Closed Bug 1567114 Opened 3 months ago Closed 2 months ago

MITM on all HTTPS traffic in Kazakhstan

Categories

(NSS :: CA Certificate Root Program, defect, P1, critical)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: u643384, Assigned: wayne)

References

Details

Attachments

(3 files)

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

Since today all Internet providers in Kazakhstan started MITM on all encrypted HTTPS traffic.

They asked end-users to install government-issued certificate authority on all devices in every browser: http://qca.kz/

Actual results:

MITM attack: https://i.imgur.com/rFEjXKw.jpg

Message from Internet provider, requires to install this CA: https://i.imgur.com/WyKjOug.jpg

Proofs: https://atlas.ripe.net/measurements/22372655/#!probes

Official site with root CA: http://qca.kz/

Links to certificates:
http://qca.kz/qazca.cer
http://qca.kz/qazca.pem
http://qca.kz/qazca.der

Expected results:

I think this CA should be blacklisted by Mozilla and Firefox should not accept it at all even user installed it manually.

This will save privacy of all Internet users in Kazakhstan.

Assignee: nobody → wthayer
Component: Untriaged → CA Certificate Root Program
Product: Firefox → NSS
QA Contact: kwilson
Version: 68 Branch → other
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

I think both Mozilla and Google should intervene into this situation because it can create a dangerous precedent, nullifying all the efforts of encofcing HTTPS.

If Kazakhstan will succeed, more and more governments (eg. Russian Federation, Iran, etc.) will start global MITM attacks on their citizens and this is not good.

I think all CAs used for MITM attacks should be explicitly blacklisted both by Mozilla and Google to exclude even possibility of such attacks.

Proofs: atlas.ripe.net

I'd add that only one probe of 51 have the www.facebook.com certificate issued by qca.kz root in that measurement.

Not all Internet providers have started MITM attacks yet, but they already sending messages to users directly via SMS or published information on their official websites:

Kcell (website): https://www.kcell.kz/ru/product/3585/658
Beeline (website): https://www.beeline.kz/almatinskaya-obl/about/press-center/press/news/details/sertifikat-bezopasnosti/
Tele2 (SMS): https://i.imgur.com/WyKjOug.jpg
Altel (SMS): https://i.imgur.com/MqS5Acq.jpg

Has the law changed to require such certificates to be installed, Eugene? I agree with the concept of disabling the CA certificates in Firefox after they've been installed, but Mozilla would have to be careful not to step on state toes and just get Firefox banned from the country.

See also bug #1229827

Has the law changed to require such certificates to be installed, Eugene?

I don't know about this, sorry.

I agree with the concept of disabling the CA certificates in Firefox after they've been installed, but Mozilla would have to be careful not to step on state toes and just get Firefox banned from the country.

I think it will be better to be banned (btw, how they can ban application?), than breaking privacy of end users.

I suggest that you add it into some (probably new) list of certificates "disallowed for permanent exceptions".
So that users see the usual red full-page warning every time they visit the site even if they add the certificate as trusted.
That won't totally block Internet access, but will still be a clear not-easily-silenceable warning for everyone about that someone is spying on them.
I also think that the displayed warning message (and addressbar warning, too) should make it clear to the user that it's not Facebook or Google who is using the "insecure certificate", but that someone else (guess who) is intercepting their traffic. Something like "your traffic is currently encrypted with a well-known eavesdropping certificate".

It would be ineffective. It worth nothing to government agencies to implement a spyware, having the following features:

  • retrieving a new root certificate from govenment servers and installing it into all browsers.
  • doing other espionage

Then a root CA is rotated every 5 minutes, so users would heve to:

  • either download and install it manually every 5 minutes
  • or install the spyware
  • or install a bit milder open-source version of spyware developed by enthusiasts in order to provide alternative to installing a full version. The milder version only rotates the sertificate.

What a regular user would do? He would just install the spyware. In fact every user would do that because the alternative is not to use internet.

For more effect this spyware may be Windows-only and Chrome-only in irder to discourage usage of the software respecting users privacy. This will cause further drop of Firefox market share.

Any other countermeasures are also ineffective. For example mozilla can create 2 different digitally signed builds of firefox, one is without possibility to insert root CAs and implement a feature: when browser detects that a user was blackmailed into installed a root CA the browser patches itself into the build disallowing installing root CAs. But again, it can be undone by blackmailing users into installing malware undoing the changes. Also I think that limiting freedom of users to change browser settings is inacceptable.

So what you can really do is to preinstall a WebExtension having HTML files with information about Kazakh political parties and organizations opposing this and showing them on every startup and a zip of Tor + curl + minisign + bat file using other files to download Tor Browser Bundle and check its integrity. A user is instructed to save this file to desktop.

You also should coordinate this move with Google: Chrome should do the same.

(In reply to Eugene from comment #7)

I think it will be better to be banned (btw, how they can ban application?), than breaking privacy of end users.

I think I agree. I would genuinely be happy to give up Internet access entirely if it meant not having to surrender my privacy to the state.

And an application ban doesn't have to be enforced technologically, just banned through laws. Big fines and prison sentences are a good enough reason not to break the law.

What a regular user would do? He would just install the spyware. In fact every user would do that because the alternative is not to use internet.
For more effect this spyware may be Windows-only and Chrome-only in irder to discourage usage of the software respecting users privacy.

Even if user would install the spyware, most of applications don't care about external certificates (notably Linux ported programs to Windows), so this wouldn't be something about Firefox only.
And most of Linux distros got no built-in certificate database, so user can't "just install" the certificate.
We need to look more carefully at this situation.

Please, note that, according to https://atlas.ripe.net/measurements/22372655/#!probe and https://i.imgur.com/rFEjXKw.jpg, root CA cert used in MITM attack on Facebook has CN=Security Certificate.

Meanwhile the root CA offered to install by kazakhstani internet providers from http://qca.kz/ has CN=Quaznet Trust Network.

It would have got more sense to discuss blacklisting the certificate, that shown here https://i.imgur.com/rFEjXKw.jpg.

Whomever can impersonate qca.kz can now serve either own CA cert and impersonate any HTTPS resource

If the major "free-world" browsers blacklist the MITM certs, I think the government will just step up the game and force the people to install its own version of browser (maybe a fork of Firefox or Chrome) that accepts the MITM certs.

(In reply to swordangel from comment #14)

If the major "free-world" browsers blacklist the MITM certs, I think the government will just step up the game and force the people to install its own version of browser (maybe a fork of Firefox or Chrome) that accepts the MITM certs.

Well if they do, it is no longer a matter with Firefox. It would then be up to end-users' decision to accept that or not.

I am a citizen of Kazakhstan. If Mozilla/Google Chrome developers see this message,I kindly ask you to consider blocking the above mentioned certificate and any access to your browsers for the certificate holders. If this certificate didn't pass Web trust audit, it can be the same as presented in 2016. So blocking it from the major world browsers is the only chance for kazakhs to avoid MITM attacks and keep at least some privacy rights (meaning that if blocked/blacklisted, the government will have to call back the certificate as it was done in 2016).

The request to install the certificate is distributed via sms (as of now - only to the capital's citizens). The last change in the law that the officials are referring to was done in December 2017. Clause 3-1, subclause 4) says that "Providers of international network are required to ...4) to pass traffic using protocols that support encryption via security certicates, with the exception of traffic that was encrypted in Kazakhstan by cryptographic tools for data security".

If the certificate is not blacklisted, but only the visual message will pop up warning users about untrusted certificate - it will not help since majority of citizens (especially elderly ones) simply will not pay enough attention to such message.

Well if they do, it is no longer a matter with Firefox. It would then be up to end-users' decision to accept that or not.

It is already up to end users' whether to install a MiTM root certificate or not.

(In reply to KOLANICH from comment #9)

It would be ineffective. It worth nothing to government agencies to implement a spyware, having the following features:

  • retrieving a new root certificate from govenment servers and installing it into all browsers.
  • doing other espionage
  1. It will be much more difficult than just providing CA cert for manual installation.
  2. Such malware will be added to major anti-virus engines soon.
  3. Firefox has its own CA certificates store.

For more effect this spyware may be Windows-only and Chrome-only in irder to discourage usage of the software respecting users privacy. This will cause further drop of Firefox market share.

Firefox is a privacy-focused web browser. I think Google will instantly ban such CA too, because they use Certificate Transparency to track certificates, issued for their own domains. For the last two years they blacklisted StartCom, WoSign and even Symantec for issuing certificates for *.google.com.

Any other countermeasures are also ineffective. For example mozilla can create 2 different digitally signed builds of firefox, one is without possibility to insert root CAs and implement a feature: when browser detects that a user was blackmailed into installed a root CA the browser patches itself into the build disallowing installing root CAs. But again, it can be undone by blackmailing users into installing malware undoing the changes. Also I think that limiting freedom of users to change browser settings is inacceptable.

Also Mozilla can disable installing root CAs completely in all regular versions. ESR designed for corporate usage should have this feature enabled.

So what you can really do is to preinstall a WebExtension having HTML files with information about Kazakh political parties and organizations opposing this and showing them on every startup and a zip of Tor + curl + minisign + bat file using other files to download Tor Browser Bundle and check its integrity. A user is instructed to save this file to desktop.

I disagree with this. Mozilla is not a political organization.

(In reply to Serge from comment #12)

Please, note that, according to https://atlas.ripe.net/measurements/22372655/#!probe and https://i.imgur.com/rFEjXKw.jpg, root CA cert used in MITM attack on Facebook has CN=Security Certificate.

I think it was just a test.

(In reply to swordangel from comment #14)

If the major "free-world" browsers blacklist the MITM certs, I think the government will just step up the game and force the people to install its own version of browser (maybe a fork of Firefox or Chrome) that accepts the MITM certs.

It will be extremely difficult to create their own web browser and force its installation to end users. Most of users will ignore it and complain to their providers about Firefox/Chrome breakage.

Russian government already tried to create Sputnik web browser (Chromium fork), no one installed it and they finally closed this project.

Appeal to the Mozilla Firefox developers

Hello to all!

I'm Software Engineer and citizen of Kazakhstan. This certificate is not implemented to protect users, but for political reasons. Kazakhstan has a dictatorship. This is done specifically to block "politically incorrect content.".

Look this link: https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=24691&LangID=E

The installation of this certificate leads to the leakage of personal data, as well as special services of Kazakhstan will be able to selectively block Internet pages. If it is allowed to install this certificate, the authorities will pursue innocent citizens of Kazakhstan for politically motivated reasons.

That's all I wanted to say.

(In reply to Serge from comment #12)

root CA cert used in MITM attack on Facebook has CN=Security Certificate ... http://qca.kz/ has CN=Quaznet Trust Network.

CN=Security Certificate is the intermidiate CA signed by CN=Qaznet Trust Network. The root CA does not have to be included into the chain shipped as a part of a handshake as the user's device already kinda "has" it, so it can be referenced by ID to save some handshake bandwidth.

One can extract the certificates from json of the RIPE Atlas measurement. They can also be seen here. The trust chain is:

# part of TLS handshake, also public key is rsa 1024(!)
Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com
Issuer: C=KZ, CN=Security Certificate
X509v3 Subject Key Identifier: DC:7E:D6:53:6E:A5:00:29:59:56:5E:9E:3B:90:E4:55:78:ED:3B:FE
X509v3 Authority Key Identifier: keyid:5E:4D:90:82:7F:86:EB:5A:F4:83:15:F4:50:8E:AB:3A:E9:72:4D:A9

# also part of TLS handshake
Subject: C=KZ, CN=Security Certificate
Issuer: C=KZ, CN=Qaznet Trust Network
X509v3 Subject Key Identifier: 5E:4D:90:82:7F:86:EB:5A:F4:83:15:F4:50:8E:AB:3A:E9:72:4D:A9
X509v3 Authority Key Identifier: keyid:F4:94:BF:DE:50:B6:DB:6B:24:3D:9E:F7:BE:3A:AE:36:D7:FB:0E:05

# self-signed root downloaded from qca.kz
Subject: C=KZ, CN=Qaznet Trust Network
Issuer: C=KZ, CN=Qaznet Trust Network
X509v3 Subject Key Identifier: F4:94:BF:DE:50:B6:DB:6B:24:3D:9E:F7:BE:3A:AE:36:D7:FB:0E:05
X509v3 Authority Key Identifier: keyid:F4:94:BF:DE:50:B6:DB:6B:24:3D:9E:F7:BE:3A:AE:36:D7:FB:0E:05

I agree with the assumption that the case is the pilot test with the real keys. ivlad posted screenshot on the 16th of July that have probably-root and probably-intermediate certificates swapped. That looks like DPI deployment mistake to me if I interpret the screenshot correctly. ¯_(ツ)_/¯

Severity: normal → critical
Has Regression Range: --- → irrelevant
Has STR: --- → yes
OS: Unspecified → All
Hardware: Unspecified → All
See Also: → 1232689, 1229827

Also Mozilla can disable installing root CAs completely in all regular versions. ESR designed for corporate usage should have this feature enabled.

I vote AGAINST that.

I think Google will instantly ban such CA too, because they use Certificate Transparency to track certificates, issued for their own domains.

... and drop its market share in Kazakhstan to ~ 0.01.

Mozilla is not a political organization.

There is ain't no thing as non-political organizations. For every organization it is possible to design a law making its operation on the territory of a state impossible. Mozilla claims it is committed to privacy and cybersecurity, but if privacy and cybersecurity are banned in a state - it is a political question, not technical. And this means that position of Mozilla on this question is a political position, not technical.

Russian government already tried to create Sputnik web browser (Chromium fork), no one installed it and they finally closed this project.

  1. Sputnik was created not by the state itself, but by a business with large state share. There is no sure that the motives for creation of Sputnik were political but financial. Lot of companies have own Chrome forks.
    2 It have not yet made operation of other browsers impossible. But it can be possible, for example, blocking all the ciphers except GOST in TLS. Because of controversies around their security properties it is unlikely they to be adopted by companies valuing users' privacy, such as browser developers and CAs. But some companies may see it as an opportunity to get Russian market and implement these algos and include root certs of Russian CAs.

sorry)
Article 4
2. The Constitution has the highest legal force and direct effect on the entire territory of the Republic.

Article 18

  1. Everyone has the right to privacy, personal and family secrets, protection of his honor and dignity.

See: Message of the Constitutional Council of the Republic of Kazakhstan dated June 9, 2017 No. 09-2 / 5 “On the state of constitutional legality in the Republic of Kazakhstan”

  1. Everyone has the right to confidentiality of personal deposits and savings, correspondence, telephone conversations, postal, telegraph and other communications. Restrictions on this right are allowed only in cases and in the manner expressly established by law.

See the explanation in the resolution of the Constitutional Council of the Republic of Kazakhstan dated August 20, 2009 No. 5

  1. State bodies , public associations , officials and the mass media are obliged to provide every citizen with the opportunity to familiarize himself with documents , decisions and sources of information affecting his rights and interests .

See the explanation in the Regulatory Resolution of the Constitutional Council of the Republic of Kazakhstan of August 20, 2009 No. 5

but, if you blocking all CA, main e-goverement site will not worked)

Putting the political aspect aside for a minute, I think it's important that the user be informed of what is means to add the certificate to their browser.

When following the steps to add the certificate to the browser it doesn't tell the user about the implications of their actions. There is no confirmation dialog after that step. Users that don't have prior technical knowledge will just gloss over that text and follow the government (or any attacker really) instructions.

https://imgur.com/a/TY4cWlC

It should be clearly written in bold: By adding this certificate you allow all your website visits to be intercepted by that certificate authority. It means that they can control and monitor your actions over the Internet.

(In reply to zimbatm from comment #28)

Some games have an interesting flow for dangerous actions - for example in MMOs, before deleting a character, you need to type "DELETE" before the button to do so unlocks. A similar flow could be implemented, in which a user would have to retype "I understand that the owner of this certificate can see everything I do online. Let me add this certificate." before the proper button gets enabled.

Having a persistent attention seeking UI element on screen indicating that the user's personal information might be leaking as a result of trusting a cert not recommended by Mozilla and having some kind of indication alongside a focused text input field might be a helpful passive means to tackle the problem.

FTR, it's not all HTTPS traffic that is MITMed. The MITM certificate is used only for connections to specific vhosts depending on SNI. Several vhosts are known to be affected besides www.facebook.com:

I highlight that as mail services do not sound like "content hosting endpoint" and "state-wide content filtering" sounds to me like a poor explanation to MITM them. Some users who have installed the certificate report that some(!) of facebook URLs present 403 blockpage during the MITM, but mail services do not fit well into that idea.

how about support DANE (https://tools.ietf.org/html/rfc6698) in Firefox?

We already have yellow warning sign for mixed content which is as far as i remember also used for sites that use a non-standard cert which i manually trusted myself. Isn't this what we need for this KZ cert too and maybe just a little bigger?

(In reply to Selek Respa from comment #34)

We already have yellow warning sign for mixed content which is as far as i remember also used for sites that use a non-standard cert which i manually trusted myself. Isn't this what we need for this KZ cert too and maybe just a little bigger?

Manually trusted certificate should not be yellow if I am owner of certificate and I am absolutely trust it.
But KZ certificate means that I cannot trust it 100%. So it is absolutely dangerous because we are sure it is MITM.

MITM finally started.

Google: https://i.imgur.com/fbrgxWH.jpg
Facebook: https://i.imgur.com/tPVEna5.jpg

Also they blocked access to qca.kz outside of Kazakhstan.

(In reply to Eugene from comment #36)

Also they blocked access to qca.kz outside of Kazakhstan.

Here's an archive.org copy of qca.kz:
https://web.archive.org/web/20190719082235/http://qca.kz/
Or without the Wayback Machine toolbar:
https://web.archive.org/web/20190719082235id_/http://qca.kz/

I made a copy of the certificate files 2 days ago just after this ticket was opened.
https://archive.org/details/qazca-ca-certificate
https://archive.org/download/qazca-ca-certificate

Can you block only CAs, that can sign domains? because there are corporate clients that use key authorization, and government websites such as egov, tax authorities, which will not work without http://www.pki.gov.kz keys and root certificates

otherwise, these actions can break the country's economy)

Hello! I am a citizen of Kazakhstan.
I am happy to see such post about this concern.
I vote for blocking this certificate!
Thank you!

Hello everyone!
I am a citizen of Kazakhstan. I vote for my human rights, and I kindly ask Google and Mozilla developers to block this certificate.
Thanks.

Flags: needinfo?(honey151994)

Here are some more affected domains those were not previously mentioned in this thread:

Hello!
I am not a citizen of Kazakhstan, but I am for freedom of speech and freedom of communication throughout the world. This is a very bad precedent. I do not want this to happen in my or another country.

[In general, please avoid adding "+1" / "me too" comments. Thanks a lot!]

Having trouble to comprehend the concern considering that various domains are utilizing reverse proxy cloud services where the TLS connection terminates (as in decrypts) at the service's edge server and either gets re-encrypted on the backend connection to the hoster or not even that. Which is basically the same what the KZ governement is doing and yet it causes such uproar whilst the same user accessing a domain via a reverse proxy provider does not mind (perhaps is not even aware of).

I'm for blocking this certificate. Free the traffic!

(In reply to vtol from comment #45)

Having trouble to comprehend the concern considering that various domains are utilizing reverse proxy cloud services where the TLS connection terminates (as in decrypts) at the service's edge server and either gets re-encrypted on the backend connection to the hoster or not even that. Which is basically the same what the KZ governement is doing and yet it causes such uproar whilst the same user accessing a domain via a reverse proxy provider does not mind (perhaps is not even aware of).

There is an immense, world of difference between situations where a service opts into sharing data with a third party; and when it does not.

If you want to further debate this point, please do not use this bug and instead start a thread on mozilla.dev.security.policy

(In reply to Tom Ritter [:tjr] from comment #47)

There is an immense, world of difference between situations where a service opts into sharing data with a third party; and when it does not.

If you want to further debate this point, please do not use this bug and instead start a thread on mozilla.dev.security.policy

The point is not about sharing data but whether any browser should be intrumental in a polical landscape whilst it is neutral in the corporate/commcerical equivalent?
No browser is warning its user when the TLS gets terminated (decrypted) by a man in the middle as long as the certifcate being used by MitM is compliant with the OS's a/o browser's cert store, which is the same underlying principle in both scenarios (polictial | commercial), as opposed of the browser being directly connected with the domain's actual host.

What is the descision criteria to label a government entity as bad and a commercial entity as good?
IMHO a browser should not be biased towards one or the other but occupy neutral terrritoty either way.

(In reply to Eugene from comment #0)

This will save privacy of all Internet users in Kazakhstan.

(In reply to Honey from comment #40)

I am a citizen of Kazakhstan. I vote for my human rights, and I kindly ask Google and Mozilla developers to block this certificate.

(In reply to Oleksandr Havrylov from comment #43)

I am not a citizen of Kazakhstan, but I am for freedom of speech and freedom of communication throughout the world. This is a very bad precedent. I do not want this to happen in my or another country.

Whilst there is an apparent demand to block the certificate none is explaining of why it would be justified to drag the browser vendors into political processes pertaining to particular countries, repsectively since when browsers are supposed to intervene with domestic affairs of a sovereign country?

I am not trying to defend whatever happens there but it seems rather unfair to offload the burden of political processes to browser vendors.
From my very own experience any such wrongfulness should be first addressed domestically and/or eventually escalated to some multiletaral body. But asking the browser vendor to be rebellious agaist a domestic law seems just wrong.

Takling about creating a precedent - if the certtificate gets blocked then such would have to happen with any other county that shows such aspiration - any other coutnry irresepctively of their state of domestic affairs.

(In reply to vtol from comment #48)

IMHO a browser should <...> occupy neutral terrritoty

The browser should not be neutral between privacy and eavesdropping, between authenticity and identity theft, between the truth and lies, between good and evil. It should support good. This was the point of firefox's existence from the very beginning. Otherwise why would people need it, if there is already Mi©®o$oft Inte®net Explo®e® on window$™? And if being good means becoming political, let it become political.

After all, if someone with full understanding of the consequences wants to surrender to eavesdropping and identity theft, maybe he should have the option to do so with the default build of the browser, I don't think the general common morale gives a solid answer here. But even then, the browser should not be neutral between the truth and lies, it should support the truth. In this particular case this means that the browser should make it absolutely sure that the user understands the consequences of his decision to proceed with the connection signed by this certificate, for example, by making the user type (type by himself, not just click "ok" somewhere, dangerous actions require strong confirmation) something like "I understand that if I proceed with this connection, Putin will know all data I transfer, including my credit card details and my username and password for internet banking. Moreover, he will be able to impersonate me in all activities I participate in using this connection, including taking loans under my name."

[edited per comment 52]

(In reply to vtol from comment #49)

since when browsers are supposed to intervene with domestic affairs of a sovereign country?

browser already intervene in commercial affairs by blocking websites trackers, because its catchword is to behave for citizen privacy.
So the answer could be another question : why the same reasoning could not apply here with domestic affair ?

What is the descision criteria to label a government entity as bad and a commercial entity as good?

The whole purpose of the entity is here clearly identified as against the major Mozilla mantra: privacy. It can be the criteria.

(In reply to twolaw from comment #51)

browser already intervene in commercial affairs by blocking websites trackers, because its catchword is to behave for citizen privacy.

different semantics - trackers are ingress whilst MitM is mostly egress (& only then ingress). Morever, trackers are entities with a defined pattern to which the entire internet community is exposable whilst governemtns with their decisions/laws are less so and their domestic affairs impacting only their population mostly.

The whole purpose of the entity is here clearly identified as against the major Mozilla mantra: privacy. It can be the criteria.

Not sure whether Privacy in the Moz culture includes protection from governmental eavesdropping, which likely cannot be even escaped at all - at least not without additional measures than the vanilla browser installation and the necessary configuration of the remote server node.
Blocking the certificate entirely may have some repercussions such as potential loss of access to governemental online services.


(In reply to cfi9pnik from comment #50)

The browser should not be neutral between privacy and eavesdropping, between authenticity and identity theft, between the truth and lies, between good and evil. It should support good. This was the point of firefox's existence from the very beginning. Otherwise why would people need it, if there is already Mi©®o$oft Inte®net Explo®e® on window$™? And if being good means becoming political, let it become political.

That is a lot to ask of a browser, bascially being a moral authority for all that. It would require its developers being beyond reproach and maybe then still not meeting every user's own perpective/perception of the world.

After all, if someone with full understanding of the consequences wants to surrender to eavesdropping and identity theft, maybe he should have the option to do so with the default build of the browser, I don't think the general common morale gives a solid answer here. But even then, the browser should not be neutral between the truth and lies, it should support the truth. In this particular case this means that the browser should make it absolutely sure that the user understands the consequences of his decision to proceed with the connection signed by this certificate, for example, by making the user type (type by himself, not just click "ok" somewhere, dangerous actions require strong confirmation) something like "I understand that if I proceed with this connection, Putin will know all data I transfer, including my credit card details and my username and password for internet banking. Moreover, he will be able to impersonate me in all activities I participate in using this connection, including taking loans under my name."

An explicit warning is a different approach than the blocking of the certificate as being requested.

Another consideration might be the actual impact of Moz certificate store on the the different OS platforms and the various applications that each of the remote services might offer, e.g.

  • does the Facebook client app on macOS/iOS rely on the Moz certificate store?
  • does a Twitter client app on a Linux desktop rely on the Moz certificate store?
  • does the Google app on Android rely on the Moz certificate store?
  • does the TamTam chat client on Win rely on the Moz certificate store?

If the OS and browser vendors do not act unified on blocking the certificate it would probably be of little consequence whether the certificate gets blocked in the Moz certificate store only.

(In reply to vtol from comment #53)

lot to ask of a browser, bascially being a moral authority

Nobody is asking of a browser to be a moral authority and to define moral. This bug is asking the browser to follow the already known moral, which says that encrypted data theft is bad.

(In reply to vtol from comment #54)

Of course, other browsers and operating systems, if they are good, also should fight this certificate. But obviously, mozilla should not wait for the others to begin, some entity has to be the first one.

(In reply to cfi9pnik from comment #56)

This bug is asking the browser to follow the already known moral, which says that encrypted data theft is bad.

  • any TLS traffic implemented in a version below v1.3 is prone to MitM. Most exit nodes do not support v1.3 yet and no browser warns about such - as long as the certificate used by the MitM is compliant with the respective certificate store that is being utilized
  • that data is being thieved by the entity in question is based on which evidence? So far it is proclaimed as a protective measure
  • safeguard in similar fashion is also cited by various reverse proxy services, and there are quite few, who terminate the TLS connection at their edge servers and are thus are able to access the traffic in the clear (for Deep Packet Inspection or so they claim). And no browser is altering the user to it.

What is the governing criteria to label one bad and the other good since both do the same - decrypt a TLS connection that the user trusts reaches uninterrupted the node actually hosting the data that is being displayed in the browser but in fact is not uninterrupted?

Of course, other browsers and operating systems, if they are good, also should fight this certificate. But obviously, mozilla should not wait for the others to begin, some entity has to be the first one.

The point of that is that potentially blocking (hard coding) it in the Moz store will achieve little in terms of "all HTTPS traffic in". Others may follow suit or not, and if not the benefit is rather marginal.


Just imagine a country where any OS or browser vendor is incorporated or wants to do business with enacts a law in the same spirit. Would the vendor defy such domestic law or play ball (after consultations with its legal department)?

Every certificate issued and used on the public internet without a domain owner's permission has to be added to a blocklist.
Natural persons should have the ability to configure local snake oil, but they must have a free choice and working internet by default.
A country is not a corporate environment. But even there they can only regulate with adequate means as customers and employees are humans with international rights, too. Apple, Google, Microsoft and Mozilla should hold up these principles.

(In reply to Jan Andre Ikenmeyer [:darkspirit] from comment #58)

A country is not a corporate environment. But even there they can only regulate with adequate means as customers and employees are humans with international rights, too. Apple, Google, Microsoft and Mozilla should hold up these principles.

That would the ideal but (the sad) reality seems different.
Is there a(n) (inter)natioal legislation that grants people the privilege to umimpeded encrypted internet traffic?

That vendors have played ball happened (BlackBerry in various countries), and still happens (big A/M/G in places of sizeable business interest) or face the consequences (banned vpn services, messenger apps).

Bugzilla is not an appropriate forum for this kinds of debate. I'd like to ask everyone to stop arguing their respective positions in these bug comments.

I'm tagging this comment for BMO admin review.

Kazakhstan government is trying to integrate mitm attack by parasitizing on popular web browsers like Mozilla Firefox. They are selling it under the guise of citizen protection. I think that it is important for popular browsers to protect their reputation by introducing certificate blocklists.

Totalitarian government can try to force people to install custom browser without certificate blocklists. I think that such browser can be sold under the guise of besieged fortress only. North Korea is the only country with suitable ideology today. So I think that custom browser is not possible.

Certificate blocklist can destroy any government attempt of capturing encrypted traffic. I want to ask Mozilla to think about this feature as serious as possible. Belarus and Russia governments are waiting today for Kazakhstan results.

Thank you.

Hi everyone.

I'm speaking in my role as one of the moderators for Bugzilla.

First, I want to thank you all for your concern and raising the issue. Reviewing certificates is an important part of protecting the Open Web.

Second, I want to remind you that Bugzilla is for discussing the technical aspects of bugs and we want to keep the discussion in the bug focused on that. Discussions about our policies on CAs should go to our dev-security-policy forum.

Third, accusing people commenting on the bug of being sock puppets of one party or another is not helpful, and moderators have my blessing to put a stop to those sorts of comments.

And lastly, we have a mailing list for discussion of CAs, https://lists.mozilla.org/listinfo/dev-security-policy, and the CA team's policies and processes are https://wiki.mozilla.org/CA.

Thank you,

Emma Humphries, Bugmaster

FYI: you don't need to set the needinfo flag on a bug for yourself. If you want to bookmark a bug you can add yourself to the cc list on the bug or save the bug's URL to your favorite URL manager.

Flags: needinfo?(honey151994)

I'd also add that SNI seems to be the only factor that is used to decide if the connection should be MitM'ed or not. E.g. connections to IP addresses of the unaffected domains WILL BE MitM'ed if those connections present "affected" SNI as a part of ClientHello. E.g. it's possible to "issue" fake certificate for www.colorado.edu, mail.yandex.ru, for online banking like online.sberbank.kz and so on.

I'm highlighting that for two reasons:

  • the mere fact that the certificate was issued for some domain is not a cryptographic proof that actual active MitM attack was carried out against browsers (as browsers usually send "sane" SNI), it's just a proof of some strange configuration of the MitM equipment
  • these auto-issued certificates have RSA exponent of 3 that make RSA vulnerable to some attacks. It's unclear to me if an attack against this exponent can realistically be carried out to recover the key for the certificate and put the users trusting CN=Qaznet Trust Network at even greater risk. I'm not a cryptographer, so I hope that someone else understands the implementation better than I do and can comment on that.

This could lead to a dot release, tracked as a blocking issue for 68.

it seems it's not MITM anymore, maybe need to name it "GITM"

The priority flag is not set for this bug.
:kwilson, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(kwilson)
Flags: needinfo?(kwilson)
Priority: -- → P1

(In reply to vtol from comment #49)

drag the browser vendors into political processes

"Not being dragged into political processes", "staying away from political processes", "keeping a neutral position in political processes" sounds like an euphemism for "keeping the neutral position between the good and the evil", "supporting the good and the evil equally well". And I think Mozilla should not support evil, it should support good and oppose evil with all reasonalbe efforts.

The Kazakhstan government declared yesterday it ends testing of the certificate, claiming it was a success [1]. Mr. Tokaev, the President of the Republic of Kazakhstan, thanked the National Security Committee for the testing [2] and various sites started posting instructions on removing the certificate from phones [3].

Therefore, in my opinion this bug should be closed as INVALID.

[1] https://tengrinews.kz/kazakhstan_news/knb-zavershil-testirovanie-sertifikata-bezopasnosti-375822/
[2] https://rus.azattyq.org/a/30096331.html
[3] https://www.zakon.kz/4980549-kak-udalit-sertifikat-bezopasnosti-s.html

Actually no, this bug cannot be closed, since this CA is already installed by many users. Authorities also claim that this certificate may still be used in the future under certain circumstances:

The use of the security certificate will be carried out in the future when there is a threat to national security in the form of cyber and information attacks, with prior notice to the citizens of Kazakhstan.

(In reply to StudioMaX from comment #70)

Actually no, this bug cannot be closed, since this CA is already installed by many users. Authorities also claim that this certificate may still be used in the future under certain circumstances:

The use of the security certificate will be carried out in the future when there is a threat to national security in the form of cyber and information attacks, with prior notice to the citizens of Kazakhstan.

I agree this issue cannot be closed. Firefox should block this certificate and warn users.
In addition I think solving this issue will give good experience in case of similar issues in the future.
So response from Firefox ecosystem will be immediate and all sniffing attempts will be blocked ASAP.

This certificate is now in OneCRL.

Error message enhancements that will improve Mozilla's ability to respond to future threats of this nature are being tracked in bug 1569357.

Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED

They added another certificate to their site:
http://qca.kz/security.cer
I don't know what it's purpose, but i think you should blacklist it too.
The certificate also available on http://qca.kz/ .

(In reply to mihakulko2008 from comment #74)

They added another certificate to their site:
http://qca.kz/security.cer

Could you attach the security.cer file here? Like comment #36 says, connections to qca.kz are blocked from outside Kazakhstan. Most people cannot easily download the file.

Ideally, also include the server headers, so we may see the Last-Modified timestamp. If you know how to use the command line, one of these commands will work:

curl -i -O http://qca.kz/security.cer
wget --save-headers http://qca.kz/security.cer
Attached file security.cer

After installing certificate I can access check.qca.kz , but it doesn't MITMing facebook and another web sites.

Attached image check.qca.kz
Attached image facebook.com

(In reply to StudioMaX from comment #76)

Headers: https://pastebin.com/NDtJHJeb

HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Sat, 07 Sep 2019 **:**:** GMT
Content-Type: application/x-x509-ca-cert
Content-Length: 1647
Connection: keep-alive
Content-Disposition: attachment; filename=security.cer
Last-Modified: Thu, 29 Aug 2019 05:01:08 GMT
Cache-Control: public, max-age=43200
Expires: Sun, 08 Sep 2019 **:**:** GMT
ETag: "***"

Cert: https://pastebin.com/wNJp0Mkz

-----BEGIN CERTIFICATE-----
MIIEkzCCAnugAwIBAgIUXk2Qgn+G61r0gxX0UI6rOulyTakwDQYJKoZIhvcNAQEL
BQAwLDELMAkGA1UEBhMCS1oxHTAbBgNVBAMTFFFhem5ldCBUcnVzdCBOZXR3b3Jr
MB4XDTE4MDIxMjA2MzY1NloXDTIxMDIxMjA2MzY1NlowLDELMAkGA1UEBhMCS1ox
HTAbBgNVBAMTFFNlY3VyaXR5IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA8/Z7LmBvaxIz2Ju1lCYLK+0aMEmQQ5ZqClEWtPJjt2fp
evWm3bIjlqNBGR0gOdepDG6Mm2bJzwuFOu44i7rVR+rAXOS6QtXXv2/vHNDRLFkb
4vgZa6vjzy5jch/QgPPQf5QW5fLV5ZQthVJjarbUWe4r7/QhseKvwEoqm+SRv8F8
zxANn6ykI1D8J89N4px+33xZwNA0Av0GK/b2x54ZSpgSeuVfksAc+nS1yi3AHczB
BX5/Zp4uBiTNv00v3x9UQmAQEnvDCdvlmzguB2b/Qh3mB5ZTF1UHtqU7fxtzXZJR
Vnux2FN0DG5WhtLGnuj028hzvdLI8MGvbW4IqDK93QIDAQABo4GsMIGpMA8GA1Ud
EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBReTZCCf4brWvSD
FfRQjqs66XJNqTBnBgNVHSMEYDBegBT0lL/eULbbayQ9nve+Oq421/sOBaEwpC4w
LDELMAkGA1UEBhMCS1oxHTAbBgNVBAMTFFFhem5ldCBUcnVzdCBOZXR3b3JrghQ9
lX/KH4wPyGksAZlOtVIxA1ud8TANBgkqhkiG9w0BAQsFAAOCAgEAuer7RPCz9ZLF
iazemcfNQnjQzGY4BkXo7HvuvPqhwwRw6KU9VSdGXkAogIGYyREO9zSrPDvQC5mu
dnpQXif9ViJajW1VuZKMDmRi0WQOjst7JgkpALeVKRTX99+wsxjWQwx0OM9jG0/U
6GGkP6nA4SruRnLp0IkrAD8YqlheIIJWwXP9nAd+9zc9A8uk++nSpUhi1+r21mD9
ZhTlKNLOCY7N+xF5ehYyP4nqdKx57xDaPKkU62FOUiUE9Qcwmmpe3kEW/KYF4GMo
XtXzvFbb8g1vR3IOVaCn7cQs2GQPUntsWtLnvNOFCq8J7rhbKsiGIeGN9cSbo8Yf
jeWOE9aO5qbv8C+Sn7IoO91kGJ9ht5AZNMwT2pWnnIg24knbnbdz8Kki9yG/+QrK
WqL5qSf7DMF+MG2i1Gew3VxO/0kXR8dZquQvsKtvUEEUeLnkjpIr0H76mvTYxA+7
GOBn0Jdb4MAFKi5gufKOwBa+vuNvotY5s8R40Iz1JfcFjMpJ4GzfKXXWWv5FE1pN
hr2z3Kqe2hFxsQIWa80T9sEVey0rNjQrpWLBemt6Hz1Tp9PZY0yR3LROtUGSlFG+
Zq2+HQdxUrUQGB9xOMWnW5SzqJ3pv7Z7s4Yv/iYftOihomn9f1YZS/sr1R5g92n7
ifYMSWmTtfs4H8okXL/Y7JJrWy30ZLI=
-----END CERTIFICATE-----

I have downloaded the security.cer file myself, using a VPN Gate server located in AS 21299 in Kazakhstan. It matches what StudioMaX posted above and the attachment in comment #77. I have archived the file at https://archive.org/details/qazca-security.cer-ca-certificate. Currently, for me, http://qca.kz/ returns status code 500, internal server error, but direct links to the certificate files still work. I checked, and there is no corresponding security.der nor security.pem to go along with security.cer.

For reference, here are the HTTP transactions archived in WARC format:

You need to log in before you can comment on or make changes to this bug.