedia.org]
The world wants a GUI and and easy internet from site the site.
The 5 eye gov/mil wants access to all consumer grade crypto to collect it all.
I hope this kind of gov decryptio
Vote Pirate Party (Score:1)
sslsniff newbie juice (Score:2)
This is only tangentially related, but it needs to be reposted at least once a year.
BlackHat USA 2011: SSL And The Future Of Authenticity [youtube.com] — Moxie Marlinspike
Hilarious Comodo story begins around 5 m mark.
Slide at 10:48 has only become funnier in the meantime.
Hypocrites... (Score:2)
Very few people will notice this... (Score:2)
It worked for ancient Roms, Greeks, and 1930s Germ (Score:2)
Thank god the Dutch have no living experience with a mass-murdering dictatorship that would abuse such power to maintain its power, and the last time they did was so distantly remote in the past that they can so rest assured of it never happening again that they can hand over such power for prosaic crimes and never fear a loss of freedom again!
Re: (Score:2, Offtopic)
I'm sorry to break it to you, but your IQ was 50 before the name change too, as evidenced by the fact that you changed your name to Hognoxious Turkeydance Mightymartian.
Re: (Score:2)
But you're still Anonymous Coward to your friends, right?
Re: (Score:2)