Chrome won't trust Symantec-backed SSL as of Jun 1 unless they account for bogus certs

You think hundreds and hundreds of millions of users will understand this when their browsers or operating systems quit working and will cheer on the people who just “broke the Internet” for them? I think a class action lawsuit is more likely and they’ll all switch to whichever browser or OS did not do this because they didn’t agree to or feel like it this quarter.

1 Like

on what legal grounds? (honest question, my expericence with the US legal system is limited)

Software vendor knowingly ships update that destroys the ability of customers to connect to a significant fraction of the Internet.

Killing a root cert without proper planning and coordination would suddenly block the ability to connect to the sites using ssl chained off of that cert.

all browser makers have clear guidlines for the in- and exclusion of root certs. if Symantec brought the rules (I don’t no, I don’t care, let’s assume it) it would be correct to revoke the cert and a problem Symantec has to explain.

but anyway, this topic is not that interesting to me, my reply with ‘insanity is a solution’ was a throw-away joke.

It might be “correct” but that doesn’t mean users wouldn’t see their inability to connect to sites in one browser and not another as the first browser being “broken” and then switch the other.

That’s why I keep talking about coordination and people and companies working together. Killing a root cert that is everywhere is only possible if ALL root store creators agree to do it at about the same time. Otherwise, it just looks to users like one browser or OS is defective and they leave. Contrary to what some people might believe, vendors who create browsers and operating systems don’t want their users to leave and don’t want to be sued (or pilloried in the press) for “breaking” their users’ experience.

Symantec is being asked hard questions and to do certain things. Some people think it isn’t enough and we just need to yank them now. That isn’t going to happen for the reasons I outline.

I made this point two days before and you even replied to it :smile:

Really, you don’t have to persuade me.

2 Likes

Sorry. People just don’t get it all the time so I have to repeat. I forgot!

1 Like

The last requirement makes it impossible, of course. The agenda of the current certificate authorities certainly involve maintaining the status quo! We need a complete replacement which explicitly rejects existing interests. Something like this is already happening with email. Go ahead and pooh-pooh iMessage all you want, but most younger folks already prefer closed social networks over email, precisely because email is irretrievably broken.

BUT, in the meantime, there are certainly preparatory groundwork steps you can implement right now to make “too big to fail” less likely to happen next time. If the idea of a whitelist queases you out, then just implement it as a (functionally equivalent) blacklist (which, as I mentioned, already exists: it’s called OCSP). The next time Symantec behaves badly, you take advantage of the Certificate Transparency logs to add all new Symantec-issued end-user certs to a blacklist, from that date forward. This doesn’t break the internet (not a single existing end-user cert is affected), but it does break Symantec (their certificate business becomes worthless). Even if your OCSP implementation is not 100% reliable, it will still do the job in this situation.

iMessage requires no end user key management. You sign up for iMessage and you never have to touch a cryptographic key anywhere.

SSH allows the end user to manage keys, but also supports centralized certificate and key stores. This is a million times better than TLS, which does not allow end user key management, at all. If you think TLS allows end user key management, then tell me: given that I only ever connect to exactly three email servers with Thunderbird, all of which have long-term static public keys, how do I configure Thunderbird to pin the public keys of those three email servers? As far as I know, the shortest solution to this problem requires approximately 500 mouse clicks (one mouse click to disable each of the 500 root certificates baked into Thunderbird).

Who is this “we” of which you speak?

I’m happy for the CAs to branch out into new areas of business involving new standards and mechanisms.

If you want something that rejects current interests and only that, you’re going to be out of luck.

If things are that obvious and easy, why are none of the vendors implementing such a thing?

Because their salaries depend on it being hard.

So, ad hominem? I guarantee you that none of us at Mozilla (and I know the folks doing our CA work) are blocking reform because the guaranteed complexity makes our lives more pleasant and we are guaranteed jobs.

Try again and use honesty instead of debate tactics.

BTW, “Vendors” includes all actors here, not just your hated CA authorities.

I’m not accusing Mozilla here, although they’re not perfect either. But Symantec and other CA companies certainly depend on PKI for their income. Branching out is a far riskier strategy than just maintaining the status quo of collecting monopoly rents.

Leave out the CAs.

Why aren’t Apple, Microsoft, Google, and Mozilla (not to mention Amazon, Ebay, etc) creating a new system from scratch and implementing it if the problems and solutions are all so obvious? After all, the first four own the root stores of the Internet so they could force the CAs, right?

Yup. Company I used to work for had their only real competitor bought by Symantec. Best thing that ever happened to them. What a crazy turn of events, after a little, they literally handed over the customer base.

Somehow that company I used to work for is dying, which is another story of malfeasance and idiocy.

That’s a damn good question. Why are you bending over backwards to help the CAs? Mozilla is at least going in the right direction, with OE. Of course OE in its current incarnation is much worse than PKI, but that attitude of permissive experimentation and release early, release often is something that I dearly miss, and without it there is no hope of progress.

You mean, why aren’t we breaking the Internet by grandstanding on ideology over practicality?

Have you ever tried to get people fro Apple, Google, and Microsoft to agree on a plan, actually get buy off from their own management to implement that plan, implement the plan, and coordinate the shipping of this plan and all had it work?

What generally happens is (and I’m speaking for myself here not for Mozilla) that someone like Apple or Microsoft throws up their hands, decides they don’t like the ideas being discussed, and walks away (or just silently quits really participating and makes no promises to implement any proposal).

I am sure you know your matrices and transformations. But you are reeeeally underestimating the real world difficulties of rolling out a new global key management scheme.

Also, key exchanges like imessage turn either your account or device into a defacto bearer token. And no end user key management of tls is a feature.

Correct, and the above happens even if the plan is, in your words, “obvious and easy”. Something as simple as “not using SHA-1” takes forever.

As long as we can tunnel TLS connections over SSH, the TLS layer at least does no harm. But it’s still embarrassing that TLS in the year 2015 provides no way to pin keys.