Closed
Bug 665908
Opened 13 years ago
Closed 9 years ago
Mozilla should be packaged with copies of certificates for high-value websites
Categories
(Core :: Security: PSM, enhancement)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 744204
People
(Reporter: usenet, Unassigned)
Details
No description provided.
Reporter | ||
Comment 1•13 years ago
|
||
The PKI/CA infrastructure has a major flaw: if any single root CA is compromised, either through technical means or human interference, it can issue certificates for any domain. This can be used to create undetectable man-in-the-middle attacks, thus making TLS protection useless.
If Mozilla were to package secure (keyed?) hashes of the certificates for (say) the 100 top-ranking websites, and to trigger a security warning if the certificate presented was not the one that Firefox had stored, this would have the effect of greatly increasing the difficulty of performing this kind of man-in-the-middle attack.
Even if only the top 100 sites were protected in this way, a very significant security hole in the TLS security model would be tightened significantly for a substantial amount of the web's traffic.
Note that none of this would be regarded as any kind of extra validation or recommendation of security for these sites: the packaged certificate hashes would not be used in any other way than to issue security warnings if presented certificates did not match. Various details would be needed to be worked out about certificate hash expiry times, etc., and procedures for keeping these hashes updated using the normal software update mechanism.
Comment 2•13 years ago
|
||
And what would you do with certificates that are replaced with new ones (old ones expired, compromised or for organizational reasons) ?
Reporter | ||
Comment 3•13 years ago
|
||
Thinking about all the possible cases in comment 2 further, the problem is more complex than I had imagined. I'll work on a more limited proposal that might have a better chance of working.
Updated•9 years ago
|
Component: Networking → Security: PSM
This is basically preloaded key pins, which we implemented.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•