
Sustaining Digital Certificate Security - fred256
https://googleonlinesecurity.blogspot.com/2015/10/sustaining-digital-certificate-security.html
======
nailer
> It’s obviously concerning that a CA would have such a long-running issue and
> that they would be unable to assess its scope after being alerted to it and
> conducting an audit. Therefore we are firstly going to require that as of
> June 1st, 2016, all certificates issued by Symantec itself will be required
> to support Certificate Transparency.

Symantec said they did an audit, Google spent 'a few minutes' and found many
more mississued certificates just from the CT logs. In other words, Symantec
can't audit themselves, so Google now require public issuance logs for all
their certificates.

> [Google] expect Symantec to undergo a Point-in-time Readiness Assessment and
> a third-party security audit.

This is a massive (and justifiable) smack in the face to Symantec.

Disclaimer: we're a Symantec competitor, as you may have realised:

[https://certsimple.com/blog/seal-in-search](https://certsimple.com/blog/seal-
in-search)

[https://certsimple.com/blog/sgc-ssl-
certificates](https://certsimple.com/blog/sgc-ssl-certificates)

~~~
Sir_Cmpwn
What is a "Point-in-time Readiness Assessment"? I googled it and found it in
the requirements for some CAs, but not what it actually is.

~~~
thenewwazoo
"Point-in-time" is a term of art for audit. It basically means that a third
party will attest to a given state at a given time. They're in contrast to
"continuous" audits, which is more focused on auditing records over a period
of time, or on a recurring basis.

A "point-in-time readiness assessment" is kind of redundant, but it basically
means getting a third party to come look at their CA (processes, procedures,
standards, implementation) and assert on Symantec's behalf that it meets some
criteria.

~~~
Sir_Cmpwn
Thanks for clarifying.

------
tshtf
Days after the initial reports of rogue certificates being issued, Symantec
wrote in their blog that they had already fired employees:

 _In addition, we discovered that a few outstanding employees, who had
successfully undergone our stringent on-boarding and security trainings,
failed to follow our policies. Despite their best intentions, this failure to
follow policies has led to their termination after a thoughtful review
process... At the end of day, we hang our hats on trust, and that trust is
built by doing what we say we’re going to do._

[http://www.symantec.com/connect/blogs/tough-day-
leaders](http://www.symantec.com/connect/blogs/tough-day-leaders)

It's starting to look now like this the fault of systemic flaws at Symantec,
and not just a few employees who didn't follow procedure.

~~~
mwsherman
Yes, that was a very old-school way of dealing with the problem. It’s mostly
symbolic.

Most problems are systemic, which is a nice way of saying “ultimately
management’s fault”.

Most things that most people do, most of the time, are reasonable in the
circumstances. Management creates the circumstances. “Human error” is a non-
explanation.

Here’s a book on the topic, often called systems thinking:
[http://www.amazon.com/Field-Guide-Understanding-Human-
Error/...](http://www.amazon.com/Field-Guide-Understanding-Human-
Error/dp/1472439058/ref=asap_bc?ie=UTF8)

Getting even more bookish: firing “bad apples” for “human error” is a form of
substituting an easier question when presented with a harder one, as Kahneman
describes in Thinking Fast and Slow.

~~~
colechristensen
>Most problems are systemic, which is a nice way of saying “ultimately
management’s fault”.

Systemic problems are _everyone_'s problems. Both management and employees are
a part of the same system. Firing bad apples for human behavior is equally as
pointless as firing/resigning management (or pointing fingers).

~~~
marcosdumay
Managers are the ones responsible for setting the system. Systemic problems
are their fault.

~~~
detaro
Not past a certain level where many people become part of the problem,
otherwise replacing managers would be a effective way to fix organisations.

~~~
annnnd
Replacing managers IS an effective way to fix organisations, if there is a
systemic problem, if other parts are not problematic and if you find good
replacements.

------
evmar
It makes me* uncomfortable that Google has effectively appointed themselves as
the internet police and using their power to push people around like this. But
at the same time, there is nobody else (?) who is taking care of this, and I
suppose the good of someone/ _anyone_ looking into and taking action on the
sorts of serious problems that Symantec has exhibited probably outweighs my
discomfort.

* Disclaimer: Google employee, no connection to any of this cert stuff.

~~~
glass-
It makes me uncomfortable that the CA system is set up in a way that makes
this necessary. If an alternative, such as Convergence, had taken off we
wouldn't be in this situation.

~~~
vtlynch
If an alternative, such as Convergence, was perfect, it would have taken off.

~~~
corndoge
This argument is valid only if you implicitly assert that the current system
is perfect. Every system has it's trade-offs.

~~~
vtlynch
exactly. thats what makes the parent comment so preposterous.

~~~
cgriswald
If this is your argument it also requires the assumption that the trade-offs
with Convergence are identical in both scale and type to the current system;
at least in reference to this specific problem.

------
pilif
A clear example of too big to fail. If this was any smaller CA (like cnnic
before), they would now be gone from the trusted roots.

I wonder what's coming out of this. Personally, I think Symantec doesn't care
in the least about Google's sabre rattling here. It's clear to everybody that
Google hardly wants to release a browser which doesn't display 50% of the
encrypted web sites.

This is a further issue with the current PKI: too few CAs are around (after
symantecs buying spree lately) which gives them way too much power to do what
ever they want. Furthermore, the process of acquiring a certificate
(especially an EV one) makes switching CAs very burdensome, so not even bad
reputation will compel people to leave.

What a mess.

~~~
serendipitous
Symantec already agreed to start using Certificate Transparency in the near
future, as per Google's request. This is a good thing.

------
gefh
Is the CA model just unfixably broken at this point? What should replace it if
so?

~~~
glass-
Convergence was the perfect replacement, but it never gained any traction.

Moxie's talk at BlackHat[0] introducing it is a good watch for those
unfamiliar with the idea, and if you want to be wistfully frustrated at what
could have been.

[0]
[http://www.youtube.com/watch?v=Z7Wl2FW2TcA](http://www.youtube.com/watch?v=Z7Wl2FW2TcA)

~~~
acdha
We still don't know how that would have worked in practice. Even skilled
people have trouble making trust decisions reliably for everything and while
we'd avoid the compromised CA threat I'm certain we'd start seeing equivalents
like dishonest or incompetent notaries – and those might last longer because
fewer people see the dodgy results since not everyone is using the same set of
notaries.

If it became popular, it's really easy to imagine something like the Great
Firewall being configured to block outside notaries to encourage people to use
local notaries which are still under the control of the local authorities.

That's not to say it's not interesting work or potentially a solid
improvement, only that I would be extremely hesitant to make absolute
statements about an untested internet-scale security protocol. The approaches
we're seeing work now do so because they're adding to well-understood
protocols (e.g. HSTS, key-pinning, etc.) or don't change the trust model (if
Google goes rogue, Chrome users are already screwed).

~~~
glass-
I have no doubt that there would be incompetent or dishonest notaries. The
difference being that in an alternative universe, where Convergence is used, a
rogue notary doesn't destroy the trust of the entire system. When Symantec is
a rogue notary, oh well, Mozilla and Google push out an update and no one uses
Symantec anymore, their notary just becomes irrelevant. However, in this
reality, the darkest timeline, deciding to stop trusting Symantec immediately
breaks 30% of HTTPS websites on the internet, so even though Symantec has
given everyone plenty of reasons to stop trusting them, we have no choice.
Same for Comodo, their notary would have stopped being used in 2011 (after
their root certificate compromise).

Instead, with Comodo and Symantec combined, we now have over 60% of HTTPS
websites secured by authorities who are incompetent and/or dishonest.

------
bracewel
>Symantec performed another audit and, on October 12th, announced that they
had found

>an additional 164 certificates over 76 domains and 2,458 certificates issued
for

>domains that were never registered.

:|

------
SimeVidas
I don’t know much about how the CA system works, but “there’s something fishy
going on with this CA” in conjunction with “starting with June 1st 2016” is
not very reassuring.

~~~
SolarNet
Well the CA in question represents a large market share of both internet and
non-internet certs. You can't just top trusting them, large parts of the
internet would crash and burn.

~~~
bigiain
And until that happens, why do we expect and significant portion of Symantec's
customers to care? And unless they care, why would Symantec?

Apple are using a Symantec ssl cert right now:

"The identity of Apple Inc. at Cupertino, California US has been verified by
Symantec Class 3 EV SSL CA - G3. Valid Certificate Transparency information
was supplied by the server."

But their level of give-a-shit is clearly demonstrated as well:

"Your connection to www.apple.com is encrypted using an obsolete cipher suite.

The connection uses TLS 1.2."

------
bpolverini
All the more reason why client-side encryption needs to become part of our
daily interaction with software and cloud services.

~~~
vtlynch
You mean client-side authentication? And how would this have helped.

~~~
nsomaru
I would venture that your parent meant that we should use 'dumb' cloud
services that just store encrypted data which are then retrieved and de-
crypted on the client side.

~~~
bpolverini
Bingo.

~~~
deathanatos
Say you attempt to do this all in JavaScript; you've still got to deliver the
page (the encryption code, really) to the user securely; otherwise, I can
modify it s.t. when it gets a blob from the server and decrypts it on the
client, that decrypted value is also sent off to a shady spot. You still need
to get your app from you to your user securely, and how do you do that?

It's the core problem really: how do you distribute your public key? How do
you make sure Joe user gets the right public key? Today, we have the CA
infrastructure, which admittedly isn't great, but… what would you do
differently? (And the big problem is that it needs to work for average Joe.)

~~~
squidlogic
Couldn't you have a browser plugin that would verify your js is being served
up from the correct source?

~~~
toomuchtodo
Subresource integrity (sort of) solves this.

[http://githubengineering.com/subresource-
integrity/](http://githubengineering.com/subresource-integrity/)

------
chetanahuja
To state the obvious (again) the third-party based trust system underlying TLS
is broken. It places a massive amount of faith in a large crowd of human
beings (the collective employee populations of all the CA's in the world) to
behave with absolute rectitude and discipline for years and years without
fail.

The sad part is that all of us, collectively, trust pretty much our entire
financial lives and other matters requiring secrecy and authentication to this
system everyday. It's mind-boggling how we came to be in this situation. How
did the entire society, including very very smart security experts came to
vouch for and blindly trust this system?

------
systemz
DNS certs would be better [https://en.wikipedia.org/wiki/DNS-
based_Authentication_of_Na...](https://en.wikipedia.org/wiki/DNS-
based_Authentication_of_Named_Entities)

------
yuhong
This reminds me of
[https://www.agwa.name/blog/post/how_to_responsibly_misissue_...](https://www.agwa.name/blog/post/how_to_responsibly_misissue_a_cert)

------
late2part
This is terrible. This is sad. Is it any wonder so many people have no faith
in Government, in the Financial system? How much of the system we take for
granted is corrupt? I'm not intending to be negative, I know I am. But for
Pete's sake. This sucks sucks sucks.

