Closed Bug 471702 Opened 15 years ago Closed 15 years ago

StartCom's key for bogus www.mozilla.com certificate should be destroyed

Categories

(CA Program :: CA Certificate Root Program, task)

task
Not set
major

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: samj, Assigned: hecker)

References

()

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5
Build Identifier: 

CA (SmartCom) founder, Eddy Nigg, claims[1] to have succeeded in fraudulently obtaining a trusted certificate[2] for mozilla.com from a competitor (Comodo) with a view to exposing their failure to ensure validation checks are conducted[3]. The certificate was installed on an Internet-facing Apache 2.2.3 server at https://192.116.242.23 as "proof" and according to Eddy the "keys are kept securely for evidence" despite admission from the CA (Comodo) that the problem was "one RA" (CertStar)[4] and there being no question raised about the certificate having actually been issued[5]. He then threatened[6] to "publish the private key for the mozilla.com certificate as well so everybody can enjoy it" and has since avoided making a commitment to destroy it despite repeated requests[7].

In my opinion (given the sensitive nature of the domain in question) posing as the Mozilla Corporation to obtain the offending certificate, let alone installing it on an ancient Internet-facing Apache server and threatening to release the corresponding private key (whether or not a joke) constitutes gross negligence and is certainly not the type of behaviour I expect from someone responsible for a trust anchor. I have disabled all offending CAs (including SmartCom) and recommend that others do the same, at least until such time as these issues are resolved.

Furthermore, Paul Hoffman aptly notes[8] that "given that Startcom has the ability to issue bogus certificates like the kind that Eddy is threatening, I would think that a public statement like [this] is relevant to Mozilla or Microsoft deciding whether or not the organization is trustworthy".

I would hope that Mozilla also take exception to the existence of a trusted mozilla.com certificate outside of their control and take action accordingly (assuming that SmartCom does not/has not already securely destroyed all copies of the corresponding private key). I would also suggest that this incident be taken into consideration in any future review of SmartCom's trust status.

Sam Johnston
CISSP

1. https://blog.startcom.org/?p=145
2. https://bugzilla.mozilla.org/attachment.cgi?id=354290
3. http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/e2755401a7dec203
4. https://bugzilla.mozilla.org/show_bug.cgi?id=470897#c24
5. https://bugzilla.mozilla.org/show_bug.cgi?id=470897
6. http://groups.google.com/group/mozilla.dev.tech.crypto/msg/f5cb4c02be6e9800
7. https://bugzilla.mozilla.org/show_bug.cgi?id=470897#c35
8. http://groups.google.com/group/mozilla.dev.tech.crypto/msg/55d437cb570978d4


Reproducible: Always
Depends on: 470897
(1) StartCom, not SmartCom. You should at least get the name of the company who you're attempting to threaten here, because they found a flaw in a competitor and who's owner has a poor view of a 3rd unrelated CA you want to defend (Bug 470897 Comment #41 Paragraph 1), correct. 
(2) Apache versions from various *nix distros usually have security patches backported without the original version being bumped, so the 2.2.3 (current is 2.2.11) version number here is rather meaningless.
I'm a happy user of Firefox, and a security researcher who has reported a number of security vulnerabilities in the past.  I've been following the discussion on dev.tech.crypto and on bug 470897, quietly so far, but given this bug entry I feel someone needs to speak up to defend Eddy Nigg.

From my perspective as a user and a security researcher, I applaud Eddy Nigg's actions.  I think his actions will improve security for Mozilla users.  I can't believe we see behavior of attacking the messenger who found and reported such a serious vulnerability; that's shameful and not in the interests of Mozilla users.  It's important that security researchers feel free to report problems they find to browser vendors, without fear that they will be lambasted for silly reasons.  The alternative is definitely worse for Mozilla users.

Moreover, I think the complaints about StartCom and Eddy Nigg here are weak.  I did not view any of Nigg's statements as a threat to the users; in fact, I viewed his actions as protecting users.  Based on what I've read on these threads, I'd be inclined to trust any CA that Nigg runs more than most of the big commercial CAs.  Just compare Nigg's statements to Comodo's statements, and it seems clear that Nigg is driven by a passion to protect Mozilla users, which is all too rare (all too often CAs seem to be driven by a desire to protect their brand more than the users).  If Mozilla takes any action at all, I would urge that Mozilla's action be to promote and thank StartCom, not demote it.

But based on all of the above, I would recommend that the request for review be denied and this bug entry be closed without further ado.
Right you are - it's my first encounter with them (and an ordinary one at that) so excuse me for getting their name wrong; I've updated the title accordingly. You can say what you like about any of the CAs as I'm not particularly enamoured with any of them right now; indeed if said 3rd CA were to present itself for inclusion right now I'd have my fair share to say. Also I've already acknowledged Eddy's "discovery" but that does not excuse his behaviour, including the relentless unprofessional bashing of his competitors.
Summary: SmartCom's bogus trusted certificate for www.mozilla.com should be destroyed → StartCom's bogus trusted certificate for www.mozilla.com should be destroyed
Re: comment #2 this was a request that the offending private key be destroyed on the grounds that there is no reasonable justification for it's continued existence, not a request for review of StartCom's inclusion. If this bug is to be closed without action it should be on the grounds that MoFo has no problems with someone running around with a trusted certificate for mozilla.com.
This issue has been solved to the satisfaction of Mozilla as far as I'm concerned. I leave it to Gerv to close this bug or follow up with me. 

It's my first post this year. May be 2009 a year of improved security for all Netizens. Cheers to all!
1. I was not aware that any act of fraud was committed. In my opinion, such an accusation should be taken very seriously. Please elaborate on the details.

2. Presumably the title of your bug "StartCom's bogus trusted certificate for www.mozilla.com should be destroyed" is incorrect, and should really refer to the private key -- the certificate has been widely published, cached, and has virtually no chance of being completely destroyed.

3. What action(s) would you propose Mozilla take for this issue to be satisfactorily closed in your opinion?

4. What action(s) would you propose parties other than Mozilla take for this issue to be satisafactorily closed in your opinion?
Re: comment #5, how so - are you saying it was already destroyed or that Mozilla are happy for you to have it, and if so for what purpose?

Re: comment #6:

1. fraudulent: false, phony (http://en.wiktionary.org/wiki/fraudulent), in that they claim to have (successfully) passed themselves off as (at least) the controller of the mozilla.com domain (if not Mozilla Corporation itself). Presumably by 'an act of fraud' you mean in the legal sense whereby there would be some gain - IANAL but it's quite possible that CertStar and/or Comodo are looking at it from this angle given the conflict of interest in that they are competitors. Their loss is potentially StartCom's gain, which is exactly why Eddy is not just any old security researcher and why he should have recused himself from the followup entirely rather than being the most active contributor.

2. I did specify in the description but have updated the title to 'StartCom's key for bogus www.mozilla.com certificate should be destroyed' nonetheless.

3. Mozilla could request that the corresponding private key be destroyed such that it could not be misused (eg if it were to fall into the wrong hands). Even though StartCom could mint their own mozilla.com certificate, their signing certs are hopefully better protected.

4. StartCom and/or Eddy confirm that the corresponding private key has been destroyed - they need not prove it as should it resurface they will have some explaining to do.
Summary: StartCom's bogus trusted certificate for www.mozilla.com should be destroyed → StartCom's key for bogus www.mozilla.com certificate should be destroyed
I was not aware that Eddy Nigg used any deception passed himself off as the controller of the mozilla.com domain. My understanding, from the various threads was he simply asked for a certificate for mozilla.com, and he got one. Please correct me if I'm wrong.
'Simply asking' for a certificate for a given domain is like 'simply asking' for cash from a given bank account or 'simply asking' for a passport in a given name; the CSR certainly contained 'www.mozilla.com' and while the application should have been denied there is no doubt whatsoever that it was made.
I'm sorry Sam, but I simply don't accept the proposition that asking for something constitutes fraud. In my opinion, if there was no deception -- no misrepresentation on the part of the requestor -- then your case for fraud is baseless.

From what I gather, Eddy Nigg asked for a certificate for a domain name, and was not challenged to establish himself as the rightful administrator of that domain. They just issued a certificate without any apparent due diligence on the part of the RA and/or CA. Please correct me if I am wrong.

I suggest you retract your allegation of fraud unless you can back it up with something stronger than the logic you've presented thus far.
The subject line of the certificate signing request (CSR):

C=IL, ST=South, L=Eilat, O=StartCom Ltd., CN=www.mozilla.com, E=webmaster@startcom.org  (attachment 354289 [details])

There was not even an attempt to hide who the requester is nor was there any attempt to pretend that we control mozilla.com. I even paid with a "verified" Paypal account of the company. Besides that, the certificate was created in order to prove non-validation and non-conformance by the issuer.

Sam..., starting from Gerv, Frank up to Mitchell all know me to various degrees in addition to another dozen or more developers and contributors. As indicated in comment 5 the issue of the private key has been dealt with accordingly. I think you can stop it now.
Paul (comment #10), if you'd like to test this theory then take yourself to http://www.verisign.com and request a certificate using whatever details you like with the domain 'www.mozilla.com' (or better yet, www.microsoft.com), then see how long it is before you are talking to (at least) their fraud department. In any case it's tangential - Eddy/StartCom have given no reason to trust them and many reasons not to; in my opinion this application was false and therefore fraudulent (whether or not it constitutes 'fraud' in the legal sense) but you feel free to insert whatever word makes you happy.

Eddy (comment #11), so I take it your argument is that since you guys all know each other you should be allowed to retain a valid, trusted certificate for an important piece of Internet infrastructure that could be abused in any number of ways? If by "the private key has been dealt with accordingly" you mean "securely destroyed" then please say so and close the bug - if not then please elaborate for an outsider who doesn't know any of you (and appreciate how this appears to the general public).

Thanks
It is not within the power of the owners of this bug system to fulfil this request. We cannot immediately compel Eddy to destroy the private key. So this bug is INVALID.

I personally would like him to do so - I think his point has been more than proved. (He has told me that he has taken the Internet-facing machine down which was hosting a website secured with the cert, but he has not told me that he has destroyed the key.) I also think it was unwise of him to pick mozilla.com as his test case, given the high risks that would be associated with the loss of the private key for a mozilla.com cert. However, unwise is not necessarily the same as fraudulent - I take no position on that question. But (if I have any say) we're obviously not going to sue him.

Gerv
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
If Sam Johnston is going to complain about other people's possible conflicts of interest, he is probably best off also disclosing his own.[1]

1. http://wiki.cacert.org/wiki/Officers?action=recall&rev=33
Paul, my volunteer work for a non-profit organisation is neither a secret[1] nor at all relevant. My views are my own and were I to be speaking on behalf of CAcert I'd have included them in my signature and/or said so overtly. I see that you also took exception to Eddy's conflict of interest[2] in noting that "as a competitor to Comodo he is a player in the game, and some of his posts come across somewhat differently when read in the light of that self-interest".

1. https://bugzilla.mozilla.org/show_bug.cgi?id=470897#c30
2. https://bugzilla.mozilla.org/show_bug.cgi?id=470897#c18
Ladies, put down the handbags, please.

Gerv
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.