[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

On Sat, Sep 03, 2011 at 07:40:23AM +0200, Mike Hommey wrote:
> On Wed, Aug 31, 2011 at 11:02:53PM -0500, Raphael Geissert wrote:
> > On Tuesday 30 August 2011 23:30:19 Mike Hommey wrote:
> > > On Wed, Aug 31, 2011 at 06:26:26AM +0200, Mike Hommey wrote:
> > > > So, I'll put that on tiredness. That'd be several fraudulent
> > > > certificates which fingerprint is unknown (thus even CRL, OCSP and
> > > > blacklists can't do anything), and the mitigation involves several
> > > > different intermediate certs that are cross-signed, which makes it kind
> > > > of hard. Plus, there is the problem that untrusting the DigiNotar root
> > > > untrusts a separate PKI used by the Dutch government.
> > 
> > AFAICS, this last part is not true. The gov has one Root and DigiNotar's 
> > PKIOverheid is one if its leafs.
> > Other DigiNotar CAs are the one derived from Entrust (seems to have been 
> > revoked), and a PKIOverheid G2 that I've seen mentioned in a few places (also 
> > derived from Entrust?)
> > 
> > > > Add to the above that untrusting a root still allows users to override
> > > > in applications, and we have no central way to not allow that. Aiui, the
> > > > mozilla update is going to block overrides as well, but that involves
> > > > the application side. NSS won't deal with that.
> > > 
> > > See https://bugzilla.mozilla.org/show_bug.cgi?id=682927 which is now
> > > open.
> > 
> > Thanks for the link.
> > 
> > FWIW, it seems that the government is ACKing [3] that DigiNotar re-signs 
> > certificates with its PKIOverheid CA for non-gov users of its now-untrusted 
> > DigiNotar Root CA.
> > 
> > Action items based on what others are doing:
> > 1. Disable DigiNotar Root CA: done
> > 2. Disable other DigiNotar CAs (derived from Entrust)[4]: not done
> > 3. Still permit Staat der Nederlanden CA and PKIoverheid: nothing to be done
> > 
> > Item 2 is handled by Mozilla by matching /^DigiNotar/ and marking them as 
> > untrusted at the PMS level.
> 
> http://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/
> 
> On the NSS end, this is my understanding of the status (haven't gone
> through the patches yet):
> - It disables DigiNotar Root CA
> - It untrusts the signatures from Entrust on the DigiNotar CAs
> - It blacklists /^DigiNotar/ intermediates
> All that at NSS level, making the solution work in all applications
> using NSS, which is good.

Looking at the patches, this really is:
- untrust all the DigiNotar* CAs[1]
- untrust the PKIoverheid intermediates

Untrusting is done by actually having entries for all these CAs, but
marking them as untrusted.

Mike

1. DigiNotar Root CA, DigiNotar Services 1024 CA, DigiNotar Services
1024 CA, DigiNotar Cyber CA, DigiNotar Cyber CA 2nd.
Reply to: