Closed Bug 665908 Opened 13 years ago Closed 8 years ago

Mozilla should be packaged with copies of certificates for high-value websites

Categories

(Core :: Security: PSM, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 744204

People

(Reporter: usenet, Unassigned)

Details

      No description provided.
The PKI/CA infrastructure has a major flaw: if any single root CA is compromised, either through technical means or human interference, it can issue certificates for any domain. This can be used to create undetectable man-in-the-middle attacks, thus making TLS protection useless. 

If Mozilla were to package secure (keyed?) hashes of the certificates for (say) the 100 top-ranking websites, and to trigger a security warning if the certificate presented was not the one that Firefox had stored, this would have the effect of greatly increasing the difficulty of performing this kind of man-in-the-middle attack.

Even if only the top 100 sites were protected in this way, a very significant security hole in the TLS security model would be tightened significantly for a substantial amount of the web's traffic. 

Note that none of this would be regarded as any kind of extra validation or recommendation of security for these sites: the packaged certificate hashes would not be used in any other way than to issue security warnings if presented certificates did not match. Various details would be needed to be worked out about certificate hash expiry times, etc., and procedures for keeping these hashes updated using the normal software update mechanism.
And what would you do with certificates that are replaced with new ones (old ones expired, compromised or for organizational reasons) ?
Thinking about all the possible cases in comment 2 further, the problem is more complex than I had imagined. I'll work on a more limited proposal that might have a better chance of working.
Component: Networking → Security: PSM
This is basically preloaded key pins, which we implemented.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.