On 01/08/2013 05:30 PM, Robert Moskowitz wrote:
> I know that I would have to take this to bugzilla if my reading was
> correct. And on further review, I am holding more that way. So I will
> put in the bug report even without being a paying customer. Just my cred
> on working on PKIX back a decade ago and being the architect of the
> Bridge CA model for the US Federal and BioPharma PKIs...
"cred" is frequently unrecognized by developers, so my advice would be
to skip that part. Stick to a description of the problem as you see it,
and what solutions are available. For example:
---
When mod_ssl is installed (and possibly other openssl packages) it
creates a new certificate for localhost using the following command:
/usr/bin/openssl req -new -key /etc/pki/tls/private/localhost.key \
-x509 -days 365 -set_serial $RANDOM \
-out /etc/pki/tls/certs/localhost.crt
In the distributed openssl configuration, this will create an x509 cert
which uses the extensions included in the v3_ca section of the
openssl.cfg file.
If any user connects to a service using such an automatically generated
certificate, and accepts installation of the self-signed certificate
(the default acceptance option in Firefox), it will be stored in their
trusted CA list, as its constraints specify CA:True.
This creates unnecessary risk. Anyone with access to such a certificate
can later sign a certificate for any hostname, and users who have
accepted the self-signed cert will see no warnings. If the command is
modified to specify the v3_req extensions rather than the default, the
resulting certificate will be equally usable, without creating undue
risk for users who accept the certificate.
/usr/bin/openssl req -new -key /etc/pki/tls/private/localhost.key \
-x509 -days 365 -set_serial $RANDOM \
-extensions v3_req \
-out /etc/pki/tls/certs/localhost.crt
----
However, I have no idea how seriously anyone will take the issue unless
there's a broad base of users who request such a change. The situation
can be made slightly better by this change, but making it doesn't make
self-signed certificates less common. As long as self-signed
certificates are common, users will get into the habit of permanently
accepting untrusted certs. If they do that, and the cert specifies that
it is a CA, then they've installed a new CA.
These certs are just a small part of a much larger and more serious
design problem with SSL. User agents (especially Firefox) don't really
make clear that a new cert is a CA, rather than a certificate with more
limited purpose. Users can't really be expected to learn the
difference, either.
I really hope that the whole trust chain aspect of SSL is thrown away
someday soon, replaced by some better model. Convergence.io is one I
really like.