[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

On Sat, Sep 03, 2011 at 08:45:22AM +0200, Mike Hommey wrote:
> On Sat, Sep 03, 2011 at 07:40:23AM +0200, Mike Hommey wrote:
> > On Wed, Aug 31, 2011 at 11:02:53PM -0500, Raphael Geissert wrote:
> > > On Tuesday 30 August 2011 23:30:19 Mike Hommey wrote:
> > > > On Wed, Aug 31, 2011 at 06:26:26AM +0200, Mike Hommey wrote:
> > > > > So, I'll put that on tiredness. That'd be several fraudulent
> > > > > certificates which fingerprint is unknown (thus even CRL, OCSP and
> > > > > blacklists can't do anything), and the mitigation involves several
> > > > > different intermediate certs that are cross-signed, which makes it kind
> > > > > of hard. Plus, there is the problem that untrusting the DigiNotar root
> > > > > untrusts a separate PKI used by the Dutch government.
> > > 
> > > AFAICS, this last part is not true. The gov has one Root and DigiNotar's 
> > > PKIOverheid is one if its leafs.
> > > Other DigiNotar CAs are the one derived from Entrust (seems to have been 
> > > revoked), and a PKIOverheid G2 that I've seen mentioned in a few places (also 
> > > derived from Entrust?)
> > > 
> > > > > Add to the above that untrusting a root still allows users to override
> > > > > in applications, and we have no central way to not allow that. Aiui, the
> > > > > mozilla update is going to block overrides as well, but that involves
> > > > > the application side. NSS won't deal with that.
> > > > 
> > > > See https://bugzilla.mozilla.org/show_bug.cgi?id=682927 which is now
> > > > open.
> > > 
> > > Thanks for the link.
> > > 
> > > FWIW, it seems that the government is ACKing [3] that DigiNotar re-signs 
> > > certificates with its PKIOverheid CA for non-gov users of its now-untrusted 
> > > DigiNotar Root CA.
> > > 
> > > Action items based on what others are doing:
> > > 1. Disable DigiNotar Root CA: done
> > > 2. Disable other DigiNotar CAs (derived from Entrust)[4]: not done
> > > 3. Still permit Staat der Nederlanden CA and PKIoverheid: nothing to be done
> > > 
> > > Item 2 is handled by Mozilla by matching /^DigiNotar/ and marking them as 
> > > untrusted at the PMS level.
> > 
> > http://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/
> > 
> > On the NSS end, this is my understanding of the status (haven't gone
> > through the patches yet):
> > - It disables DigiNotar Root CA
> > - It untrusts the signatures from Entrust on the DigiNotar CAs
> > - It blacklists /^DigiNotar/ intermediates
> > All that at NSS level, making the solution work in all applications
> > using NSS, which is good.
> 
> Looking at the patches, this really is:
> - untrust all the DigiNotar* CAs[1]
> - untrust the PKIoverheid intermediates
> 
> Untrusting is done by actually having entries for all these CAs, but
> marking them as untrusted.

On the PSM side, there is an explicit blacklist of certificates which
issuer matches CN=DigiNotar (strstr), even if NSS has the CAs untrusted.
Additionally, if a certificate signed by DigiNotar is invalid because
of the NSS distrust, it is marked as revoked instead of invalid if it
has been issued after July 1st.

Mike
Reply to: