Closed
Bug 647868
Opened 13 years ago
Closed 9 years ago
Implement a push mechanism for CA disaster revocation scenario
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 1024809
People
(Reporter: KaiE, Unassigned)
References
Details
Implement a push mechanism for CA desaster revocation scenario If we ever again see a CA maximum credible accident, we should be prepared to push out revocation information to clients. Let's imagine an UltimateSecurityCertificateAuthority (USCA) which had a reputation to be unhackable. But it turns out a hacker (or another bad person) finds a way to use the USCA's root key to create a certificate with the following properties: - the CA does not contain any pointers to revocation (i.e. no CRL nor OCSP urls) - the cert is issued directly from the root This means, clients wouldn't ask for dynamic revocation information. IMHO for scenarios like this, we (Mozilla software) should support a desaster revocation mechanism, sending out a desaster revocation list (DRL). A push mechanism should be used to inform clients dynamically of desaster revocations. The push could be integrated into the software upgrade mechanism, however, some users disable upgrade checking, because they run Linux or other enterprise upgrade deployments, so the check for desaster revocation would have to happen regardless of update checks. The DRL could be used to: - block a specific certificate - block a specific intermediate - block any certificate of a given distinguished name (DN), being either a builtin-root, or a cert not yet known to the client software In order to get implementation brainstorming started, I think the DRL mechanism could work in a way similar to this: - whenever we ship a new binary software release, it should embed (hardcoded in software) all previously known DRLs (this could be done either using code, or by adding data to the NSS trusted certificates list) - a client of version X should have to download only the most recent DRL data, which became known after version X - clients should store the DRL persistently. The only place that is guaranteed to be writable is the profile directory. - client must read from and cache the DRL list every time they start up In order to minimize the number of disk accesses, I propose that predictable file names are being used. For example, Firefox X might always attempt to read a file named X.drl from the profile directory. As soon as the binary is upgraded to Y = (X+1), the software will ignore the existing X.drl files, and search for Y.drl, only - the standard software upgrade mechanism could retrieve a new X.drl files into the profile directory. - Even after the Y release is ready, we must continue to produce X.drl for those clients, who can't yet do a binary upgrade The upgrade mechanism could dynamically query with the upgrade server, and the upgrade server could dynamically send out a file that contains the information from X and any newer versions.
Updated•13 years ago
|
Summary: Implement a push mechanism for CA desaster revocation scenario → Implement a push mechanism for CA disaster revocation scenario
Comment 1•13 years ago
|
||
I suggest that the DRL file has always the same naming convention, but probably should use an increasing serial number and date-time field.
What if the download of the DRL file is prevented? How about at least adding an expiration date to DRL files and nicely informing the user when his DRL file is stale?
Notifying users generally doesn't work. We could say that "firefox is not up to date" and try to force an update, but short of that, most other paths are confusing/unhelpful. Kaie: have you looked at how the MS Root killing stuff works? It's what MS used initially for Vista+. It isn't perfect, but it is kinda neat. It has a 7 day max ttl on its kill list (I.e. It will update at least every 7 days), and it checks for an update whenever it encounters an unknown root (I have no idea how often this happens in practice). Wrt how MS handles denial of access, I expect Windows Update would claim "your computer isn't up-to-date because we can't reach our update server", but I'm not certain (and I don't have the resources to test).
Comment 4•13 years ago
|
||
Brian, you wanna take assignment? /be
Comment 5•12 years ago
|
||
It seems Microsoft is doing something like this: http://blogs.technet.com/b/pki/archive/2012/06/12/announcing-the-automated-updater-of-untrustworthy-certificates-and-keys.aspx Gerv
Comment 6•9 years ago
|
||
Looking at the requirements listed in Comment 0, this looks pretty much like OneCRL to me. If I'm missing something, please feel free to re-open.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Comment 7•9 years ago
|
||
(Just in case anyone gets mislead by the summary of Bug 1024809, Bug 1130757 makes the necessary changes to allow OneCRL to revoke root certs as well).
You need to log in
before you can comment on or make changes to this bug.
Description
•