![Page 1: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/1.jpg)
Improving Revocation In The Ssl/Tls Jungle
By:
Mohammed Almeshekah
Security Engineering Team
!
August 1st, 2013
![Page 2: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/2.jpg)
Secure Connections (Ssl/Tls) & Revocation
When Firefox connects to a secure (i.e. https) server, a certificate must be presented to establish the identity of the server.
!
The certificate chain must be valid (not revoked) at all times. Two traditional mechanisms exist:
• CRL (Certificate Revocation List).
• OCSP (Online Certificate Status Protocol).
![Page 3: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/3.jpg)
What Is Done Currently In Firefox
Checking (only the end entity) CRL and OCSP -> No response -> assume it is trusted!?
Shipping a new release when major compromise occurs:
• https://blog.mozilla.org/security/2011/09/02/diginotar-removal-follow-up/
![Page 4: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/4.jpg)
What Did I Do @ Mozilla
Building a tool to analyze the SSL/TLS Jungle of the Alexa top 1 million sites (can easily be expanded to analyze the whole IPv4 address range)
!
Building a tool to analyze the revocation dynamics of the Alexa top 1 million.
!
Implement a better approach for certificate revocation in Firefox (Preloaded and Dynamic CRLSets).
![Page 5: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/5.jpg)
Crls And Ocsps In The Jungle
These certificates pointed to 1,774 CRLs and 1,292 authority (OCSP) servers.
CRLs:
• Only 987 CRL servers responded [about (~1/2) are dead].
• Total size of all CRLs is (~98 MB) [average is ~100 KB].
• ~2.65 millions revoked certificates.
OCSPs:
• Performance concerns (OCSP for every cert in the chain).
• CAs learn your browsing habits (privacy concerns).
• Response takes about 200ms in the US!
![Page 6: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/6.jpg)
The Ssl/Tls Jungle - What Is Revoked?
Why are certificate being revoked?
!
!
!
!
!
![Page 7: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/7.jpg)
The Ssl/Tls Jungle, Contd.
Clearly we are in a bad shape:
• Revocation servers are not responding.
• A LOT of certificates being revoked.
• CRLs have an overage overhead of 100K (FFOS!).
• OCSP has privacy concerns, SSL/TLS connections have to ping a CA server.
“Performance vs. Security vs. Privacy” -> Can we do something?
![Page 8: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/8.jpg)
New Revocation Mechanisms
We need more than one mechanism:
• We cannot bundle 2.65 million revocation information in Firefox (that is only for the Alexa top 1 million).
!
Currently two projects are in progress:
• OCSP Stapling [and must-staple] (by David Keeler) - Stapling is in Nightly now.
‣ https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
• CRLSet.
![Page 9: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/9.jpg)
Revocation Mechanisms
![Page 10: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/10.jpg)
Crlset
Firefox will be having two CRLSets:
• Preloaded CRLSet - revoked certificates that come built-in the browser.
• Dynamic CRLSet - seamlessly update the revocation information pushing the information to the browsers without having to push new releases.
What to include in the CRLSet?
![Page 11: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/11.jpg)
What To Revoke?
We can distinguish two major categories:
• Revocations due to CAs mistakes (e.g mis-issuance, CA compromise, ..)
• Revocations due to server operators mistakes (server key compromise, etc).
Currently the Preloaded CRLSet is based on the revocation reasons in the actual CRLs.
![Page 12: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/12.jpg)
Done & In Progress
The tools are already uploaded in Github:
• https://github.com/meshekah/SSL_Certs
CRLSet:
• Bug 886471.
• Preloaded is almost done (final testing and reviews).
• Dynamic - most of the logic is done, need to bundle the XHR request and download the delta file.
![Page 13: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/13.jpg)
Final Thoughts
SSL/TLS and trust is a BIGger mess than I thought.
It is very interesting to work on cutting edge ideas that have never been implemented before and set the standards. Data is GOLD in these cases.
Special thanks to:
• Sid Stamm - my great manager.
• Camilo Viecco - my awesome advisor.
• Brian Smith.
![Page 14: Improving Revocation in the SSL/TLS jungle - Firefox Approach](https://reader033.vdocuments.mx/reader033/viewer/2022060205/55a1f2b81a28ab070b8b4624/html5/thumbnails/14.jpg)
Thanks
Presentation available at:
www.meshekah.com
Personal Email: [email protected] - Twitter: @meshekah