Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Maintained by Hanno Böck.

Let's Encrypt downtime

Google has proposed taking very severe steps against Symantec due to violations of its responsibilities as a certificate authority. In January, it became known that Symantec had issued several certificates for domains that weren't requested by their owners. These certificates were created by the South Korean company Crosscert, to which Symantec had given access to its certificate issuance infrastructure.

Over the course of the investigation, it became clear that multiple companies had been given similar access to Symantec's infrastructure without sufficient oversight. Symantec knew about some of the problems and didn't come forward with that knowledge. All together, around 30,000 certificates have been issued by these companies.

Google now plans to phase out all currently valid Symantec certificates. Via several steps, the Chrome browser would distrust certificates with certain validity times. In the end, Symantec would only be allowed to issue certificates with a validity of nine months in the future. Also, Symantec would lose its ability to issue Extended Validation (EV) certificates. Although many people question the utility of EV-certificates, they’re a major source of income for certificate authorities due to their higher prices .

Symantec noted that it finds Google’s actions irresponsible. In an emailed statement, as reported by Ars Technica, Symantec wrote: “Our SSL/TLS certificate customers and partners need to know that this does not require any action at this time.”

Short news

• OpenSSL has planned a license change to the Apache License Version 2.0 and asked all former contributors whether they agree to the proposed change. The OpenSSL license has long been unpopular due to its unusual advertising clause. However, the license change to the Apache license is controversial, because it will still mean that OpenSSL is incompatible with GPL version 2. Code under GPL 3 will be compatible, however.
• CA/Browser Forum voted in favor of a rule that will make checking of CAA records mandatory. With CAA, domain owners can set a DNS record that defines which certificate authorities are allowed to issue certificates for it.
• Cloudflare enabled support for TLS 1.3 with zero round-trip handshakes (0-RTT). Although 0-RTT is a win for performance, it’s also a security risk because it can enable replay attacks. Cloudflare tries to solve this problem by restricting 0-RTT to requests for which such problems are unlikely.
• The debate about TLS interception devices continues. US-CERT has issued a warning about the security risks of such devices and software. Martijn Grooten from Virus Bulletin still sees value in TLS interception, despite the security risks that come with it.
• The downtime of Amazon's S3 services caused some problems for one of the Certificate Transparency logs of the company Venafi. The log gave inconsistent replies, which is a severe violation of the responsibilities of a Certificate Transparency log. Future Chrome versions will no longer accept this Venafi log. A second log by Venafi is unaffected.
• Akamai published statistics about the prevalence of support for SNI. SNI is a TLS feature that allows using multiple different certificates for different hostnames on the same IP address. According to these statistics, fewer than 1 percent of users are unable to use SNI.
• Mozilla released NSS version 3.30, which contains mostly bugfixes.
• Supersingular isogenies are a promising method for post-quantum cryptography. They’re mostly considered for key exchanges, but a research paper has presented a signature scheme based on this method.
• David Urbanik wrote a friendly introduction to supersingular isogeny Diffie-Hellman.
• A new compression method for supersingular isogeny Diffie-Hellman keys allows smaller key sizes, but comes with significant performance costs.
• Firefox 55 will restrict the Geolocation API to secure contexts. In Chrome, this is already the case. This is in line with the browser’s plans to restrict powerful features to HTTPS sites.
• Guido Vranken found several minor vulnerabilities in the mbedTLS library.
• A posting on the CFRG mailing list by one of the designers of NTRU indicates that the company owning the patent may put it into the public domain. NTRU is a post-quantum encryption algorithm that has been around for awhile but, because it’s patented, has seen little adoption.
• Comodo started operating two Certificate Transparency logs; also, a log operated by the company PuChuangSida passed the 90-day compliance period.
• Frustrated over the lack of a secure option to access man pages of OpenBSD, Filippo Valsorda started mirroring them on an HTTPS site.
• Brian Campbell provides a demo for Token Binding technology. Token Binding allows applications to cryptographically connect security tokens to a TLS session; it’s currently in a draft state.
• The German government agency Bundesamt für Sicherheit in der Informationstechnik (BSI) has supported the development of version 2.0 of the cryptographic library Botan.
• According to a report on Twitter, an IoT humidifier flooded a room due to an expired TLS certificate. However, no details were provided about the vendor.
• A paper from SBA Research investigates faster methods for Internet-wide TLS scanning.
• TLS 1.3 draft 19 has been published.
• Heroku has added support for automatic TLS certificates for all paid dynos (Linux Containers).
• Chrome on Android now supports AIA, a feature that fetches missing intermediate certificates.
• Andrew Ayer has set up a tool to detect inconsistencies in Certificate Transparency logs via the gossiping feature.
• A new research paper investigates privacy problems in Certificate Transparency and potential solutions.
• The use of modern elliptic curve signatures (Ed25519, Ed448) will soon be possible within X.509 certificates according to Rob Stradling from Comodo. An RFC will be published soon.
• A research paper proposes a new mechanism for certificate revocation in browsers: CRLite.
• Guido Vranken writes about a subtle and hard to spot memory corruption bug in OpenSSL.
• The web page fraudmarc provides a check tool for MTA STS policies and records. MTA STS is a draft for a standard enabling authenticated TLS connections between mail servers.
• snuck.me provides a check for TLS interception and locally installed root certificates.