

Mozilla shipping SSL root certificate, has no idea how it got there - dfranke
http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/b6493a285ba79998/26fca75f9aeff1dc

======
hy3lxs
The person who started this thread added a message:

'I have received email from official representatives of RSA confirming that
RSA did indeed create the "RSA Security 1024 V3" root certificate that is
currently included in NSS (Netscape/Mozilla) and also in Apple's root cert
store.'

So sounds like there hasn't been some rogue root cert out there for the last 9
years. Good to see that root certs are rogue until proven valid, though.

------
dfranke
It's more likely than not that there's a harmless explanation for this one,
but with the rash of these stories lately I think it's past time to declare
that the PKI trust model is broken.

~~~
Torn
Can anyone find the link to that recent article / guide on registering a
likely-looking address at a webmail provider then scamming a root certificate
for that domain?

The article gave the impression that some CA's are a bit too happy to issue
root certs, and he mentioned he's been blogging about the whole SSL trust
system being broken for quite a few years now.

~~~
there
<http://news.ycombinator.com/item?id=1234460>

~~~
Torn
Nice one, thanks.

------
idm
Circa 2002, the rogue cert was checked into the mozilla dev CVS by the Man ...
in the middle.

~~~
maukdaddy
I double-checked and it looks like it was actually checked in by the Man...in
the mirror.

------
chunkyslink
Could someone please explain to me what this means ?

~~~
Torn
As far as I understand it:

The entire SSL-certificate system is trust-based. When presented with a
certificate for a particular domain, you need to ask some trusted Certificate
Authority, like Verisign, whether the credentials match up. If the credentials
don't match then you can warn the user that something's up - the site might
not be who it claims to be.

However, how do you know whether you can trust the computer identifying itself
as Verisign? Well, various CA root certificates are built into browsers. It
seems that Mozilla has been shipping with a potentially rogue root authority
for a while now, so there's the potential that whoever owned that certificate
/ IP might have been abusing it -- all the while having that comforting green
tick in your browser to say the certificate is valid.

[http://www.rapidssl.com/ssl-certificate-support/ssl-
faq.htm#...](http://www.rapidssl.com/ssl-certificate-support/ssl-faq.htm#8)

~~~
rbanffy
Just to be fair, one of those certificates is shipped with Internet Explorer
too.

~~~
Elepsis
You mean the one that RSA clearly said it owns? Let's be clear: this is a
question about _one_ certificate, that seems to ship with a number of
different browsers and systems. Internet Explorer, however, isn't one of them.

------
smackfu
My gut says that it is a RSA mistake. That they shipped a wrong certificate
way back in 2002.

------
ilitirit
It seems that the problem is that the certificate file name does not match its
contents.

[http://www.mail-archive.com/debian-bugs-
dist@lists.debian.or...](http://www.mail-archive.com/debian-bugs-
dist@lists.debian.org/msg151195.html)

~~~
_delirium
Hmm, it looks like that bug's still open with no responses, 4 yrs later:
<http://bugs.debian.org/351745>

------
zppx
The associated bugzilla ticket was posted here on hacker news earlier today:
<http://news.ycombinator.com/item?id=1244164>

Resuming the matter, the SSL system is broken, as it works today, one of the
messages clearly states:

Both "RSA Security 1024 V3" and "RSA Security 2048 V3" are shown as valid in
Apple's System Roots.

Microsoft's list includes "RSA Security 2048 V3", but not "RSA Security 1024
V3".

Has someone checked if they are included in Opera and Chrome as well?

~~~
rbanffy
> Has someone checked if they are included in Opera and Chrome as well?

My copy of Chrome doesn't seem to have it.

As always, YMMV.

------
aw3c2
Browsers should provide a function that monitors certificates for changes and
alerts the user if (if he wants to).

~~~
patio11
This introduces a decision your typical user is not competent to make ("should
I enable this setting?") and yet another error message they will quickly learn
to ignore.

~~~
seven
I agree. But imho this is no reason to not include the suggested feature.

There are so many settings and warnings that a common user does not
understand. This new one would not scare any users away I guess. They will
just ignore it.

I would be very happy to notice that my browser suddenly uses a different
certificate to validate the certificate of one of my servers.

------
more_original
It looks like the certificate can easily be deleted manually: Preferences >
Advanced > View Certificates.

~~~
dasrecht
yes this sould not be the core of the problem. its important to know _who_
owns the debatable CA.

This gives a great Mitm Vector if i'ts a malicious CA

~~~
wallflower
Is it possible to do a web crawl scan of https and SSL certs and find out
which certificates have this questionable one as their root?

------
dasrecht
Uh... thats not good... and our gov-CA is hanging in the cert approval proces
since... about a year now. strange world

------
stretchwithme
maybe what is needed is an additional mechanism that browsers can use to
verify that a CA is the correct one for a particular domain name.

------
benwerd
Whoops! So much for open source allowing for greater scrutiny and security.

It mostly does, of course. But greater transparency also means you need
excellent auditing and tracing procedures. This highlights the potential
dangers, as well as the daftness of the current trust-based security model.

~~~
rbanffy
> Whoops! So much for open source allowing for greater scrutiny and security.

There are two certificates from the same CA. Microsoft ships one of them. Are
you willing to vouch for every certificate Microsoft ships with Windows? Are
you sure their process is flawless? Are you absolutely sure their code shows
all certificates they trust and there is no sneaky unlisted CA in their whole
HTTPS stack?

