Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Ivan Ristić.

For many, fully protected communication with end-to-end encryption is the ultimate destination of communication protocols. It seems that we got close to it in recent years, finding the right combination of technology, usability, and public awareness and popularity. The deciding factor was the paradigm shift of transitioning to mobile devices and messengers for most of our communication. The latest applications are all promoting their privacy-preserving capabilities in one shape or another.

These developments have not gone unnoticed by governments worldwide. Improvements in the security of network communications are detrimental to signals intelligence (SIGINT), which is at the cornerstone of intelligence gathering. A decade ago, most communications may have been in plaintext. Today, there is less and less data to consume and analyze. As a result, governments have been working continuously to find new sources of information as well as embed themselves in the communication channels.

This month, for example, it came to light that the European Council continues to discuss scanning of all interpersonal communication and is also considering expanding the scope of its legislation to include audio. This came on the back of leaked legal advice that highlights many issues with the proposed plans.

Ashton Kutcher apparently spoke to the European Parliament in support of client-side scanning of private communication. Who knew? Cryptographer Matthew Green is worried that politicians won’t understand what the proposed technology can and cannot do.

In the US, the STOP CSAM Act could make encryption illegal, according to some opinions. According to leaked information, EU and US officials held talks in March and agreed to jointly pursue lawful access to private encrypted information.

If you recall, last month, representatives of leading messenger applications wrote to the British government to oppose the Online Safety Bill. In India, messenger applications are already blocked. This month, Element became the fourteenth messaging app to be blocked by the Central Indian Government.

Short news

Here are some things that caught our attention since the previous newsletter:

• Google has proposed introduction of short-lived certificates, making CRLs mandatory, and making OCSP optional to the CA/Browser forum.
• A group of researchers measured the performance of DNS over Quic across multiple vantage points. They found that it performed 10 percent better than DNS over HTTP (DoH) and only 2 percent worse than the dominant (but unprotected) DNS over UDP.
• After MSI fell victim to a ransomware attack, its code-signing certificate was leaked, opening a door to new attack vectors.
• In a series of tweets, Jan Schaumann looks into how Certification Authority Authorization is used globally.
• Anything you publish online can potentially become a part of your public API. Google has been wanting to shut down the v2 version of its CT log list since August 2022. Unfortunately, this hasn’t been easy due to the fact that there is an Android library that depends on the v2 URL, leading to many apps that will now need to be updated. Some developers were not even aware of this dependency.
• The Security Cryptography Whatever podcast spoke to the team behind WhatsApp’s key transparency.
• The Trail of Bits blog reported on the recent Real World Crypto Symposium.
• Twitter launched encrypted direct messages, the security of which is lacking compared to the current state of the art. They offer no forward security nor protection against active network attacks.
• Matthew Green wrote about pseudorandom functions, an often-neglected primitive that’s critical in cryptography.
• Did you know that there’s an implementation of TLS 1.3 in JavaScript? It’s called subtls. There’s a very effective demonstration of the library in action, showcasing a web page that fetches itself and showing all the diagnostic information.
• Certify Certificate Manager, which provides management of ACME certificates for Windows, is about to have its sixth release.
• Rustls is a modern TLS library written in Rust.
• Neil Madden wrote about hash shucking, an interesting attack vector against certain password storage schemes.
• NIST is seeking comments on its project that aims to standardize controlled decryption of TLS 1.3 in enterprise environments.
• In response to the rumors of Linux’s disk encryption being unsafe, dys2p published a detailed analysis.
• RFC 9399 adds support for storing logos in X.509 certificates.
• The Chrome team announced that they will be removing the lock icon that indicates retrieval of content over an encrypted connection.
• DigiCert released Corey Bonnell’s pkilint certificate linter under an open-source license. This new linter is designed to support a variety of structures, including certificates, CRLs, and the like.
• If you haven’t followed quantum computing conversations in recent years, this explainer from Financial Times might be of interest.