Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Hanno Böck.

The development of the WebTransport browser API has led to discussions about the nuances of the use of TLS without Web PKI certificates.

The WebTransport API has been proposed to give browsers a low latency mechanism to exchange messages with a server. One possible use case is gaming.

The specification has a feature that allows for identifying a server not via a certificate signed by a certificate authority from the Web PKI but by identifying the certificate with a hash. Because the hash is provided by code from a web page that itself needs to use HTTPS, the hash is indirectly authenticated. Chrome is expected to implement this feature soon, under the name serverCertificateHashes.

There were some lengthy discussions about the security properties of this mechanism in a GitHub issue posting tied to the WebTransport specification. Notably, a mechanism using certificates not issued via the Web PKI does not benefit from Certificate Transparency, and there is no revocation mechanism. Also, certificate authorities are usually expected not to issue certificates affected by known security vulnerabilities if they can identify them. However, it should be noted that with WebRTC, an existing specification already uses self-signed certificates that are not issued by the Web PKI.

One way the specification tries to mitigate this is by restricting the lifetime of the certificates to two weeks.

In a related blog post, Chrome developer Emily M. Stark discusses various ways of using non–Web PKI certificates in browsers, as well as the WebRTC and WebTransport certificate mechanisms.

Short news

• Let’s Encrypt announced that it has discovered some irregularities regarding the issuance of certificates with the TLS-ALPN-01 validation method. Two changes have been made: TLS versions before 1.2 are no longer supported for the ALPN connection, and an old, unofficial OID has been deprecated. Let’s Encrypt has announced that it will revoke all certificates issued with the old validation method on January 28. Most clients don’t use the ALPN validation method, but around 1 percent of certificates are affected. Users who are using this validation method should replace their certificates quickly. A thread in the Let’s Encrypt forum contains links to documentation for the most popular clients and provides a place where questions can be asked. Let’s Encrypt has announced that it will provide more details about the incidents “in the next few days.”
• A talk about the post-quantum algorithm Kyber was presented at the online rC3 conference.
• As part of a continuing series of blog posts about DNS security, Eric Rescorla covers DNS transport security this month.
• Scott Helme discusses plans for the EU’s Digital Identity Framework and QWAC certificates, which are an attempt to bring a concept similar to EV certificates into the framework (Mozilla and the Internet Society have previously been critical of these proposals, as mentioned in our November newsletter).
• Jason Donenfeld has made some updates to the Linux kernel’s random number generator, notably replacing SHA1 usage with BLAKE2 and reducing the number of RDRAND calls, which results in a significant performance improvement. The changes will likely be part of the next kernel, version 5.17.
• A blog post from the Working Group Two (WGTWO) company explains the ASN.1 encoding.
• Andrew Ayer reports about a recent incident in which emails to Comcast couldn’t be delivered due to a configuration mistake in MTA-STS.
• A paper published to the Cryptology ePrint Archive looks at the history of cryptographic key sizes and how they have been determined.
• GnuTLS has released version 3.7.3, which fixes a race condition.
• The latest “Security. Cryptography. Whatever.” podcast discusses mutual TLS (mTLS), with Colm MacCárthaigh as a guest. In response to the podcast, Neil Madden discusses the use of mTLS in combination with OAuth.

Interesting Jobs

Here are some interesting jobs we've come across in the last month:

• Software Engineer, Privacy, Safety, and Security, Google - via @rmhrisk
• Security Engineer, Certificate Authority, Google - via @rmhrisk
• People Manager for Engineers, ISRG - via ISRG
• Cyber Security Solutions Engineer - Schwachstellen und Policy Compliance Management, Finanz Informatik (Germany)
• Threat Intelligence und Vulnerability Analyst - CDC , Finanz Informatik (Germany)

If you know of similar jobs that our readers might be interested in, for example cryptography, TLS, or PKI, let us know and we may add them to future newsletters.