(Writing in a personal capacity)
I want to preemptively apologize for the length of this message. Despite
multiple rounds of editing, there's still much to be said, and I'd prefer
to say it in public, in the spirit of those past discussions, so that they
can be both referred to and (hopefully) critiqued.
These discussions are no easy matter, as shown from the past conversations
regarding both TeliaSonera [1] and CNNIC [2][3][4][5]. There have been
related discussions [6][7], some of which even discuss the UAE [8]. If you
go through and read those messages, you will find many similar messages,
and from many similar organizations, as this thread has provoked.
In looking at these older discussions, as well as this thread, common
themes begin to emerge. These themes highlight fundamental questions about
what the goals of Mozilla are, and how best to achieve those goals. My hope
is to explore some of these questions, and their implications, so that we
can ensure we're not overlooking any consequences that may result from
particular decisions. Whatever the decision is made - to trust or distrust
- we should at least make sure we're going in eyes wide open as to what may
happen.
1) Objectivity vs Subjectivity
Wayne's initial message calls it out rather explicitly, but you can see it
similarly in positions from past Mozilla representatives - from Gerv
Markham, Sid Stamm, Jonathan Nightingale - and current, such as Kathleen
Wilson. The "it" I'm referring to is the tension between Mozilla's Root
Program, which provides a number of ideally objective criteria for CAs to
meet for inclusion, and the policy itself providing significant leeway for
Mozilla to remove CAs - for any reason or no reason - and to take steps to
protect its users and its mission, an arguably subjective decision. This
approach goes back to the very first versions of the policy, written by
Frank Hecker for the then-brand new Mozilla Foundation [9][10]. Frank
struggled with the issue then [11], so perhaps it is unsurprising that we
still struggle with it now. Thankfully, Frank also documented quite a bit
of his thinking in drafting that policy, so we can have some insight. [12]
The arguments for the application of a consistent and objective policy have
ranged from being a way to keep Mozilla accountable to its principles and
mission [13] to being a way to reduce the liability that might be
introduced by trusting a given CA [14]. In many ways, the aim of having an
objective policy was to provide a transparent insight into how the
decisions are made - something notably absent from programs such as
Microsoft or Apple. For example, you will not find any public discussion as
to why Microsoft continues to add some CAs years ahead of other root
programs, even from organizations so rife with operational failures that
have disqualified them from recognition by Mozilla, yet took years to add
Let's Encrypt, even as they were trusted by other programs and had gone
through public review. Mozilla's policy provides that transparency and
accountability, by providing a set of principles for which the decisions
made can be evaluated against. In theory, by providing this policy and
transparency, Mozilla can serve as a model for other root stores and
organizations - where, if they share those principles, then the application
of the objective policy should lead to the same result, thus leading to a
more interoperable web, thus fulfilling some of Mozilla's core principles.
In the discussions of CNNIC and TeliaSonera, there was often a rigid
application of policy. Unless evidence could be demonstrably provided of
not adhering to the stated policies - for example, misissued certificates -
the presumption of both innocence and trustworthiness was afforded to these
organizations by Mozilla. Factors that were not covered by policy - for
example, participation in providing interception capabilities, the
distribution of malware, supporting censorship - were discarded from the
consideration of whether or not to trust these organizations and include
their CAs.
During those discussions, and in this, there's a counterargument that
highlights these behaviours - or, more commonly, widely reported instances
of these behaviours (which lack the benefit of being cryptographically
verifiable in the way certificates are) - undermine the trustworthiness of
the organization. This argument goes that even of the audit is clean
(unqualified, no non-conformities), such an organization could still behave
inappropriately towards Mozilla users. Audits can be and are being gamed in
such a way as to disguise some known-improper behaviours. CAs themselves
can go from trustworthy to untrustworthy overnight, as we saw with
StartCom's acquisition by WoSign [15]. The principles involved may be
authorizing or engaging in the improper behaviour directly, as we saw with
StartCom/WoSign, or may themselves rely on ambiguous wording to provide an
escape, should they be caught, as we saw with Symantec. Because of this,
the argument goes, it's necessary to consider the whole picture of the
organization, and for the Module Owner and Peers to make subjective
evaluations based on the information available, which may or may not be
reliable or accurate.
The reality is that the policy needs both. As Frank called out in [12], a
major reasoning for the policy was not to provide an abstract checklist,
but to provide a transparent means of decision making, which can consider
and balance the views of the various stakeholders, with the goal of
fulfilling Mozilla's mission. Yet much of that objective policy inherently
rests on something frighteningly subjective - the audit regime that's come
to make up the bulk of the inclusion process. While the early drafts of the
policy considered schemes other than just WebTrust and ETSI, as it's
evolved, we're largely dependent on those two. And both of those rely on
the subjective opinion of auditors, which may or may not meet the Mozilla
community's definition of skilled, to provide their opinion about how well
the CA meets certain abstract audit criteria, for which there may or may
not have been technical guidance provided. As we've seen with the
disqualification of some auditors, those subjective judgements can create
real harm to Mozilla users.
2) Government CAs and Jurisdictional Issues
As the later messages in this thread have shown, but also those early
messages in both TeliaSonera and CNNIC's case, there is a general unease
about the legal implications of CAs and where they operate. This generally
manifests as a concern that a CA will be compelled to do something to
violate policy by force, the instrument of governments. Whether it's
through the rule of law or a "friendly" stop-in by a government official,
the risk is still there. At times, these discussions can be informative,
but not uncommonly, they can devolve into "X country is better than Y
country" on some axis - whether it be rule of law, human rights, encryption
policies, or some other dimension. I don't say that to dismiss the
concerns, but to highlight that they continue to come up every time, and
often have a certain element of subjectivity attached to them.
At times, there's a subtle component to these discussions, which may or may
not get called out, which is about the motivations that the organization
may have in violating the policy. Commercial CAs may be motivated to
violate the policy for financial gain. Government CAs may be motivated to
do so to support their government functions. Quasi-governmental CAs may do
so to ensure their government contracts are maintained. This is a more
useful question, as it tries to unpack what might make the particular risk
- a policy violation - manifest.
It's not unreasonable at all to consider these issues - but in doing so,
the discussion is often masking something deeper, and thus it's necessary
to continue digging down into it.
3) Detection vs Prevention
Another common theme, which plays in with the above two, is a debate
between whether detection is a suitable substitute for prevention. In this
discussion, we see DarkMatter commenting that they've committed to log
certificates via Certificate Transparency. There are fundamental technical
issues with that - most notably, that such a decision does not protect
Mozilla users unless and until Mozilla implements CT - but there's also a
thorny policy issue as well, which is whether or not detection should be a
substitute for prevention. The CNNIC and TeliaSonera discussions equally
wrestled with this, although they lacked the benefit of CT - and a number
of users argued that, in the absence of detection mechanisms, prevention by
not trusting was better than the risk of trusting and not being able to
detect. With DarkMatter's application, there's a theoretical ability to
detect - but a host of practical issues that prevent that, both in the
ecosystem and specifically with Mozilla Firefox.
The counterargument would highlight that this risk exists with literally
every CA trusted by Mozilla today - any one of them could go rogue, and
detection is not guaranteed. Both CT and the audit regimes serve as ways to
try to determine after the fact if that happened, but they're both far from
guaranteed. For example, even in a perfect CT ecosystem of client auditing
and checking and no misbehaving logs, the ability to detect MITM still
wholly relies on site operators scanning those logs for their domain. As
such, CT doesn't necessarily mitigate the risk of MITM - it redistributes
it (somewhat), while providing a more concrete signal.
4) Sub-CAs
Common with these discussions, and certainly shared between CNNIC and
DarkMatter, is the fact that these organizations are already in possession
of publicly trusted intermediate CAs and key material. In some ways,
whatever risk is present, the community has already been living with this
risk, due to the CAs that provided these cross-signs. Whatever may be felt
about the present organizations, it's not difficult to imagine there being
a 'worse' organization equally being granted such access and key material,
and the community may not discover that for between 15-18 months after its
occurred. Whatever decisions are made here, there's a further challenge in
ensuring these decisions are consistently applied. This isn't hypothetical
- unfortunately, we saw Certinomis do exactly this after StartCom was
removed from Mozilla's program [16].
5) Investigative Reporting
Another common theme in these discussions is the role in which
investigative reports should play. There are a number of concerning reports
that, as highlighted by Alex Gaynor, arguably are inconsistent with the
principles and values of Mozilla. DarkMatter is not the first CA to have
such reports published - as the discussions of TeliaSonera and CNNIC show,
there were similar discussions and reports at the time. It's very tempting
to lend credence to these reports, but at the same time, we've also seen
reports, such as those by Bloomberg regarding SuperMicro implants, which
appear more likely to manipulate markets than to be responsible
journalism.[17]
It's not clear to what extent such reports should play in to discussions to
trust or distrust a CA, yet it would seem, based on past evidence, to be
foolish to ignore them in the name of policy absolutism. At the same time,
as the world collectively struggles how to balance media, both in
perceptions and execution, it seems care should be taken as to how much
weight to give such reports.
6) Recommendations, Risks, and Suggestions
Mozilla could decide to rigidly apply the current policy, which it would
seem that DarkMatter is nominally on track to meet, much as it did in the
case of TeliaSonera and CNNIC. However, as those CAs showed, the
application of such policy ultimately resulted in significant risk being
introduced to end users. If we are to just past precedents as future
predictors, then I would suggest that we don't have a good predictive model
to suggest it will go well.
It should come as no surprise that I'm highly skeptical in the audits and
audit regime, and thus do not find them to be objective in the least. I'm
hugely appreciative of the continued collaboration in this community on how
to improve it, but I think there's still significant work to go to get
there. The way that we've been tackling this issue to date in this
community is centered around transparency - transparency in operations and
transparency through incident reports.
Regarding incident reports, I'm deeply concerned about DarkMatter's
engagement regarding non-compliance, which seems to be targeted to excuse,
more than explain. There's a risk that, in saying this, it will be
suggested that this is somehow a ploy to exclude new CAs - but as others
have highlighted, I think ALL CAs, both present and pending, need to
operate beyond approach and with meaningful evaluation. Because of the risk
to the Internet that any and every CA poses, every one of them should be
aggressively looking for best practice. This means that they absolutely
should be evaluating the public discussions that happen in the CA/B Forum
to understand the intent of ballots, just as they should absolutely be
examining every CA incident - both closed and open - for similar things.
The BRs are not a guidebook for "how to be a CA" - they're the minimum
floor for which, if you dip below, there should be no trust.
Regarding transparency of operations, I think DarkMatter has missed a
number of opportunities to meaningfully engage in a way to provide some
reassurances. Transparency is not "We promise we don't do [bad thing]", but
to describe the system and controls for how it is designed. This is far
more extensive than a CP/CPS. Auditable versions of this continue to be
discussed with WebTrust (borrowing concepts and ideas from reporting such
as SOC 2) and ETSI, but there's no reason to not be more transparent now.
Regarding sub-CAs, prior to this thread, I had already filed an issue for
future consideration as a means of ensuring an appropriate level of
transparency before new sub-CAs are introduced [18]. This would
significantly reduce the risk of, say, an organization issuing a sub-CA and
then exiting the CA business, as QuoVadis has done, which I think provides
the wrong incentives for both the CA and the community.
As Frank Hecker's CA metapolicy [12] called out, the document that
ultimately informed the policy that was developed, we should simply treat
audits as one signal regarding the CA's operations, and potentially, not a
particularly strong one. Mozilla would be entirely justified with its
current policy to reject the inclusion request and remove the current (and
any future) sub-CAs. Mozilla could also, arguing that it would be unfair to
hold DarkMatter to a high standard, accept them and bear any perceived
risks, only acting in the case of demonstrable or repeated bad action.
Neither decision would be unprecedented, as I've hopefully highlighted.
One area of consequence I've struggled most with is this: If DarkMatter is
rejected, will that encourage other root programs to apply subjective,
non-transparent criteria, and in doing so, undermine some of Mozilla's
manifesto? In theory, Mozilla is the shining light of transparency and
consistency here, and I'd love to believe that has influenced other root
programs, such as those by Apple and Mozilla. Yet I struggle to see
evidence that this is the case - certainly in trust decisions, but at times
in distrust decisions. More importantly, the more time I spend working with
audits, both to understand the frameworks that lead to the audit regimes
[19][20] and how the audits function, it's clear to me that these were
designed very much to allow for subjectivity, business relationships, and
risks both technical and legal, to be determinants in trust. I think the
past decision making process has perhaps too dogmatically relied on policy
and the existence of audits, rather than the content, level of detail, and
qualifications of the auditors.
With respect to CT, I don't believe any weight should be given to
DarkMatter's commitment to log certificates to CT. While it's true that it
theoretically provides detection, that detection is not at all available to
Mozilla users, and even if it were, it's fundamentally after-the-fact and
if and only if the site operator is monitoring. For the set of concerns
that have been raised here, regardless of whether they are seen as
legitimate, the proposal for CT does not address them in any meaningful
way, nor can it. Even if I'm overlooking something here, Frank's advice in
[12] regarding reliance on new technology not yet implemented should be a
clear warning about the risk such reliance can pose.
Regardless of the decision, this thread has elicited a number of
well-intentioned suggestions for how to improve the policy in a way that
clearly states various expectations that the community may have.
Documenting beneficial ownership is one that I think is critically
necessary, as there are a number of CAs already participating in Mozilla's
program that have arguably complicated relationships. Until recently, for
example, Sectigo's primary ownership was through Francisco Partners, who
also owned the extremely controversial and problematic NSO Group [21][22].
Similarly, when Symantec was a recognized CA in Mozilla's program, their
acquisition of Bluecoat (and subsequent appointment to a number of key
leadership positions) was seen as concerning [23].
Similarly, I think that as long as we allow for new organizations (not
present in the hierarchy already) to be introduced as sub-CAs, then much of
this discussion is largely moot, because there will be an easy policy
loophole to exploit. I believe that it's in the best interests of users
that, regardless of the organization, new independently operated sub-CAs
undergo the same scrutiny and application process as roots. Once they're
in, then I think provided there are paths to trust - both for including
them as roots or allowing them to switch to cross-signatures from other
organizations - but I am concerned about the ability to introduce new and
arbitrary players at will, especially with incentives structures that may
shift all of the burden and risk to Mozilla and its users.
[1]
https://groups.google.com/d/msg/mozilla.dev.security.policy/mirZzYH5_pI/5LJ-X-XfIdwJ
[2]
https://bugzilla.mozilla.org/show_bug.cgi?id=542689
[3]
https://bugzilla.mozilla.org/show_bug.cgi?id=476766
[4]
https://groups.google.com/d/msg/mozilla.dev.security.policy/QEwyx6TQ5TM/qzX_WsKwvIgJ
[5]
https://groups.google.com/d/msg/mozilla.dev.security.policy/xx8iuyLPdQk/OvrUtbAkKRMJ
[6]
https://groups.google.com/d/msg/mozilla.dev.security.policy/WveW8iWquxs/S2I8yC36y2EJ
[7]
https://groups.google.com/d/msg/mozilla.dev.security.policy/kRRBCbE-t5o/8gYiB_B1D1AJ
[8]
https://groups.google.com/d/msg/mozilla.dev.security.policy/OBrPLsoMAR8/J4B0CU3JGdoJ
[9]
http://hecker.org/mozilla/cert-policy-submitted
[10]
http://hecker.org/mozilla/cert-policy-approved
[11]
http://hecker.org/mozilla/cert-policy-draft-12
[12]
http://hecker.org/mozilla/ca-certificate-metapolicy
[13]
https://www.mozilla.org/en-US/about/manifesto/
[14]
https://bugzilla.mozilla.org/show_bug.cgi?id=233453
[15]
https://wiki.mozilla.org/CA:WoSign_Issues
[16]
https://groups.google.com/d/msg/mozilla.dev.security.policy/RJHPWUd93xE/6yhrL4nXAAAJ
[17]
https://www.businessinsider.com/security-community-voicing-increasing-doubts-about-bombshell-bloomberg-chinese-chip-hacking-2018-10
[18]
https://github.com/mozilla/pkipolicy/issues/169
[19]
https://www.americanbar.org/content/dam/aba/events/science_technology/2013/pki_guidelines.pdf
[20]
http://www.oasis-pki.org/
[21]
https://groups.google.com/d/msg/mozilla.dev.security.policy/AvGlsb4BAZo/OicDsN2rBAAJ
[22]
https://www.franciscopartners.com/news/nso-group-acquired-by-its-management
[23]
https://groups.google.com/d/msg/mozilla.dev.security.policy/akOzSAMLf_k/Y1D4-RXoAwAJ