Re: SSL Bump Certificate Blacklist

From: Fabian Hugelshofer <fh_at_open.ch>
Date: Fri, 16 Sep 2011 08:55:36 +0200

Hi Alex,

Thank you for your reply.

On 09/15/2011 06:31 PM, Alex Rousskov wrote:
> On 09/15/2011 09:17 AM, Fabian Hugelshofer wrote:
>
>> You probably all have heard about the compromise of the DigiNotar CA
>> [1]. This CA operated as intermediate certificate authority in several
>> trust chains. One of this chains is the "Staat der Nederlanden Root CA".
>> This CA has not revoked the DigiNotar intermediate CAs until today.
>>
>> Popular Browsers (at least Mozilla, IE, Chrome) have implemented
>> blacklists that block certificates that are known to be fraudulent or
>> are signed by a compromised CA. Chrome blocks certain serial numbers of
>> server certificates and certain hashes of CA certificates [2]. QT blocks
>> certain combinations of serial numbers and common names [3]
>>
>> As I understand it is currently not possible to protect users of Squid
>> with SSL bump from certificates that have been issued by the DigiNotar
>> intermediate CA in the Staat der Nederlanden hierarchy (as long as this
>> root is not removed from the list of trusted CAs).
>>
>> Are there already plans to implement similar blacklists or ACLs in Squid
>> similar to what most browsers did?
>>
>> How would you implement such a blacklist? Would you introduce a new ACL
>> that can be used to black- or possibly whitelist certain certificates?
>
>
> Can we rely on OpenSSL library and its Certificate Revocation Lists
> support? Have you tried using CRL for this purpose? I see Squid code
> that loads CRLs but I have not tested it.

CRLs are generally usefull for such things. The DigiNotar CAs that have
been cross-signed by Cybertrust and Entrust have been revoked in the
corresponding CRLs and can be blocked. But the CRLs do not help in the
"Staad der Nederlanden" hierarchy.

DigiNotar does not seem to have full logs of which certificates have
been issued or the logs have been manipulated. Their CRLs cannot be
trusted to be complete.

Using the CRL of the "Staat der Nederlanden" CAs that cross-signed
DigiNotar intermediate certificates is not possible as these CAs have
still not revoked the compromised intermediate DigiNotar CA certificates.

A blacklist would basically work like a CRL but is in under control of
the Squid administrator. Without such a mechanism, manually issuing CRLs
for a certain CA is not possible because the CRL has to be singed by the
CA that issued the certificates.

>> What would you use to identify the certificates?
>> - Serial number?
>> - Serial number and common name?
>> - Serial number and issuer?
>> - Fingerprint (might not be available in each case)?
>
>
> I hope somebody already answered these important questions in general
> CRL context!

CRLs use the serial number in combination with the issuer.

Regards,

Fabian
Received on Fri Sep 16 2011 - 06:55:41 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 16 2011 - 12:00:05 MDT