Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

To: Raphael Geissert <geissert@debian.org>
Cc: Yves-Alexis Perez <corsac@debian.org>, 639744@bugs.debian.org, Josh Triplett <josh@joshtriplett.org>, team@security.debian.org, chris@sigxcpu.org
Subject: Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
From: Mike Hommey <mh@glandium.org>
Date: Thu, 1 Sep 2011 11:12:44 +0200
Message-id: <[🔎] 20110901091244.GA5940@glandium.org>
Reply-to: Mike Hommey <mh@glandium.org>, 639744@bugs.debian.org
In-reply-to: <[🔎] 20110901063701.GB3524@glandium.org>
References: <20110829210357.26233.13731.reportbug@leaf> <20110831042626.GA3643@glandium.org> <20110831043019.GB3643@glandium.org> <[🔎] 201108312302.56068.geissert@debian.org> <[🔎] 20110901063701.GB3524@glandium.org>

On Thu, Sep 01, 2011 at 08:37:01AM +0200, Mike Hommey wrote:
> On Wed, Aug 31, 2011 at 11:02:53PM -0500, Raphael Geissert wrote:
> > On Tuesday 30 August 2011 23:30:19 Mike Hommey wrote:
> > > On Wed, Aug 31, 2011 at 06:26:26AM +0200, Mike Hommey wrote:
> > > > So, I'll put that on tiredness. That'd be several fraudulent
> > > > certificates which fingerprint is unknown (thus even CRL, OCSP and
> > > > blacklists can't do anything), and the mitigation involves several
> > > > different intermediate certs that are cross-signed, which makes it kind
> > > > of hard. Plus, there is the problem that untrusting the DigiNotar root
> > > > untrusts a separate PKI used by the Dutch government.
> > 
> > AFAICS, this last part is not true. The gov has one Root and DigiNotar's 
> > PKIOverheid is one if its leafs.
> > Other DigiNotar CAs are the one derived from Entrust (seems to have been 
> > revoked), and a PKIOverheid G2 that I've seen mentioned in a few places (also 
> > derived from Entrust?)
> 
> Well, reality is that the Firefox 6.0.1 release, which has a white least
> for Staat der Nederlanden Root CA but not Staat der Nederlanden Root CA
> - G2, effectively prevents from going to a couple of dutch government
> sites.
> Considering it has been found that the PSM side blacklist doesn't work,
> that suggests that the root CA removal alone is responsible for the
> situation, but I could be wrong.

I did some actual testing. With the DigiNoTar Root CA removal, we
don't block Staat der Nederlanden Root CA and Staat der Nederlanden Root
CA - G2. We also don't block (obviously) the ones with intermediate
certs signed by Entrust, and if I followed the story correctly, this
means we're effectively *not* preventing the *.google.com,
addons.mozilla.org, *.yahoo.com, etc. fraudulent certificates from being
used.

A few urls to test:
https://www.diginotar.nl should be blocked, and is -> OK
https://sha2.diginotar.nl should not be blocked, and isn't -> OK
https://zga-tag.zorggroep-almere.nl should be blocked, and isn't -> BAD

Mike

Reply to:

References:
- Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
  - From: Raphael Geissert <geissert@debian.org>
- Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
  - From: Mike Hommey <mh@glandium.org>

Prev by Date: awaits To Hear From You Soon !
Next by Date: Bug#639744: https://digid.nl Locked out
Previous by thread: Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
Next by thread: Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
Index(es):
- Date
- Thread