Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

Jacob Appelbaum <jacob@appelbaum.net> Thu, 02 January 2014 19:51 UTC

Return-Path: <jacob@appelbaum.net>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79F611AD8F4 for <therightkey@ietfa.amsl.com>; Thu, 2 Jan 2014 11:51:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.099
X-Spam-Level: **
X-Spam-Status: No, score=2.099 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FSL_HELO_BARE_IP_2=1.999, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0iR6RfQemFwt for <therightkey@ietfa.amsl.com>; Thu, 2 Jan 2014 11:51:00 -0800 (PST)
Received: from mail-ea0-f172.google.com (mail-ea0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id 90E8D1AD8F1 for <therightkey@ietf.org>; Thu, 2 Jan 2014 11:51:00 -0800 (PST)
Received: by mail-ea0-f172.google.com with SMTP id q10so5524144ead.31 for <therightkey@ietf.org>; Thu, 02 Jan 2014 11:50:52 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:mime-version:to:cc:subject :references:in-reply-to:openpgp:content-type :content-transfer-encoding; bh=gK1DFcBtkvmPSBlHe5qUCHAE3g0lMiMfH58Oxm5h1d8=; b=Xnu/+3og0SH2r/stEv1OfoYfuyZx6kieoCay9NCjPPKrdazYexHVhqXlDlmwSoelni tInGG4NHx1j+2vBPtrEqwUHe2UhcixroknD+y8ChC7b24+hYWIqAC1soS5DdFtLCJ3DD aeenBLPJw8uvnU0NSoOwcQgFUgrBVYEc4PzvIk2HBikmxwtRVhiur33nYQ9HCzP59ZkU awzB+8qaQeBiBEbYgfVCBQbB83CaNXAldd6s4OAf9FimlQjQzt1CHAhmCDKlIYP2G6F1 ZkrbuxnQXNTa+ylfX8X+ouB9pqszcpYjGV9gOTzM8makOIm7yGSTryt6Ly1DfCX8aXJC o94A==
X-Gm-Message-State: ALoCoQnPtCg/s/kEk3AcBTN4KFN0RC9iTCZHGVWOmLtP20o8jtEA2DaveB0ReoPUgKZ7izGDV2o1
X-Received: by 10.14.88.5 with SMTP id z5mr17087962eee.101.1388692252863; Thu, 02 Jan 2014 11:50:52 -0800 (PST)
Received: from 127.0.0.1 (spftor3.privacyfoundation.ch. [62.220.135.129]) by mx.google.com with ESMTPSA id l4sm138805167een.13.2014.01.02.11.50.47 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 02 Jan 2014 11:50:51 -0800 (PST)
Message-ID: <52C5B67D.4050301@appelbaum.net>
Date: Thu, 02 Jan 2014 18:57:01 +0000
From: Jacob Appelbaum <jacob@appelbaum.net>
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <22429D73-4EFC-4091-8F5B-BAD38968EA54@taoeffect.com> <CAMm+LwiMXdEnHqD0y_S-fP6081Tk=A=7-9LsJQhRuawmmmfdTg@mail.gmail.com> <FEFA307D-97E0-4C58-AB43-5B9AB8E8FC70@taoeffect.com> <CAMm+Lwjwww28tV_qvqQVH3xo1xqvjb6z++258+LOqgxWn-Oh9w@mail.gmail.com> <52B88104.9040607@appelbaum.net> <52C2D54F.8000209@comodo.com> <52C45CDC.5020608@appelbaum.net> <96EF8E55-5860-4534-B370-83395C3985D4@vpnc.org>
In-Reply-To: <96EF8E55-5860-4534-B370-83395C3985D4@vpnc.org>
OpenPGP: id=4193A197
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: therightkey@ietf.org
Subject: Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jan 2014 19:51:02 -0000

Paul Hoffman:
> On Jan 1, 2014, at 10:22 AM, Jacob Appelbaum <jacob@appelbaum.net>
> wrote:
> 
>> I do control the private key for the aforementioned intermediate 
>> certificate[0] authority. :)
> 
> No, you really do not.

I control the private key for the rouge CA that we created. I'm not the
only one with the private key material - all of my fellow researchers
likely still have it as well.

Perhaps you think that I said something that I didn't say. I'm not
claiming that I have the private key for the CA's actual correct CA
signing key.

> As you certainly know, that attack only
> applied to a very limited number of CAs in the root piles at the
> time.

I'm not sure where you came to this impression? There were a few CAs who
were vulnerable, we picked one to perform the research. It worked. That
work produced a valid signature that we could apply to our second
certificate, which is a sub-CA certificate. Thus, the attack we did only
applied to a single CA and we did not destroy the private key for the
corresponding certificate. So yes, we most certainly do have the private
key for that intermediate certificate authority that we created.

> I I remember correctly, it applied to zero of them
> approximately six months later.

Unless one explicitly distrusts (all) MD5 signed certificates, pre-loads
our certificate to mark it as untrusted, or a few other things relating
to time constraints - it will probably still work for MITM attacks. Many
applications fail to do proper constraint checking.

> Please don't overstate the results of
> the excellent research that you did; doing so diminishes the
> research.

I'm not overstating anything. I think you don't understand what we
actually did if you think that later, patching things will somehow
magically stop previously successful attacks...

All the best,
Jacob