All,
The purpose of this email is to start discussion of Mozilla GitHub Issue #276 ("Address Delayed Revocation"). We would like to collect comments and feedback on a proposal to address delayed certificate revocation from a Mozilla perspective. It builds on prior discussions and feedback regarding delayed revocation, and the proposal is meant to replace guidance currently provided on the Mozilla CA wiki.
Here is the comparison link for a proposed new section 6.1.3 in the MRSP:
Summary
Here are the highlights of the proposal:
Background
Earlier this year, on this list, I proposed an Interim Policy to Address Delayed Revocation. While the proposed interim policy provided clarity, it faced criticism regarding implementation complexity, burden on subscribers and CAs, and the feasibility of associated measures, such as transitioning delayed revocation domains to 90-day certificates. Also, there were subsequent proposals aimed at reducing certificate lifetimes and encouraging automation. See e.g. https://github.com/cabforum/servercert/pull/553.
This new proposal drops proposed measures such as domain-specific tracking and subscriber attestations and instead focuses on subscriber education, mass revocation preparedness, and robust incident reporting as the primary mechanisms for improving agility and transparency regarding delayed revocation.
If adopted, the proposed MRSP § 6.1.3 would replace the current guidance on delayed revocation in Mozilla’s wiki and ensure consistency with the CCADB's Incident Reporting Guidelines.
I welcome your feedback on this draft proposal. Please share your thoughts, questions, or concerns to help us refine and improve it further.
Thanks,
Ben Wilson
Mozilla Root Store
All,
As part of the discussions on this proposal, namely that CAs “maintain and test mass revocation plans annually, including the revocation of 30 randomly chosen certificates within a 5-day period,” I’ve received a few comments via private channels, and to ensure transparency and foster discussion, I am sharing them here anonymously:
1. “Mozilla does not grant exceptions…” -- this is the most important signal that Mozilla can provide.
2. If certificate consumers want to prohibit delayed revocation, then they need to make it clear to CAs that they won't accept it and that they will kick them out of the root stores if they still do it. Don't try to solve this issue with indirect measures like random revocations. Just be straight about it and make it clear that there will be consequences for the very first delayed revocation and onward.
3. We will face big problems in revoking productive customer certificates just to test our mass-revocation plan and procedures. Our current customer contracts do not foresee this. While we can revoke at any time for security or compliance reasons, this authorization should not be used just to test mass-revocation. This will also require us to push out contract changes to our complete TLS customer base, which will take a considerable amount of time and effort.
4. This part of the proposal should occur within the CA/Browser Forum
through amendments to the TLS Baseline Requirements, and not via Mozilla
Root Store Policy.
5. Why was the number 30 chosen as a sample? Some CA operators issue very few certificates, while some CAs issue millions of certificates.
I welcome your feedback on these points, the random sampling proposal, and any others.
Thanks,
Ben
--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/71b07640-d425-4f2f-8da4-d97a9475b9f6n%40mozilla.org.
As part of the discussions on this proposal, namely that CAs “maintain and test mass revocation plans annually, including the revocation of 30 randomly chosen certificates within a 5-day period,” I’ve received a few comments via private channels, and to ensure transparency and foster discussion, I am sharing them here anonymously:
Dear Rich,
Thank you for your question.
I think it would be advisable for a CA operator’s mass-revocation testing plan to include an immediate notice to all customers whose certificates were randomly selected because we would want to minimize disruption to server operations while testing the CA’s ability to revoke and replace certificates promptly.
That said, CAs should consider performing occasional tests that go beyond providing pre-generated replacement certificates, in which subscribers
generate and submit new public keys. That would address the risks from a
widespread incident, like Heartbleed, where the potential compromise of private keys
necessitated key pair replacement. Preparing for such scenarios ensures that subscribers will be able to quickly perform the tasks of key pair generation, public
key submission, and certificate installation.
Much to discuss.
Thanks again,
Ben
Dear everybody,
>Point 3 is unusual as revocation for compliance reasons is explicitly outlined, and that's all that this is? There isn't any new changes to the legal language required that I can see.
I checked with our legal department and they clearly stated that we will have to amend the contracts if we want to be sure that we can't be sued for damages inflicted by random revocation. Current language (at least in our contracts) allows us to revoke in case of security incidents, non-compliance and some other cases. But a preventative revocation would currently not be covered.
Also, I'm not convinced that it will motivate many customers towards automation. Most will probably just gamble and bet on not being in the unlucky 30, especially if they get their certs from a large CA... 😉
>Point 4 has been covered, being above the baseline requirements is barely noteworthy but encouraging these practices in more programs is good advice.
Regarding a comment made in another mail, I think it's fair to say that most public trust CAs -need- to conform to all major root store policies to be of any value for their customers. The more fragmented these root store policies are, the more complex (and error prone!) complying to them becomes. For this reason, we would really encourage the root store operators to converge on requirements set forward.
Kind regards
Roman
--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
dev-security-po...@mozilla.org.
To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/c2290409-2ef1-4295-8f5d-13369f2dbbe1n%40mozilla.org.
--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
Dear everybody,
>Point 3 is unusual as revocation for compliance reasons is explicitly outlined, and that's all that this is? There isn't any new changes to the legal language required that I can see.
I checked with our legal department and they clearly stated that we will have to amend the contracts if we want to be sure that we can't be sued for damages inflicted by random revocation. Current language (at least in our contracts) allows us to revoke in case of security incidents, non-compliance and some other cases. But a preventative revocation would currently not be covered.
Also, I'm not convinced that it will motivate many customers towards automation. Most will probably just gamble and bet on not being in the unlucky 30, especially if they get their certs from a large CA...
Regarding a comment made in another mail, I think it's fair to say that most public trust CAs -need- to conform to all major root store policies to be of any value for their customers. The more fragmented these root store policies are, the more complex (and error prone!) complying to them becomes. For this reason, we would really encourage the root store operators to converge on requirements set forward.
I think it would be advisable for a CA operator’s mass-revocation testing plan to include an immediate notice to all customers whose certificates were randomly selected because we would want to minimize disruption to server operations while testing the CA’s ability to revoke and replace certificates promptly.
Oh, I don't know... ransomware has been far more effective at improving
DR practices than several decades of education was.
DZ.
Dec 19, 2024 22:24:31 Rich Salz <rich...@gmail.com>:
--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
DZ.
Dec 23, 2024 13:30:45 Rich Salz <rich...@gmail.com>:
To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/4072d67e-6e30-4c01-a18b-993b94102a41%40it.auth.gr.
I think the problem of delayed revocation is automatically solved once the proposed clarification by Mozilla (and other root store operators) clearly states that delayed revocation will unconditionally to removal from the trust store. Why invent a whole new mechanism when the same goal can be achieved much easier?
Kind regards & welcome to 2025
Roman
I think the problem of delayed revocation is automatically solved once the proposed clarification by Mozilla (and other root store operators) clearly states that delayed revocation will unconditionally to removal from the trust store. Why invent a whole new mechanism when the same goal can be achieved much easier?