Cryptography & Security Newsletter

Feisty Duck’s Cryptography & Security Newsletter is a periodic dispatch bringing you commentary and news surrounding cryptography, security, privacy, SSL/TLS, and PKI. It's designed to keep you informed about the latest developments in this space. Enjoyed every month by more than 50,000 subscribers. Written by Ivan Ristić.

In January 2024, CA/Browser Forum voted to adopt Certification Authority Authorization (CAA) for S/MIME certificates. There were nineteen votes cast, supporting ballot SCM05. CAs are recommended to adopt the new CAA features by September 15, 2024; support will become mandatory on March 15, 2025.

CAA was initially published as an RFC in 2013 (RFC 6844, obsoleted in 2019 by RFC 8659), but it took four years for the CA/Browser Forum to adopt it for server certificates. Since then, a variety of minor extensions have been added, all for control of server certificate issuance. We wrote more about the new features in our February 2023 newsletter. CAA for S/MIME certificates is a recent improvement, having been published as RFC 9495 in October 2023.

In the anticipation of the new CAA features, now is a good time to start planning your organization’s default CAA configuration. Most companies will not use S/MIME certificates, so it may be prudent to disallow all such issuance. Here’s an example configuration with a mix of issue, issuewild, and issuemail properties:

example.com.  CAA     0 issue "letsencrypt.org"
example.com.  CAA     0 issuewild "digicert.com"
example.com.  CAA     0 issuewild "entrust.com"
example.com.  CAA     0 issuemail ";"
example.com.  CAA     0 iodef "pki@example.com"

Short News

Here are some things that caught our attention since the previous newsletter:

• The Mammoth2024h1 CT log died because the server ran out of disk space, a situation that led to catastrophic MySQL failure. Maybe Trillian (Google’s CT log implementation) should have been built around PostgreSQL instead?
• A new episode of the Security Cryptography Whatever podcast features Jon Millican and Timothy Buck, talking about Facebook’s journey toward end-to-end encryption.
• Andrew Ayer released another tool to help understand CA issuance practices. DCV Inspector monitors DNS, HTTP, and SMTP requests made during certificate issuance. Here’s one example, via Ryan Hurst.
• A story came out claiming that a Dutchman named Erik van Sabben deployed the infamous Stuxnet virus into the Iranian nuclear complex.
• A proposal aims to introduce TLS Trust Expressions to make it easier for servers to serve certificate chains that will be considered valid by a range of diverse clients.
• Registration for RWC 2024 is now open! Hurry up.
• In another edition of Cryptography Dispatches, Filippo Valsorda writes about his work on implementing the ML-KEM-768 post-quantum algorithm (formerly Kyber) in Go. A lot of effort went into building a good collection of test vectors. On a related note, these test vectors are also published separately in the Community Cryptography Test Vectors (CCTV) project.
• Fastly migrated to BoringSSL, leaving OpenSSL behind.
• Sevnx writes about building a password cracker in 2024 in a blog post.
• Four cybersecurity agencies—German BSI, French ANSSI, Dutch NLNCSA, and Swedish NCSA—released a joint position paper on quantum key distribution with a negative outlook. The NSA agrees.
• In July 2022, the UK security services acted on the content of a private Snapchat message.
• Keybase had an outage because its private root expired after ten years in use.
• In a blog post, D. J. Bernstein explores why NSA and GCHQ discourage hybrid encryption schemes.
• Job Snijders looks back at what happened in the RPKI space in 2023 on the NANOG mailing list.
• Further information about the TETRA vulnerabilities was released at the 37th Chaos Communication Congress in a presentation titled “All Cops Are Broadcasting” (a video of the presentation is available).
• Some leaked code signing certificates use weak passwords, making it possible to use brute-force attacks successfully.
• Read The Zen Guide to Routing Security Policy: Towards a Unified and Replicable Government Networks Routing/BGP Security Policy.
• Spain’s second-largest mobile operator, Orange España, was compromised in January, with its routes changed. RPKI performed as expected.
• Muzamer Mohd Azalan writes about Telekom Malaysia’s RPKI deployment in a blog post.
• Matt Palmer writes about the pwnedkeys project and how the matching certificates are identified and published on his blog.
• Trail of Bits built a new library for path building, in Rust with Python bindings. In addition to the functionality itself, a big contribution of this project is a library of test cases that can be used in other projects.
• CyBOK released toddler guides for cybersecurity and cryptography.
• The post “RSA Is Deceptively Simple (and Fun)” discusses how easy it is to botch RSA public key encryption (see also the Hacker News discussion).
• The EU’s Cyber Resilience Act has been updated to make allowances for open-source development in the context of liability for security defects.
• AWS will no longer query WHOIS data during certificate issuance validation, citing declining lookup success rates—only 5 percent!
• Apple is hiring a PKI compliance and audit program lead, responsible for leading and executing Apple PKI’s compliance program to ensure compliance with the CA/Browser Forum Baseline Requirements, root program policies, WebTrust, and other external and internal policies.
• Support for post-quantum cryptography is now in Firefox nightly.
• The Cryptographic Applications Workshop is a conference inspired by the Real World Crypto Symposium that focuses on the construction and analysis of cryptography built for practical applications.
• In 2017, one in three machine-readable passports could not be verified for authenticity due to implementation issues (via Ryan Hurst).
• There’s a website that traces the history of Alice and Bob, the world’s most famous cryptographic couple. Ironically, the authors have not configured it with a valid certificate. ¯\_(ツ)_/¯