CAcert System Admins discussion list

[Ian G <iang AT iang.org>]

Hi Dieter,

On 18/12/2009 20:09, Dieter Hennig wrote:
> Dear Ian,
>
>
> Hope, I can express it well. Please do two experiments.
>
> a.) Install Opera-browser and look to https://www.cacert.org
>
> What you see?


A screen shot would possibly be easier :)

You have installed Opera everywhere in the student base?

That Opera january article said:
"We are not going to disable MD5 in certificates for some time. We have 
asked some CAs to provide information about their phase out plans, but I 
would be surprised if we can do that within a year."


> b.) Please use the Firefox and install the plug-in
>
> SSL Blacklist
>
> from here
>
> http://codefromthe70s.org/sslblacklist.aspx
>
> and then go to
>
> https://dev.cacert.cl


Ok, so I'm guessing this is like the picture here:
http://codefromthe70s.org/images/sslblacklist_sshot_001_thumb.png
and the big yellow box on that page is the explanation.


> We have that tool everywhere in the field.
>
> Both problems, in fact are very different, but for my they are both
> connected at first to the practical discussion with our students and
> staff members. And they are so many and I be only one.


OK, so the first thing to recognise is that this effects your University 
because you've chosen to use these tools.  So it doesn't effect the vast 
majority of CAcert users.

Personally, I'm not sure I would recommend that tool.  It looks as 
though it's made too many shortcuts, and consequently it will be 
stopping people ... and doing as much damage as good.

I see one thing:  the last line of the yellow box says "You can change 
this behavior on the Options dialog, accessible from the Add-ons menu."

Is this something that can be done from your central capabilities?


> A good intermediate certificate, which we can actively push into our
> organization, *if*  something goes wrong, is a kind of activ security
> policy we have. To fight with mass-mailing again security problems is
> not the way, we have written down in our (passed) ISO 20.000 audit. To
> have no perfect intermediate certificate is for us a practical risk.


So this goes away if you use the Class 1 root.  But you want to use the 
Class 3 root.  With Opera and with SSLBlacklist.

Is there a compelling reason for you to use a (new) Class 3 subroot quickly?


> And please see, how long the experts are discussing here the matter, how
> I would this explain in short words for students?


Sure, I understand that.  Having real security discussions with PKI is 
impossible with any experts anywhere, not just here.  To even think of 
explaining it to the world at large is a waste of time or a deception or 
both.

I think it would actually be nicer if we published our own plugin that 
could reset all these things.  Instead of rely on false and confusing 
warnings from others...

But hey, we don't get to re-design the net.


> This both problems above are different problems, my wishing was to make
> a decision, which solve the possible discussion about b.) with a minimal
> change inside your (our) system with the biggest possible outcome. And I
> start the discussion to find a way, that no actual application crashed,
> no one is forced immediately to install new certificates because actual
> no *new* attack against MD5 hashed certificates was published (we agree
> in this point over the last 12 month). And in my way, the problem would
> disappear in two years at all.


If we do a new intermediate, everyone will have to switch over I guess. 
 As the new certs get signed, all servers and clients will have to be 
upgraded to take the new subroot, so there will be a fair amount of 
disruption.


> To find the right moment to make a new root certificate (and to solve
> problem a.)) is out of the scope for me in the moment.


OK.


> Personally, I
> would look for the big player, what they are doing or wait for SHA2.


SHA2 may be unachievable.  See that Opera post you posted earlier, the 
problem is we have to wait for the servers to handle SHA2 in the 
certificates, and according to that article, that might mean TLS 1.2 (as 
far as I know, servers don't yet handle it at all).

The world just about finished getting rid of SSL v2 out there in 
server-land (because we needed TLS1.0 for TLS/SNI), so we're probably 
talking 10 years before we are ready for SHA2 on an Internet-wide, 
reliable base.

But note the confusion (as always) .. protocol v. certs.

What the big boys are doing?  I believe this is the wrong approach.  I 
believe following the press and the blogs and the PRs of the big players 
means we don't know what we are doing ourselves.  I believe we have to 
do our own research and come to our own conclusions.  It's part of being 
competent at what we do, to actually do it ourselves, and not to rely on 
the papparazzi press to lead us by the nose.


> May I ask another question: Do you know an other certificate
> organization, which is acting in the same way as CAcert with the MD5
> chain public or are we the only one?


I don't know, anyone else?

iang