Explicitly prohibit MITM certificates #209
Comments
|
I think this prohibition could fit in section 5.2, Forbidden and Required Practices, as a second-to-last sentence and if it were a general prohibition of using certificates for interception, then it would apply to both TLS and S/MIME. "The CA's CP/CPS MUST clearly state that it shall not allow the issuance of certificates with Domain Names or IP Addresses that an applicant does not own or control or allow the use of certificates for eavesdropping, interception, Man-in-the-Middle, or similar uses, [regardless of whether it is ordered by ...]." Not sure what the language should be for that last part, or whether it should be omitted. |
|
The language proposed would seem to prevent CDNs or "Web Application Firewalls", which are used for interception by a security device, by the domain holder, before sending to the 'actual' server. Yes, that's a contrived reading, but it highlights the messiness. While I think in the CP/CPS is good, I do worry that this would lead to "CPS out of date" issues like we're seeing, which seem minor, but are actually used to cover up a non-compliance. I'm hesitant to propose specific wording (because I'm not happy with the wording I'm about to propose yet), but to give a sense of the shape of things, I think the shape is something like that the CA ensures that the domain name registrant, as determined by the IANA-delegated registry, has approved or authorized the request, and that such certificates will not be used to facilitate interception by other parties except at the registrant's authorization. This is, like I said, a bit awful, but I'm trying to cover a number of loopholes here:
|
|
Ben - Based on Ryan's comment, I think you should close this ticket, especially given your reasons for creating it:
|
|
It doesn't have to be part of the Mozilla Root Store Policy, but I don't want to close this issue unless we can come up with some alternative language to recommend for CAs to adopt in CPs/CPSes as a "Recommended Practice". I don't think CAs should enable surreptitious "eavesdropping, interception, or Man-in-the-Middle attacks" Relying on required domain validation alone doesn't hit the point home, in my opinion. |
|
I'm going to leave this open for a while for discussion-and-refinement purposes. |
|
I wonder what will happen with this in the context of proposed eIDAS changes. |
|
Is there any history of an explicit MITM certificate being included in the Mozilla root certificate store? I wrote a policy that prohibited this at the Intermediate level for health care data for S/MIME. |
It should be clear that Mozilla doesn't tolerate the use of TLS certificates to intercept encrypted communications, but other than section 7.1 describing reasons to deny inclusion requests, this policy is not explicitly stated. Consider requiring CAs to state in their CP/CPS that they will not issue certificates for MITM purposes. This could help CAs to refuse such a request and make distrust resulting from such an act easier.
Of course, CAs aren't permitted to delegate domain validation so MITM shouldn't be possible with a publicy-trusted cert. This proposal can be though of as an additional safeguard.
The text was updated successfully, but these errors were encountered: