On 01/08/2013 05:30 PM, Robert Moskowitz wrote:
I know that I would have to take this to bugzilla if my reading was correct. And on further review, I am holding more that way. So I will put in the bug report even without being a paying customer. Just my cred on working on PKIX back a decade ago and being the architect of the Bridge CA model for the US Federal and BioPharma PKIs...
"cred" is frequently unrecognized by developers, so my advice would be to skip that part. Stick to a description of the problem as you see it, and what solutions are available. For example:
---
When mod_ssl is installed (and possibly other openssl packages) it creates a new certificate for localhost using the following command: /usr/bin/openssl req -new -key /etc/pki/tls/private/localhost.key \ -x509 -days 365 -set_serial $RANDOM \ -out /etc/pki/tls/certs/localhost.crt
In the distributed openssl configuration, this will create an x509 cert which uses the extensions included in the v3_ca section of the openssl.cfg file.
If any user connects to a service using such an automatically generated certificate, and accepts installation of the self-signed certificate (the default acceptance option in Firefox), it will be stored in their trusted CA list, as its constraints specify CA:True.
This creates unnecessary risk. Anyone with access to such a certificate can later sign a certificate for any hostname, and users who have accepted the self-signed cert will see no warnings. If the command is modified to specify the v3_req extensions rather than the default, the resulting certificate will be equally usable, without creating undue risk for users who accept the certificate. /usr/bin/openssl req -new -key /etc/pki/tls/private/localhost.key \ -x509 -days 365 -set_serial $RANDOM \ -extensions v3_req \ -out /etc/pki/tls/certs/localhost.crt
----
However, I have no idea how seriously anyone will take the issue unless there's a broad base of users who request such a change. The situation can be made slightly better by this change, but making it doesn't make self-signed certificates less common. As long as self-signed certificates are common, users will get into the habit of permanently accepting untrusted certs. If they do that, and the cert specifies that it is a CA, then they've installed a new CA.
These certs are just a small part of a much larger and more serious design problem with SSL. User agents (especially Firefox) don't really make clear that a new cert is a CA, rather than a certificate with more limited purpose. Users can't really be expected to learn the difference, either.
I really hope that the whole trust chain aspect of SSL is thrown away someday soon, replaced by some better model. Convergence.io is one I really like.