Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Hanno Böck.

The developers of Chrome and Firefox have announced a major change in the handling of Extended Validation certificates. Previously these certificates were presented with a green bar in front of the URL that shows the company name. This will be removed in future Chrome and Firefox versions. The information now will be visible only when users click on the lock icon and view the connection details.

Extended Validation certificates contain information about a company that’s validated, unlike Domain Validation certificates, for which the only custom information is the host name of the certificate. EV certificates are usually much more expensive.

Many in the security community have questioned the value of Extended Validation. The certificate authority industry has seen EV used to combat phishing, but that relies on users actually noticing the green bar.

The Google document justifying the change mentions several studies that overwhelmingly conclude that users rarely notice the green EV bar and don’t consider it helpful in making security decisions.

Other criticisms about EV certificates were raised by Ian Carroll, who was able to register a certificate for Stripe, Inc by registering a company with the same name.

Also, in several cases EV certificates have been identified with bogus or wrong information, indicating that the validation checks aren’t as thorough as certificate authorities claim. Certificates for companies located in Default City have been issued (Default City is the default location value used by OpenSSL), and others with inconsistent or wrong information are found on a regular basis.

Short news

• Researchers from the University of Hamburg have proposed a way to use a SOCKS proxy for QUIC and DNS connections that results in slightly faster connection establishment and reduced latency.
• OpenSSL has warned of a security problem in its Windows/MinGW configuration that may allow injecting configuration files, modules, or certificates if C:/usr/local is world-writable.
• Cloudflare has introduced a Certificate Transparency monitoring service that helps users spot potentially malicious certificates being issued.
• At Black Hat USA 2019, Sze Yiu Chau presented research on Bleichenbacher’s RSA signature forgery attack from 2006. He found some vulnerable RSA implementations (LibTomCrypt, Openswan, strongSwan) and several libraries that are overly lenient in parsing RSA signatures. (Bleichenbacher’s signature forgery attack should not be confused with Bleichenbacher’s 1998 attack on RSA encryption.)
• In a blog post, Eric Lawrence explains how the Avast antivirus software uses a Chrome feature to log TLS keys (SSLKEYLOGFILE) in order to observe encrypted traffic.
• As Tom Wassenberg noted on Twitter, after he reported finding a compromised key for a certificate from Sectigo, he was later contacted by the affected company via an email that CCed the company’s lawyer. In the letter, the company blamed him for disrupting its business. The company said it had Wassenberg’s contact information because Sectigo had forwarded it to the company. Sectigo later apologized and explained this was due to “human error.”
• Ryan Sleevi from Google proposed a change in the CA/Browser Forum that would further limit certificate lifetimes to 398 days. The current rules set a limit of 825 days. Although many security professionals believe shorter certificate lifetimes are an improvement, there’s disagreement from some CAs, who say this is a problem for their customers. (See comments from CA customers posted by DigiCert and Entrust.) Shorter certificate lifetimes would obviously require more certificate changes, but some believe this is a good thing because it encourages certificate automation.
• A study compares the TLS settings between nonprefixed domains and www subdomains. It finds that there’s often considerable differences and that the www subdomain often has better security.
• In a blog post, Antonio Sanso explains how he found timing vulnerabilities in the DSA and ECDSA implementations of the RSA BSAFE library. He used Google’s Project Wycheproof tool to find these issues.
• In Firefox 71, there will be some changes to the certificate viewer, as reported in an article posted on Ghacks.