Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Wed, Aug 31, 2011 at 11:02:53PM -0500, Raphael Geissert wrote:
> On Tuesday 30 August 2011 23:30:19 Mike Hommey wrote:
> > On Wed, Aug 31, 2011 at 06:26:26AM +0200, Mike Hommey wrote:
> > > So, I'll put that on tiredness. That'd be several fraudulent
> > > certificates which fingerprint is unknown (thus even CRL, OCSP and
> > > blacklists can't do anything), and the mitigation involves several
> > > different intermediate certs that are cross-signed, which makes it kind
> > > of hard. Plus, there is the problem that untrusting the DigiNotar root
> > > untrusts a separate PKI used by the Dutch government.
> AFAICS, this last part is not true. The gov has one Root and DigiNotar's
> PKIOverheid is one if its leafs.
> Other DigiNotar CAs are the one derived from Entrust (seems to have been
> revoked), and a PKIOverheid G2 that I've seen mentioned in a few places (also
> derived from Entrust?)
Well, reality is that the Firefox 6.0.1 release, which has a white least
for Staat der Nederlanden Root CA but not Staat der Nederlanden Root CA
- G2, effectively prevents from going to a couple of dutch government
Considering it has been found that the PSM side blacklist doesn't work,
that suggests that the root CA removal alone is responsible for the
situation, but I could be wrong.
> > > Add to the above that untrusting a root still allows users to override
> > > in applications, and we have no central way to not allow that. Aiui, the
> > > mozilla update is going to block overrides as well, but that involves
> > > the application side. NSS won't deal with that.
> > See https://bugzilla.mozilla.org/show_bug.cgi?id=682927 which is now
> > open.
> Thanks for the link.
> FWIW, it seems that the government is ACKing  that DigiNotar re-signs
> certificates with its PKIOverheid CA for non-gov users of its now-untrusted
> DigiNotar Root CA.
> Action items based on what others are doing:
> 1. Disable DigiNotar Root CA: done
> 2. Disable other DigiNotar CAs (derived from Entrust): not done
There are 3 of them iirc.
> 3. Still permit Staat der Nederlanden CA and PKIoverheid: nothing to be done
> Item 2 is handled by Mozilla by matching /^DigiNotar/ and marking them as
> untrusted at the PMS level.
And that currently doesn't work. It seems reasonable to wait for a more
correct fix there before uploading ice*. There may be another nss round
before that, though, for the Entrust certs. Please also note that Kai
Engert is going to work on a NSS patch to handle the whole think at NSS
level which would port what PSM does for SSL to S/MIME and other uses of
NSS. I'm not sure this will be easily backportable, though.