More questions...
What about "RSA Security 2048 V3", same expiration date?
Presumably people have already tried disabling this certificate -- any bad effects yet?
(I disabled mine about a minute ago).
Digital certificate authority RSA Security on Tuesday acknowledged it issued a root authentication credential shipped in in the Mac operating system and Mozilla web browsers and email programs, ending four days of confusion about who controlled the ultra-sensitive document. The "RSA Security 1024 V3" certificate is a master …
surely i hope this is not the reason for my fucked up bank-account
who will ever be ABLE to testify 100% this could not have been a case of brilliant mitm attack ?
what proof can i have the last post of 'Kathleen Wilson' over at http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/b6493a285ba79998/26fca75f9aeff1dc does actually confirm this is a certificate issued by RSA
Who says she's the real Kathleen Wilson, why is this only now a topic ?
what IS going on ?
Dammit.
If I understand it correctly, this certificate can't be used to cause a problem for legitimate sites, since they would know the CA that they're using. the problem is that some unknown organisation is able to issue certificates validated by this credential. Not sure how big a problem that is, though, since they are still valid (ie they are issued by the CA they refer to). I'm sure something could be made of it, but it makes my brain hurt trying to work it out.
Anyway, if they can't track down the source then they (mozilla etc) should fix it asap, since trust in certificates and CAs is fundamental, and it has been undermined.
How this could be (ab)used (a different example);
1. Create a self signed CA
2. Create a cert signed by the above CA for your favourite bank/paypal/ebay etc.
3. Create an evil server on 'tinternet that looks like your favourite bank/paypal/ebay etc.
4. Place the CA signed certifcate on the server
Currently this isn't very effective as nothing points to your server, so go to the local cyber cafe and either hack the hosts file or DNS to point your favourite bank/paypal/ebay etc. to your evil server, again this isn't very effective as you'll get the cerificate warning, so import the CA certifcate into cyber cafe PC and no warning, the set name checks out and if your evil server is just (non transparrent) proxying the request back to your favourite bank/paypal/ebay etc. it even works (except your evil server has access to everything you type).
This is why (in addition to keyloggers) you should never use an unknown PC for secure transactions, what's worse about an "unknown" CA certificate (and the importance of never being able to break RSA keys) is that a bad CA cert compromises every single website.
Good explanation - I actually understood it. It emphasises the point that we place a lot of trust in the root certificates, such that any subversion of them can give a lot of power to the ne'er-do-well. So why are mozilla/RSA/both so sloppy about tracking their status as in this case?
RSA now seem to have remembered that this is their certificate after all:
https://bugzilla.mozilla.org/show_bug.cgi?id=549701#c5
So a raspberry to RSA for not keeping better track of their certificates
and another one to Mozilla for not retaining an audit trail for the
certificates embedded in their products.
Well, we certainly do not need any by default. I understand that the practice is for software vendors to accept hundred if not thousands of CA certificate by default to make things easy-peasy for the tech-illiterate crowd, but that rather defeats the very purpose of such certificates. I for one refuse everything by default and add the certificates manually as needed (and that of course include those for my own CAs, most of which are not validated by Verisign or any crook of the ilk).
"I understand that the practice is for software vendors to accept hundred if not thousands of CA certificate by default to make things easy-peasy for the tech-illiterate crowd"
That statement has no apparent basis in fact. I can't think of any software which "accepts" hundreds of CAs, never mind thousands. Can you share an example?
Pierre is correct, broadly, in the assertion that vendors add a large number of CA certificates automatically to their products for the purpose of providing a "Chain of Trust" to lower level certificates registered against the CA. This is how Mark Shuttleworth made is millions: by establishing a "MLM" certification chain.
The point Pierre is making is that there are a large number of Certification Authorities listed...because there are a lot of different companies that register their private certificates with all sorts of different authorities. In order to prevent "preferential" treatment of some sites over others, every major corporate certification root is included with most browsers, OS, etc. as a matter of course.
In reality, what Pierre suggest is the better course of action: remove ALL authorities from your certificate store, and only add them back in as you need them to authenticate web sites or other data sources that require a chain of authentication.
Of course, this assumes that you know what you're doing...which, as Pierre points out, most Netizens have no clue about.
Thank you for this dash of sanity! I admit that «thousands» of certificates was an exaggeration but you got my point. A CA certificate should be a trust pact between the end user and the CA; though I trust most of my software vendors to develop good software, I don't really trust them to «sign» these «trust pacts» in my place and select my points of entry in the famed «web of trust» (bleuargh).
Just look at the default list of certificate in Firefox: maybe not thousands, but most definitely over a hundred CA certificates (there are almost 20 just for Verisign!), most of which none of my users will come across, ever. That's as many potential security breaches.
@Pierre:
Yes, so every internet banking web site on the internet will throw up an error when a clueless netizen visits the site, whether the chain of trust is secure or not. I'm sure that wont cause any problems.
Don't be stupid. The average web user has no idea to evaluate this sort of thing, it's best left to somebody with technical knowledge and understanding. Like, maybe the browser developer.
It's nothing new - many have observed that the current situation where there are a dozen CAs who do at best the bare minimum of checks of their certificate applicants and where the users are so confused over whether to trust certificates or not (in the light of self-signed certificates, etc), the whole CA idea has become broken.
It's centered on dozens of "blessed as infallible" certificate issuers - and there can be no formulaic guarantees that people wielding such high-level "trust supply" are not prone to errors. Adding to this is the issue of "green address bar" vs "yellow address bar" certificates and the whole thing degenerates into a money extracting operation without proper services being provided.
<paranoia>
Is it not convenient that RSA "remembered" that they had issued the root cert and came forward at the last moment to claim fatherhood... what if this was spoof... what if they had been put up to cover it? Perhaps it is really someone else's? ...
Doesn't anyone remember the discovery of the _NSAKEY in Windows??
http://en.wikipedia.org/wiki/NSAKEY
</paranoia>
Convenient ?
What about RSA security appliances relying solely on ActiveX ( hence IE only ) to operate using a web interface which is actually sporting a certificate ( RSA 1024 v3 by chance ? huh ? ) which is actually determined " to contain errors " by ... of all browsers ... Internet Explorer
< paranoia >
This con RIEKS of something ending in spiracy.
Does it not ?
</paranoia>
Or simply business over safety ? cross-platform availability ?
Need - I - go - on ?
.....well, that is one of those Need to Know Compartmentalised Unknowns, Known to a Choosy Few, MeThinks :-)
""Either an unknown attacker somewhere in the world has had unlimited access to SSL traffic for an unknown amount of time, or the people who we have entrusted with this critical piece of web infrastructure can't even keep track of their own certificates.""
What do you imagine are the odds against it being an unknown lone attacker/hacker/code cracker, which would raise the distinct probability of continued unlimited world access being currently available and most likely more stealthily used for it to remain as an active unknown remote facility?
This merely highlights a problem that should have been blindingly obvious to everyone right at the start. Who do we trust, and what does it mean when we say we trust someone?
In SSL parlance, ``being trustworthy'' translates to ``paid some organisation a sack of dosh for a certificate'' for most, and ``were around to get their certificate included in key certificate stores'' for the happy few.
Not quite a ponzi scheme, but not something most of us would ordinarily recognise as ``trust''. And yet, it's the prevalent way of ensuring anything on the internet. How come?
I could answer that, but the message would get rejected by moderator for being black hole class cynisism. So supply your own, or badger el reg to put its experts from the intarwebt00bz desk on it.
A recent posting on Google Groups indicates the cert was created by RSA:
<quote>
I have received email from official representatives of RSA confirming that RSA did indeed create the "RSA Security 1024 V3" root certificate that is currently included in NSS (Netscape/Mozilla) and also in Apple's root cert store.
Kathleen Wilson
</quote>