Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Improving Revocation in the SSL/TLS jungle - Firefox Approach


Published on

Trust is a very crucial aspect of our daily lives when navigating the web. Currently, digital certificates are the main way of establishing server's identities in the Internet, Trust is dynamic property that can change over time and browsers should adapt very quickly to enforce the latest trust status of a "secure" server when establishing secure connections. However, most of the current revocation models have a performance impact and new mechanisms revocation models need to be adapted.
In this talk, Mohammed, will discuss the current status of SSL certificates revocation in Firefox. He will highlight the work he has done during his time at mozilla in analyzing the SSL jungle of the top million sites on the internet and building the CRLSet revocation mechanism in firefox.

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

Improving Revocation in the SSL/TLS jungle - Firefox Approach

  1. 1. Improving Revocation In The Ssl/Tls Jungle By: Mohammed Almeshekah Security Engineering Team ! August 1st, 2013
  2. 2. Secure Connections (Ssl/Tls) & Revocation When Firefox connects to a secure (i.e. https) server, a certificate must be presented to establish the identity of the server. ! The certificate chain must be valid (not revoked) at all times. Two traditional mechanisms exist: • CRL (Certificate Revocation List). • OCSP (Online Certificate Status Protocol).
  3. 3. What Is Done Currently In Firefox Checking (only the end entity) CRL and OCSP -> No response -> assume it is trusted!? Shipping a new release when major compromise occurs: •
  4. 4. What Did I Do @ Mozilla Building a tool to analyze the SSL/TLS Jungle of the Alexa top 1 million sites (can easily be expanded to analyze the whole IPv4 address range) ! Building a tool to analyze the revocation dynamics of the Alexa top 1 million. ! Implement a better approach for certificate revocation in Firefox (Preloaded and Dynamic CRLSets).
  5. 5. Crls And Ocsps In The Jungle These certificates pointed to 1,774 CRLs and 1,292 authority (OCSP) servers. CRLs: • Only 987 CRL servers responded [about (~1/2) are dead]. • Total size of all CRLs is (~98 MB) [average is ~100 KB]. • ~2.65 millions revoked certificates. OCSPs: • Performance concerns (OCSP for every cert in the chain). • CAs learn your browsing habits (privacy concerns). • Response takes about 200ms in the US!
  6. 6. The Ssl/Tls Jungle - What Is Revoked? Why are certificate being revoked? ! ! ! ! !
  7. 7. The Ssl/Tls Jungle, Contd. Clearly we are in a bad shape: • Revocation servers are not responding. • A LOT of certificates being revoked. • CRLs have an overage overhead of 100K (FFOS!). • OCSP has privacy concerns, SSL/TLS connections have to ping a CA server. “Performance vs. Security vs. Privacy” -> Can we do something?
  8. 8. New Revocation Mechanisms We need more than one mechanism: • We cannot bundle 2.65 million revocation information in Firefox (that is only for the Alexa top 1 million). ! Currently two projects are in progress: • OCSP Stapling [and must-staple] (by David Keeler) - Stapling is in Nightly now. ‣ • CRLSet.
  9. 9. Revocation Mechanisms
  10. 10. Crlset Firefox will be having two CRLSets: • Preloaded CRLSet - revoked certificates that come built-in the browser. • Dynamic CRLSet - seamlessly update the revocation information pushing the information to the browsers without having to push new releases. What to include in the CRLSet?
  11. 11. What To Revoke? We can distinguish two major categories: • Revocations due to CAs mistakes (e.g mis-issuance, CA compromise, ..) • Revocations due to server operators mistakes (server key compromise, etc). Currently the Preloaded CRLSet is based on the revocation reasons in the actual CRLs.
  12. 12. Done & In Progress The tools are already uploaded in Github: • CRLSet: • Bug 886471. • Preloaded is almost done (final testing and reviews). • Dynamic - most of the logic is done, need to bundle the XHR request and download the delta file.
  13. 13. Final Thoughts SSL/TLS and trust is a BIGger mess than I thought. It is very interesting to work on cutting edge ideas that have never been implemented before and set the standards. Data is GOLD in these cases. Special thanks to: • Sid Stamm - my great manager. • Camilo Viecco - my awesome advisor. • Brian Smith.
  14. 14. Thanks Presentation available at: Personal Email: - Twitter: @meshekah