Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Maintained by Hanno Böck.

The credit card company Visa operates a TLS certificate authority that is currently trusted by all major browsers. Visa doesn’t sell certificates to end users; the certificates are used for their own services and by some banks. Lately, questions have arisen about the operations of the Visa CA.

Mozilla’s Wayne Thayer started a discussion about this issue on the Mozilla policy list and created a Wiki page listing issues with the Visa CA. These issues include incomplete security audits that are required according to the Baseline Requirements, multiple violations in which Visa has issued certificates with substandard security (SHA1, 1024-bit RSA keys), and malformed certificates. In many instances, Visa has not revoked the certificates in a timely manner.

No representative from Visa has participated in the discussion on the Mozilla policy list, which is unusual. Certificate authorities are expected to explain how they will solve issues and prevent them from happening in the future if such issues are raised.

Google developer Ryan Sleevi thinks Visa’s inaction should have consequences: “Given the past issues, the recently identified issues (that appear to have been longstanding), and the new issues that Visa's PKI Policy team is actively engaging in, I believe it would be appropriate and necessary to consider removing trust in this CA.”

Visa has not responded to our requests for comments.

Short news

• Thai Duong from Google wrote about Tink, an open-source cryptographic library that is trying to avoid usual pitfalls and mistakes in the use of cryptography.
• A blog post discussed how Certificate Transparency can be a useful tool for bug hunters to search for subdomains.
• A cross-site scripting vulnerability in implementations of the ACME protocol has been found by Frans Rosén and Linus Särud from the Detectify company. Some ACME implementations reflect the filename in the URL, and in certain circumstances they reflect HTML code with a text/HTML mime type. Rosén and Särud found two unnamed hosting providers that were affected. After learning about this vulnerability the author of this newsletter found an identical vulnerability on domains hosted at the OVH company.
• Bert Hubert, the developer of PowerDNS, wrote a comment on DNS over HTTPS and criticized Mozilla for its plans to use Cloudflare as a centralized DNS over HTTPS provider.
• OpenSSL has released version 1.1.1, the first version supporting the final TLS 1.3 protocol.
• Noblis announced that it’s factored RSA230, a 762-bit number. RSA230 was part of a challenge announced in 1991 for factoring large numbers.
• A research team has published a formal security proof for PKCS #1 1.5 RSA signatures.
• A paper investigated OCSP Must-Staple and identified several issues that need to be overcome for wider deployment.
• A remote code execution vulnerability has been found in apk, the package manager of Alpine Linux. Like many other package managers, Alpine doesn’t use HTTPS, which would mitigate the impact of such vulnerabilities.
• Cloudflare has announced its crypto week in September, during which it enabled multiple cryptography-related features. These include support for the Roughtime secure time protocol, support for RPKI in BGP and a corresponding Certificate Transparency log, changes to the way Cloudflare handles Tor connections, and more DNSSEC features. Also, Cloudflare recently announced support for QUIC and encrypted server name indication (ESNI).
• A not-yet-published attack about DNS spoofing to trick domain validation has made some media headlines. Bert Hubert explained what was known until now and on what previous research this is probably based.
• In a blog post, Guillaume Fortin-Debigaré described his experiences trying to get a certificate revoked after changing his web host. He particularly criticized Comodo for failing to revoke the certificate within the twenty-four-hour timeframe expected by the Baseline Requirements.
• A research paper posted on Arxiv investigates certificate compliance with Certificate Transparency.
• After several reports of nonlogging of certificates for which it had given out SCTs, a Certificate Transparency log from CNNIC has been disqualified by Google. CNNIC once operated a CA, but trust for it was removed years ago after illegitimate certificates had been issued.
• The Java 11 release adds support for TLS 1.3, ChaCha20/Poly1305, Curve25519, and Curve448.
• Apple invited interested people to its CT policy days in November, an event that will include presentations and discussions about Certificate Transparency.
• A bug in a prerelease version of OpenSSL 1.1.1 causes connection failures with TLS 1.3. It will try to establish a connection with a draft version which will later fail. People using prerelease versions of OpenSSL 1.1.1 should switch to the final version as soon as possible.
• A paper titled “The Sorry State of TLS Security in Enterprise Interception Appliances” investigates security problems caused by TLS interception products.