tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Mozilla rootcerts



maya%netbsd.org@localhost writes:

> So, AFAIK, the only source of root certificates we have is the
> mozilla-rootcerts package.

As far as I know, too.  It's an interesting question whether there are
other lists of CAs under a reasonable license and in use by other
open-source entities.

> It uses this list maintained by Mozilla:
> https://hg.mozilla.org/mozilla-central/file/tip/security/nss/lib/ckfw/builtins/certdata.txt
>
> Mozilla announced they will distrust Symantec*, but haven't done this by
> changing the certdata file. After asking, it turns out they document
> additional changes they apply on top:
> https://wiki.mozilla.org/CA/Additional_Trust_Changes

I had foolishly thought that the file of trusted root certificates was
the list of trusted root certificates :-)

I am guessing that OpenSSL and gnutls do not have this same kind of
custom processing.

> I am tempted to modify the rootcerts package to distrust any CA needing
> more complicated rules than "full trust". As in, manually distrust:
> - Kamu SM, Turkish govenrment CA
> - ANSSI, French government CA**
> - Symantec
>
> Additionally, the list of "Symantec" is very long. At the original post
> it included VeriSign. It no longer seems to. I'll need to find an
> updated list.

You could look in the nss source code, which seems to be what counts.

Overall, it seems to me that the intent of the mozilla-rootcerts package
is to enable openssl to have configured as trust anchors the same set of
CAs that firefox would use.  So if you were able to implement their
rules exactly, that seems clearly appropriate.

That leaves basically two complexities:

It seems there are several intermediate CAs operated by others
(e.g. Apple, Google) that have presumably had separate audits, and
mozilla is whitelisting them but only until October (which is
practically tomorrow).  I am guessing the notion is that they are
getting (or have already) an intermediate certificate from a
still-respected CA.  Still, I wonder how much fallout there is when
using the reduced certlist as you proposed.

The second is that the Turkish and French CAs are in an odd position of
being valid for names within their own countries, but otherwise not.
I'm not clear on how that ended up, but it smells of "CA doesn't
actually meet the requirements (because then it would just be listed
without the caveat), but we're going to accept the reality that it has
significant standing in that country).  So in this case, leaving it out
seems ok, but I'd like to hear from users in those countries.

So have you made the modification you are tempted to make locally, and
ran with it?  That would be an interesting data point too.

The other interesting question is what FreeBSD, OpenBSD, and the various
GNU/Linux distributions are doing and why.

Attachment: signature.asc
Description: PGP signature



Home | Main Index | Thread Index | Old Index