Date: Sat, 3 Dec 2022 22:16:45 -0800 From: Gordon Tetlow <gordon@tetlows.org> To: grarpamp <grarpamp@gmail.com> Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org, freebsd-hackers@freebsd.org, freebsd-current@freebsd.org, freebsd-pkg@freebsd.org Subject: Re: CA's TLS Certificate Bundle in base = BAD Message-ID: <3FD4E3F3-EAAB-41E9-9381-D98971A9B928@tetlows.org> In-Reply-To: <CAD2Ti2-G0njfjis=Lq46BXs88OvJPGNHvauzv%2BNfnDBgS9mZPQ@mail.gmail.com> References: <CAD2Ti28EPBshbVEJbT8WE-OiWq_qMTS3b=LeQSfJrOfkFT4VJg@mail.gmail.com> <CAD2Ti2-G0njfjis=Lq46BXs88OvJPGNHvauzv%2BNfnDBgS9mZPQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_FDFA50E6-4E04-4D5A-B496-04FE5C561A0F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Dec 3, 2022, at 5:26 PM, grarpamp <grarpamp@gmail.com> wrote: >=20 > Again, FreeBSD should not be including the bundle in base, if users > choose to, they can get it from ports or packages or wherever else. > Including such bundles exposes users worldwide to massive risks. > You need to do more gpg attestation, pubkey pinning [1], tofu, and > cert management starting from empty file... and quit trusting bundles = of > hundreds of random CA's, all of which are entities who have zero duty > or care to the user, and often exist/corrupt/break to present evil [2] = ... >=20 > [1] > = https://github.com/curl/curl/blob/master/docs/cmdline-opts/pinnedpubkey.d > = https://github.com/curl/curl/blob/master/docs/libcurl/opts/CURLOPT_PINNEDP= UBLICKEY.3 >=20 > FreeBSD pkg(8) (aka, and: fetch(3)) don't even support this simple = option, > thus they're incapable of securely fetching packages, iso's, etc from > servers in re [2]. Nor does FreeBSD even post sigs over its servers = pubkeys > for users to get, verify, and pin out of band. Even pubkeys were = swapped out > on FreeBSD servers without announcing for users if any exploit or loss = occurred > there or for some other reason. That's all bad news :( But can be = fixed :) Key pinning is a bad idea that 100% will cause outages. As a thought experiment, let's suppose I (as the Security Officer) use = the system you propose and require users to pin specific keys on our = publicly available servers. Now let's further suppose that the project = is compromised such that we believe those certificates might be in the = hands of the attacker, but we aren't sure. I'm now stuck between a rock = and hard place. Should I rotate the pinned certificate? In your proposed = system, rotating that pinned certificate will cause massive downstream = failures for all users. Since we aren't sure, maybe I'll leave the = existing certificate in place, because I don't want to cause those = outages since I'm not sure it's a problem. In the publicly trusted CA system, I can easily rotate the certificate = even if I don't believe it was compromised. It incentivizes better = behavior. Also, please don't lecture me on the problems with the = publicly trusted CA system: I'm very familiar with them. That said, it's = the system we have and I have no interest in trying to tilt at that = particular windmill. In any event, nothing is preventing you from doing this on your own as = the system ships with the tools to do so. Recognize the project has a = need for cryptographic agility and ability to change certificates = whenever we need to. Running our own root CA infrastructure necessary to = provide a similar level of assurance to a professionally run CA is = non-trivial and I don't believe we as a project are in a position (or = interested) in taking on such a burden. Gordon= --Apple-Mail=_FDFA50E6-4E04-4D5A-B496-04FE5C561A0F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"content-type" content=3D"text/html; = charset=3Dus-ascii"></head><body style=3D"overflow-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;">On Dec 3, = 2022, at 5:26 PM, grarpamp <grarpamp@gmail.com> = wrote:<br><div><blockquote type=3D"cite"><br = class=3D"Apple-interchange-newline"><div><span style=3D"caret-color: = rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none; float: none; display: inline !important;">Again, = FreeBSD should not be including the bundle in base, if users</span><br = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none;"><span = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; float: none; = display: inline !important;">choose to, they can get it from ports or = packages or wherever else.</span><br style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none;"><span style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none; float: none; display: inline = !important;">Including such bundles exposes users worldwide to massive = risks.</span><br style=3D"caret-color: rgb(0, 0, 0); font-family: = Helvetica; font-size: 12px; font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none;"><span style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; = font-size: 12px; font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; float: none; display: inline !important;">You need to do more gpg = attestation, pubkey pinning [1], tofu, and</span><br style=3D"caret-color:= rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none;"><span style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none; float: none; display: inline !important;">cert = management starting from empty file... and quit trusting bundles = of</span><br style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; = font-size: 12px; font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none;"><span style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; = font-size: 12px; font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; float: none; display: inline !important;">hundreds of random CA's, = all of which are entities who have zero duty</span><br = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none;"><span = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; float: none; = display: inline !important;">or care to the user, and often = exist/corrupt/break to present evil [2] ...</span><br = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none;"><br = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none;"><span = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; float: none; = display: inline !important;">[1]</span><br style=3D"caret-color: rgb(0, = 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none;"><a = href=3D"https://github.com/curl/curl/blob/master/docs/cmdline-opts/pinnedp= ubkey.d" style=3D"font-family: Helvetica; font-size: 12px; font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; orphans: auto; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; widows: auto; word-spacing: = 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: = 0px;">https://github.com/curl/curl/blob/master/docs/cmdline-opts/pinnedpub= key.d</a><br style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; = font-size: 12px; font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none;"><a = href=3D"https://github.com/curl/curl/blob/master/docs/libcurl/opts/CURLOPT= _PINNEDPUBLICKEY.3" style=3D"font-family: Helvetica; font-size: 12px; = font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; orphans: auto; text-align: start; text-indent: = 0px; text-transform: none; white-space: normal; widows: auto; = word-spacing: 0px; -webkit-text-size-adjust: auto; = -webkit-text-stroke-width: = 0px;">https://github.com/curl/curl/blob/master/docs/libcurl/opts/CURLOPT_P= INNEDPUBLICKEY.3</a><br style=3D"caret-color: rgb(0, 0, 0); font-family: = Helvetica; font-size: 12px; font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none;"><br style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; = font-size: 12px; font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none;"><span style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; = font-size: 12px; font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; float: none; display: inline !important;">FreeBSD pkg(8) (aka, = and: fetch(3)) don't even support this simple option,</span><br = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none;"><span = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; float: none; = display: inline !important;">thus they're incapable of securely fetching = packages, iso's, etc from</span><br style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none;"><span style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none; float: none; display: inline !important;">servers = in re [2]. Nor does FreeBSD even post sigs over its servers = pubkeys</span><br style=3D"caret-color: rgb(0, 0, 0); font-family: = Helvetica; font-size: 12px; font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none;"><span style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; = font-size: 12px; font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; float: none; display: inline !important;">for users to get, = verify, and pin out of band. Even pubkeys were swapped out</span><br = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none;"><span = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; float: none; = display: inline !important;">on FreeBSD servers without announcing for = users if any exploit or loss occurred</span><br style=3D"caret-color: = rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none;"><span style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none; float: none; display: inline !important;">there = or for some other reason. That's all bad news :( But can be fixed = :)</span></div></blockquote></div><br><div>Key pinning is a bad idea = that 100% will cause outages.</div><div><br></div><div>As a thought = experiment, let's suppose I (as the Security Officer) use the system you = propose and require users to pin specific keys on our publicly available = servers. Now let's further suppose that the project is compromised such = that we believe those certificates might be in the hands of the = attacker, but we aren't sure. I'm now stuck between a rock and hard = place. Should I rotate the pinned certificate? In your proposed system, = rotating that pinned certificate will cause massive downstream failures = for all users. Since we aren't sure, maybe I'll leave the existing = certificate in place, because I don't want to cause those outages since = I'm not sure it's a problem.</div><div><br></div><div>In the publicly = trusted CA system, I can easily rotate the certificate even if I don't = believe it was compromised. It incentivizes better behavior. Also, = please don't lecture me on the problems with the publicly trusted CA = system: I'm very familiar with them. That said, it's the system we have = and I have no interest in trying to tilt at that particular = windmill.</div><div><br></div><div>In any event, nothing is preventing = you from doing this on your own as the system ships with the tools to do = so. Recognize the project has a need for cryptographic agility and = ability to change certificates whenever we need to. Running our own root = CA infrastructure necessary to provide a similar level of assurance to a = professionally run CA is non-trivial and I don't believe we as a project = are in a position (or interested) in taking on such a = burden.</div><div><br></div><div>Gordon</div></body></html>= --Apple-Mail=_FDFA50E6-4E04-4D5A-B496-04FE5C561A0F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FD4E3F3-EAAB-41E9-9381-D98971A9B928>