Russia preparing for MitM

5,419 views
Skip to first unread message

MCC CS

unread,
Mar 10, 2022, 3:02:50 PM3/10/22
to dev-secur...@mozilla.org
Dear all,
 
I hope this is the correct place to start this discussion.

Today it was reported that (https://bugzilla.mozilla.org/show_bug.cgi?id=1758773)
Russia is distributing a Root CA (https://crt.sh/?id=6316640888), which according to one user,
an ISP said it was mandatory. The certificate can be downloaded from the third button on https://www.gosuslugi.ru/tls
Although at present there's no MitM, it's likely that government websites
will start using this and once adoption is high enough Russia will perhaps start MitM.

Considering that the ISP was told it was mandatory, the certificate is worth urgent consideration.

An option we can consider is to allow the certificate for only the websites linked on gosuslugi.ru
Because of retaliation, Russia might be seen correct to reduce their reliance on Western certs.
To minimize the damage on Russian users, by allowing the root certificate for only the listed websites OR for
all .ru domains, the risk of MitM will be negated and the given reason of "reducing reliance on Western certs"
will be resolved. If the certificate is blocked completely, Russia-based users could be harmed further,
as they would have to follow the government against interventions of Mozilla et al, who are vulnerable
to name-and-shame in case if certificates currently used by RU companies are revoked.

I decided to start this thread to accelerate the examination of this certificate. Many thanks

Matthew Hardeman

unread,
Mar 10, 2022, 3:26:28 PM3/10/22
to MCC CS, dev-secur...@mozilla.org
There's certainly a history of Russia insisting on at least DNS and/or TLS SNI transparency.

For example, Russia once banned access to all Amazon AWS IP space and a lot of Google space because these services were permitting "domain fronting", in which intentionally presenting a Host: header different from the requested SNI name was being accepted and the request was proceeding per the Host label.

Not being able to track what sites Russian users were visiting, even without seeing the content, was apparently a red line even back in 2018.

With the various sanctions involved, I can see why Russia would respond this way.  Someone has to issue certs for their sites, after all, and many CAs are now unable to.

Is there any reason to believe that browsers responding to this root won't just lead to mandatory Russian browsers?

--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/trinity-9d689c1a-13b1-4c2a-8eaa-a59ae6cdeb2e-1646941533378%403c-app-mailcom-bs15.

ValdikSS ValdikSS

unread,
Mar 10, 2022, 8:16:56 PM3/10/22
to dev-secur...@mozilla.org, mhar...@gmail.com, dev-secur...@mozilla.org, MCC CS
I won't rule out the possibility of this CA to be used for MiTM some day, but you should be aware that Thawte has revoked the certificates issued for the sanctioned banks, and more likely it's just a second option/last resort PKI chain for a "doomsday".

For example, VTB:
https://crt.sh/?id=5828347935
https://crt.sh/?id=6218871547
https://crt.sh/?identity=vtb.ru&iCAID=62131 (all of them)

Promsvyazbank:
https://crt.sh/?id=4582341817
https://crt.sh/?id=2713661323
https://crt.sh/?q=psbank.ru&iCAID=62131  (all of them)

The Central Bank of Russia (Centrobank):
https://crt.sh/?id=2355590937

Such development is understandable in the current situation when many foreign services and even transit ISPs don't want to continue the service, but I doubt they will try to break the internet with MiTM such blatantly: the blocks of "offending" websites are more likely, as we've seen for years.

MCC CS

unread,
Mar 11, 2022, 2:19:17 AM3/11/22
to dev-secur...@mozilla.org
 

but you should be aware that Thawte has revoked the certificates issued for the sanctioned banks, that Gosuslugi email text is correct.

I understand, what I propose is shipping Firefox with the certificate built in, so that Firefox doesn't lose Marketshare, and limit the certificate to .ru domains, so that MitM crisis is averted.

ValdikSS ValdikSS

unread,
Mar 11, 2022, 2:31:29 AM3/11/22
to dev-secur...@mozilla.org, MCC CS
On Friday, March 11, 2022 at 10:19:17 AM UTC+3 MCC CS wrote:

I understand, what I propose is shipping Firefox with the certificate built in

It doesn't work that way. Any browser or operating system won't include the certificate unless it complies with CA/B requirements: https://cabforum.org/
There are technical requirements for the CA and certificates it issue, which Ministry of Digital's PKI fails right away, usage requirements and policy requirements, which they don't state, etc.

Matthew Hardeman

unread,
Mar 11, 2022, 11:00:12 AM3/11/22
to dev-secur...@mozilla.org
On Fri, Mar 11, 2022 at 1:31 AM 'ValdikSS ValdikSS' via dev-secur...@mozilla.org <dev-secur...@mozilla.org> wrote:

There are technical requirements for the CA and certificates it issue, which Ministry of Digital's PKI fails right away, usage requirements and policy requirements, which they don't state, etc.

Yes, even if it were desirable, I think there are certificate profile problems with that root. 

Matthew Hardeman

unread,
Mar 17, 2022, 3:47:36 PM3/17/22
to dev-secur...@mozilla.org
Isn't VTB one of the banks subject to sanctions and who have likely had revocations from other CAs?

If so, this may be properly issued at VTB's request?

On Thu, Mar 17, 2022 at 2:35 PM Ferdinand Vroom <ferdinand...@gmail.com> wrote:

 1 s:C = RU, O = The Ministry of Digital Development and Communications, CN = Russian Trusted Sub CA
   i:C = RU, O = The Ministry of Digital Development and Communications, CN = Russian Trusted Root CA

echo | openssl s_client -showcerts -verify_depth 2 -connect online-alpha.vtb.ru:443
CONNECTED(00000198)
depth=1 C = RU, O = The Ministry of Digital Development and Communications, CN = Russian Trusted Sub CA
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = RU, ST = St. Petersburg, L = St. Petersburg, O = VTB Bank (PJSC), OU = IT Department, CN = online-alpha.vtb.ru
verify return:1
---
Certificate chain
 0 s:C = RU, ST = St. Petersburg, L = St. Petersburg, O = VTB Bank (PJSC), OU = IT Department, CN = online-alpha.vtb.ru
   i:C = RU, O = The Ministry of Digital Development and Communications, CN = Russian Trusted Sub CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar  4 14:59:21 2022 GMT; NotAfter: Mar  4 14:59:21 2023 GMT
-----BEGIN CERTIFICATE-----
MIIGfTCCBGWgAwIBAgIDERAEMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNVBAYTAlJV
MT8wPQYDVQQKDDZUaGUgTWluaXN0cnkgb2YgRGlnaXRhbCBEZXZlbG9wbWVudCBh
bmQgQ29tbXVuaWNhdGlvbnMxHzAdBgNVBAMMFlJ1c3NpYW4gVHJ1c3RlZCBTdWIg
Q0EwHhcNMjIwMzA0MTQ1OTIxWhcNMjMwMzA0MTQ1OTIxWjCBjzELMAkGA1UEBhMC
UlUxFzAVBgNVBAgTDlN0LiBQZXRlcnNidXJnMRcwFQYDVQQHEw5TdC4gUGV0ZXJz
YnVyZzEYMBYGA1UEChMPVlRCIEJhbmsgKFBKU0MpMRYwFAYDVQQLEw1JVCBEZXBh
cnRtZW50MRwwGgYDVQQDExNvbmxpbmUtYWxwaGEudnRiLnJ1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDOK99zY4vwINe8e/ReecM05zh/HeeJqlIT+
2xWXJuum2MerARuIXglwFC7RzrUZKOqrm/7VXr02X120TDiRYsncNzbC/COlK+JW
4ou0QqGj8+9FknprNcdtsOVlHDMwBKO1OOtz9cBeDBo6tQUkby6pwQHUhPMnHQoQ
yJ6SdwtZfZ8E4jkp+wXqCXdtKzeJAfuyZ0O7bdy7sqnV7UeNDNbwtEFtUtJE5Bqw
IKXgL8L/u4e+SpJg2SS/GE2MeVVR+y/rzC2MJs5MpQwDch9lZzshSAYIa22JXSQb
sEuJZ0L2yLsvUNo3udlMLJ3xTVDbmxIC7IsYsIoc63Kn2+7C0QIDAQABo4IB/zCC
AfswHQYDVR0OBBYEFMCAWwE4HUNpBN+TfJeM0LhneCQEMB8GA1UdIwQYMBaAFNHh
cQ0LLYFObopKj0wjs0xeq2kLMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMBMGA1Ud
JQQMMAoGCCsGAQUFBwMBMIHEBggrBgEFBQcBAQSBtzCBtDA6BggrBgEFBQcwAoYu
aHR0cDovL3Jvc3RlbGVjb20ucnUvY2RwL3N1YmNhX3NzbF9yc2EyMDIyLmNydDA6
BggrBgEFBQcwAoYuaHR0cDovL2NvbXBhbnkucnQucnUvY2RwL3N1YmNhX3NzbF9y
c2EyMDIyLmNydDA6BggrBgEFBQcwAoYuaHR0cDovL3JlZXN0ci1wa2kucnUvY2Rw
L3N1YmNhX3NzbF9yc2EyMDIyLmNydDCBpAYDVR0fBIGcMIGZMIGWoIGToIGQhi5o
dHRwOi8vcm9zdGVsZWNvbS5ydS9jZHAvc3ViY2Ffc3NsX3JzYTIwMjIuY3Jshi5o
dHRwOi8vY29tcGFueS5ydC5ydS9jZHAvc3ViY2Ffc3NsX3JzYTIwMjIuY3Jshi5o
dHRwOi8vcmVlc3RyLXBraS5ydS9jZHAvc3ViY2Ffc3NsX3JzYTIwMjIuY3JsMB4G
A1UdEQQXMBWCE29ubGluZS1hbHBoYS52dGIucnUwDQYJKoZIhvcNAQELBQADggIB
AC2vO+1k4mhFFhuSZ6BCvV+fwJ27OBbutuGiofV4MVPLcN5tj3Dv0uKfbimc5CGT
UEg5kjxNRE2ivH8ahezT47jSB7CrGNV03ePl2mmY0l3GCQAnxEVZ35Ltd8NfXio6
6edCRwxDoBm3qazxPpcjNhsZ7TV2w6kZ00CdcF+CpEhplN5TnhUlQDzXfJaBnvGm
bekkAZw9YKyTrZ7/8yaEHPGVkzZ/OD+wUkPNdB317sy+OcEud93vejK5Fh+WE3Gt
aL4WTK5qrvl2/zzhPdsO23AY3Uum4d+7wMIOzbjdFxCA1hGn3v7gSqw5FHjt93Gz
HYzgZepoE5cPYUeRF3ZXwACEnia7DGutWIDLiwzJpCZj6Ty1I+hP4ehNKiapfIE6
MpkswtMfx4J/79iILswxC064eqikY+z7VNyhijvfeINa0LhCt2YmLMksyPO8yIpx
Xr0hXBCDeas4taS2BAcWFtpcBNe7idZJueczeiaUVsUNJkc79T9w379HUU3VscV6
YC6MZ6VScSABSzBoXJwh8auNf2P2YXMgmfUwLQk2hqjJmlGVHbmv7gsGE4p9Q3lX
WCdOzvUwVJzzd/o+1RtqWDBP2J/bEysj+UA3VVXVWS76wT2orYeLUqzap7OI9NuP
z4oqVOqQD51YWeIJTRdiP0T/dTJldhJTbMMIjlnB+8lN
-----END CERTIFICATE-----
 1 s:C = RU, O = The Ministry of Digital Development and Communications, CN = Russian Trusted Sub CA
   i:C = RU, O = The Ministry of Digital Development and Communications, CN = Russian Trusted Root CA
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar  2 11:25:19 2022 GMT; NotAfter: Mar  6 11:25:19 2027 GMT
-----BEGIN CERTIFICATE-----
MIIHQjCCBSqgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCUlUx
PzA9BgNVBAoMNlRoZSBNaW5pc3RyeSBvZiBEaWdpdGFsIERldmVsb3BtZW50IGFu
ZCBDb21tdW5pY2F0aW9uczEgMB4GA1UEAwwXUnVzc2lhbiBUcnVzdGVkIFJvb3Qg
Q0EwHhcNMjIwMzAyMTEyNTE5WhcNMjcwMzA2MTEyNTE5WjBvMQswCQYDVQQGEwJS
VTE/MD0GA1UECgw2VGhlIE1pbmlzdHJ5IG9mIERpZ2l0YWwgRGV2ZWxvcG1lbnQg
YW5kIENvbW11bmljYXRpb25zMR8wHQYDVQQDDBZSdXNzaWFuIFRydXN0ZWQgU3Vi
IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9YPqBKOk19NFymrE
wehzrhBEgT2atLezpduB24mQ7CiOa/HVpFCDRZzdxqlh8drku408/tTmWzlNH/br
HuQhZ/miWKOf35lpKzjyBd6TPM23uAfJvEOQ2/dnKGGJbsUo1/udKSvxQwVHpVv3
S80OlluKfhWPDEXQpgyFqIzPoxIQTLZ0deirZwMVHarZ5u8HqHetRuAtmO2ZDGQn
vVOJYAjls+Hiueq7Lj7Oce7CQsTwVZeP+XQx28PAaEZ3y6sQEt6rL06ddpSdoTMp
BnCqTbxW+eWMyjkIn6t9GBtUV45yB1EkHNnj2Ex4GwCiN9T84QQjKSr+8f0psGrZ
vPbCbQAwNFJjisLixnjlGPLKa5vOmNwIh/LAyUW5DjpkCx004LPDuqPpFsKXNKpa
L2Dm6uc0x4Jo5m+gUTVORB6hOSzWnWDj2GWfomLzzyjG81DRGFBpco/O93zecsIN
3SL2Ysjpq1zdoS01CMYxie//9zWvYwzI25/OZigtnpCIrcd2j1Y6dMUFQAzAtHE+
qsXflSL8HIS+IJEFIQobLlYhHkoE3avgNx5jlu+OLYe0dF0Ykx1PGNjbwqvTX37R
Cn32NMjlotW2QcGEZhDKj+3urZizp5xdTPZitA+aEjZM/Ni71VOdiOP0igbw6asZ
2fxdozZ1TnSSYNYvNATwthNmZysCAwEAAaOCAeUwggHhMBIGA1UdEwEB/wQIMAYB
Af8CAQAwDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTR4XENCy2BTm6KSo9MI7NM
XqtpCzAfBgNVHSMEGDAWgBTh0YHlzlpfBKrS6badZrHF+qwshzCBxwYIKwYBBQUH
AQEEgbowgbcwOwYIKwYBBQUHMAKGL2h0dHA6Ly9yb3N0ZWxlY29tLnJ1L2NkcC9y
b290Y2Ffc3NsX3JzYTIwMjIuY3J0MDsGCCsGAQUFBzAChi9odHRwOi8vY29tcGFu
eS5ydC5ydS9jZHAvcm9vdGNhX3NzbF9yc2EyMDIyLmNydDA7BggrBgEFBQcwAoYv
aHR0cDovL3JlZXN0ci1wa2kucnUvY2RwL3Jvb3RjYV9zc2xfcnNhMjAyMi5jcnQw
gbAGA1UdHwSBqDCBpTA1oDOgMYYvaHR0cDovL3Jvc3RlbGVjb20ucnUvY2RwL3Jv
b3RjYV9zc2xfcnNhMjAyMi5jcmwwNaAzoDGGL2h0dHA6Ly9jb21wYW55LnJ0LnJ1
L2NkcC9yb290Y2Ffc3NsX3JzYTIwMjIuY3JsMDWgM6Axhi9odHRwOi8vcmVlc3Ry
LXBraS5ydS9jZHAvcm9vdGNhX3NzbF9yc2EyMDIyLmNybDANBgkqhkiG9w0BAQsF
AAOCAgEARBVzZls79AdiSCpar15dA5Hr/rrT4WbrOfzlpI+xrLeRPrUG6eUWIW4v
Sui1yx3iqGLCjPcKb+HOTwoRMbI6ytP/ndp3TlYua2advYBEhSvjs+4vDZNwXr/D
anbwIWdurZmViQRBDFebpkvnIvru/RpWud/5r624Wp8voZMRtj/cm6aI9LtvBfT9
cfzhOaexI/99c14dyiuk1+6QhdwKaCRTc1mdfNQmnfWNRbfWhWBlK3h4GGE9JK33
Gk8ZS8DMrkdAh0xby4xAQ/mSWAfWrBmfzlOqGyoB1U47WTOeqNbWkkoAP2ys94+s
Jg4NTkiDVtXRF6nr6fYi0bSOvOFg0IQrMXO2Y8gyg9ARdPJwKtvWX8VPADCYMiWH
h4n8bZokIrImVKLDQKHY4jCsND2HHdJfnrdL2YJw1qFskNO4cSNmZydw0Wkgjv9k
F+KxqrDKlB8MZu2Hclph6v/CZ0fQ9YuE8/lsHZ0Qc2HyiSMnvjgK5fDc3TD4fa8F
E8gMNurM+kV8PT8LNIM+4Zs+LKEV8nqRWBaxkIVJGekkVKO8xDBOG/aN62AZKHOe
GcyIdu7yNMMRihGVZCYr8rYiJoKiOzDqOkPkLOPdhtVlgnhowzHDxMHND/E2WA5p
ZHuNM/m0TXt2wTTPL7JH2YC0gPz/BvvSzjksgzU5rLbRyUKQkgU=
-----END CERTIFICATE-----
---
Server certificate
subject=C = RU, ST = St. Petersburg, L = St. Petersburg, O = VTB Bank (PJSC), OU = IT Department, CN = online-alpha.vtb.ru
issuer=C = RU, O = The Ministry of Digital Development and Communications, CN = Russian Trusted Sub CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 4043 bytes and written 451 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 92C894E2E60D09C67B901CB44D55B04285E17D6A23E8004358AF3F991EE5005F
    Session-ID-ctx:
    Master-Key: 084CA49C3821CFA73463E83DCCDE3DEB4CF0BA51795E6368C7BE8EC8CB8AD9E66B04F2C8D74A43AF570005F1AE4B75B5
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1647544075
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: yes
---
DONE

Op vrijdag 11 maart 2022 om 02:16:56 UTC+1 schreef ValdikSS ValdikSS:
Reply all
Reply to author
Forward
0 new messages