Open Bug 601608 Opened 14 years ago Updated 2 years ago

HTTPS / SSL verified by display shows direct issuer, does not show root

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows 7
Type:
defect

Tracking

()

People

(Reporter: jan-bugreport, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 GTB7.1 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 GTB7.1 (.NET CLR 3.5.30729)

When visiting a SSL secured web site and clicking the blue area to the left of the location bar, a popup appears showing the certificate issuer. However, the trusted root is not shown.

This makes the display worthless in avoiding evil CAs:
Assuming that we have a root CA "A" which has its cert shipped with firefox.
This CA issues, by common practice, an intermediate for themselves called "B".

"B" now issues an intermediate CA certificate "C" to a company it trusts. This company gets owned and their key stolen without them noticing. The attacker now has a CA. If he issues directly from it, users can click the blue icon and see "C" issued and get suspicious.

So the attacker now issues another intermediate CA certificate "D" (signed by C). He can choose arbitrary values for the Organisation in the certificate. He enters a well-known CAs name, for example Verisign, into the "D" CA certificate, and uses it to sign a regular certificate for paypal.com which he then uses to attack users.

When a user clicks on the blue area, it says "Verified by Verisign", although VeriSign had nothing to do with it. To avoid this, the popup should instead/additionally show the root of the certificate chain (here A) used to verify trust, because that is the company finally responsible for the information being correct - and the only one where identity is verified by Mozilla. (Care has to be taken that the root that is actually relied upon is shown, to safely handle a chain like X->A->B->C->D->E where X is bogus and A is trusted/bundled with Firefox)

Fixing this will also make more clear to CAs that they are responsible for the intermediates they sign. It will be *their* name on that display if something goes wrong, not something possibly chosen by the attacker.

The given example URL is signed by an intermediate, displaying this problem: It says "Verified by Deutscher Bundestag" which issues a cert to themselves. It does not mention the root, Deutsche Telekom. I would prefer the whole chain to be shown, but this would probably be too confusing.

Reproducible: Always
Status: UNCONFIRMED → NEW
Ever confirmed: true
What does this have to do with bug 587407?
(In reply to comment #1)
> What does this have to do with bug 587407?

Nothing.
No longer blocks: 587407
(In reply to comment #0)
> This makes the display worthless in avoiding evil CAs:

It's already worthless for that purpose under the same origin policy.  But...

> Fixing this will also make more clear to CAs that they are responsible for
> the intermediates they sign. It will be *their* name on that display if
> something goes wrong, not something possibly chosen by the attacker.

I think this is the crucial benefit.

In addition, the trust anchor is what the user would enable or disable in the certificate manager.  (Well, they can enable an intermediate cert as a trust anchor, but we have no basis to presume that they would want to enable the lowest intermediate.  Showing the trust anchor is more useful.)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.