Hi, I am posting this to a new thread because the other one is too old. I thought this would be fixed in ff3 by the new revocation system, but it seems some CAs do not use it.
Akamai, a very big content distribution provider used by MANY organisations including the german Finanzamt (equivalent to the IRS), had a weak key. If I put 127.0.0.1 a248.e.akamai.net into my hosts file and run an apache with the broken cert (key got published in some forums), I can use firefox 3 to connect to https://a248.e.akamai.net (which is my local machine) without any warnings. I could do a MitM on a network and deliver a trojan to anyone who would try to download the official software for tax return reports, although the certificate has been already changed. (akamai is used by many others too, see https://www.pentagon.mil/ or the ATI driver download from http://game.amd.com/us-en/drivers_catalyst.aspx?p=xp/mobility-xp and probably many many more.) I do not know why this works, but I know it does and I know it is not good that it does. Probably the CA did not revoke the cert correctly. It is not enough to blacklist one cert even if you just want to close the akamai hole, because they might have had multiple vulnerable certs. This shows how necessary it is to include a full blacklist of weak keys, I don't think anything else will help. If such an important key has not yet been revoked in a working way, what about the thousands of less visible keys? The RSA blacklists for 1024 and 2048 are 12.8 MB total in uncompressed ASCII format, which is not that big if you consider the 8 MB urlclassifier2.sqlite. Using a database structure, it should be quite fast to look up if a cert is included, and storing the data in binary form will cut the size in half. My suggestion: Issue a FF3 update ASAP that includes (or downloads) the blacklists, and shows a warning if a server uses a vulnerable cert. Consider that it is possible that stupid admins forgot to change the certs (so the warning MAY be shown on legitimate sites), but it is also possible that a site already using a new cert gets MitM-ed with an old cert. Regards, Jan -- Please avoid sending mails, use the group instead. If you really need to send me an e-mail, mention "FROM NG" in the subject line, otherwise my spam filter will delete your mail. Sorry for the inconvenience, thank the spammers... _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
