Just days after news emerged of the attack on a registration authority in Europe tied to Comodo
that caused the revocation of a number of fraudulent certificates from
the major browsers, Mozilla officials have admitted that they made a
mistake by not disclosing the details of the incident to its users
earlier.
In a blog post published Friday,
Mozilla officials laid out the chain of events that culminated in the
disclosure on Wednesday by Comodo, Mozilla, Microsoft and others that
attackers had been able to compromise the network of a sub-agent trusted
by Comodo to issue SSL certificates. Comodo was aware of the attack
last week and began working with the browser vendors to ensure that the
fraudulent certificates the attackers issued for several high-value
sites–including Gmail, Yahoo and Hotmail–were revoked and blacklisted
in the browsers.
However, it wasn’t the browser vendors or Comodo
that disclosed many of the important details of the attack and the
machinations that took place in the background to repair the damage. Jacob Appelbaum,
a security researcher and member of the Tor Project, published a
lengthy explanation of what happened, which he worked out after noticing
a couple of interesting patches to Chromium and Firefox and working
backward to pinpoint what was going on.
Some in the security and
privacy community were critical of the browser vendors for not being
more open about the incident and warning users about the danger from the
fake certificates as soon as they knew about it. Now, Mozilla officials
say that they regret not coming forward sooner with the information
that they had.
“Mozilla did not publish the information we received prior to shipping
a patch. In early discussions, we were concerned that any indication
that we knew about the attack would lead to attackers blocking our
security updates as well. We also recognized that the obvious mitigation
advice we might offer (to change Firefox’s security preferences to
require a valid OCSP response in all cases, or to remove trust from
Comodo’s certificates, or both) risked causing a significant portion of
the legitimate web to break as well,” the company said in its post.
“Additionally, neither we nor Comodo have found any evidence of access
to their OCSP responder being blocked, either in Iran or anywhere else.
We have also found no evidence of any other sort of attack.
“In hindsight, while it was made in good faith, this was the wrong
decision. We should have informed web users more quickly about the
threat and the potential mitigations as well as their side-effects.”
The
Online Certificate Status Protocol (OCSP) is a system used to
communicate data about certificate revocation between CAs and browsers.
It’s meant to be a replacement for the current Certificate Revocation
List (CRL) mechanism for informing browsers when a certificate has been
revoked for some reason.
The details of the attack have raised a
lot of old concerns in the security community about the way that the CA
trust chain is structured. The fact that the attackers were able to
issue themselves certificates for sites belonging to Google, Microsoft,
Yahoo and others by simply compromising the account of a registration
authority–without having to submit an intermediate certificate–has
raised some eyebrows, as well.
“Unfortunately, the practice of issuing certs directly from the root
eliminated some possible steps we could have taken to mitigate the
problem. We are concerned about the amount of trust Comodo seems to have
placed in RAs whose network security they did not oversee,” the company said.
“This issue raises many questions about the systems surrounding
authentication and security on the web. We intend to have a vigorous
discussion about what technical and policy changes we can make to
significantly improve the situation.”
