-
Notifications
You must be signed in to change notification settings - Fork 523
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
certificate revocation, OCSP and CRLite #1576
Comments
The point of hard-fail is BECAUSE soft fail is not a real solution. No way am I flipping that (1212). YMMV and that's why there is a I'm not entirely sure, but if you follow what ma1 said, Tor is a special case as the OCSP plaintext request is only seen by the exit node (or rather observed as being sent to the exit node). IDK if that's accurate, TBH. I also wonder if exit nodes cause latency and more OCSP failures than normal. Goes without saying that the CA sees the request as well, but in Tor you are two layers behind it (if ma1 is correct). What I did say was that I was inclined to align with TB (and LW) depending on what they came up with, regards crlilte mode: i.e 2 vs 3 - and the entire narrative has been driven by you and me anyway, so ma1's just parroting what we dug up, because it makes sense :) Good parrot :) So we have the option of mode 2 or 3. Mode |
I would argue that hard-fail is not a solution either: while trying to solve a security issue you could very well introduce another one (eg. denial of service, I block your way to CAs and you can't use a part of the internet now), plus all the usability downsides. it's a very extreme scenario but it's further proof, alongside the article I linked above, that it is not the way to go. I think ma1 is correct about exit nodes, but the real point here is that it doesn't matter if OCSP is plain text, because the exit node can already see the websites you visit if it looks hard enough: in the case of Firefox this is also true, your LAN and ISP (or your VPN provider if you use one) can already see the destination of your packets if they want to. PS I think you inverted modes 2 and 3 in the above comment |
The only way that can (in some cases, if they really need, they would prefer to shut down the Internet completely, if they cannot control it) anyhow deter the MiTM cyberattack is that there must be total disruption of services in the case when secure Internet operation of them is made impossible, without any possibility to satisfy the blackmailers.
|
Yes. We all know OCSP is not a full/final solution - that's why CRLite exists. But soft-fail is means you are at risk. Hard-fail means you are not. Capisce!
That's not a security risk because you're hard-failing. Even if someone wanted to DDoS you (and you are insignificant), even if they didn't attack you but happened to attack a CA and affect your traffic, then all it means is inconvenience, no risk. I will not be disabling hard-fail as a default. Users can override if they are constantly affected
it's about reducing the connections to a CA and the amount of plaintext. In Tor, the ISP doesn't see it. With a VPN, the ISP doesn't see it. Of course the proxy or ISP-with-no-proxy will see it. That's not the privacy issue |
potentially OCSP traffic could be blocked at any point of the path towards the CA, so there are several ways in which hard-failing makes you prone to DDoS. I know it's not as relevant for a browser when compared to strong certificate mechanism, but not being able to access websites because of a malicious actor is an attack. but if you want to keep hard-fail because you prefer that side of the trade-off (there's one indeed so I don't blame ya) it's fine.
connections to the CA I get it because of the IP address, but what's the deal with plaintext really? I don't see it, IP headers are still unencrypted so no need to look at hashes and serial numbers IMO. enough OT anyway, this is just me being petty, bad fish 🎣
the browser can tell if it received a response or not, and error codes for responses exist. also the response status is signed with the same key that signed the certificate, meaning it must be produced by a valid responder.
if you can't trust the whole certificate infrastructure then yeah. I don't think there's a solution in that case, at least not one related to failing strategy. as for point 4, I like CRLite but I'm nobody so.. |
this is interesting edit: title is misleading: we know revoked certs are being sent to crlite, it's in their telemetry results |
I hope it's not off-topic, but recently I started getting this error on seemingly safe websites like Distrowatch and even Mozilla's own Bugzilla:
To "solve" this, I currently set Thank you! |
rather than change /* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
* [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR
* snip ***/
user_pref("security.OCSP.require", true); if it is repeatedly happening and is becoming a PITA, then add it as a permanent override and revisit it in 3 months.
I don't think so, but I've never had this issue myself so haven't dug deeply, and it's not a normal FF config, so I doubt it - I mean the user chose to hard-fail |
https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html Does this mean |
why? ocsp as a fallback is perfect - the fact that let's encrypt will be using crl only makes crl better, not perfect |
Oh. It's the one pref that gives me the most grief when using AF. https://bugzilla.mozilla.org/show_bug.cgi?id=1908714 |
users can add an override if it's problematic - it's one of like 8 things to worry about for usability - so I am not likely to change it just yet I need to rethink this at some stage
hopefully one day we can just use crl - good things take time |
what we have atm
some data
proposal
this should also be what TB does moving forwards.
1212
could be moved to section5500
,1211
could be moved to6000
waiting for mozilla to eventually get rid of OCSP once CRLite is mature enough.The text was updated successfully, but these errors were encountered: