Experience with Let’s Encrypt certbot for Fedora 23 (fails)

At certbot.eff.org with Apache on Fedora 23+

sudo dnf install -y python-certbot-apache
Error: nothing provides python2-augeas needed by python2-certbot-apache-0.8.1-1.fc23.noarch
(try to add '--allowerasing' to command line to replace conflicting packages)

Flailing

dnf install -y augeas
dnf install -y python-augeas

Therefore: certbot isn’t ready for Fedora 23 yet.

Fedora 22?

Fail.

wget https://dl.eff.org/certbot-auto

Nope … too big and complicated … it will never work … and they didn’t test it on Fedora anyway.

Manual

Prerequisites of python-certbot-apache

dialog
python-parsedatetime
python-zope-component
python-zope-event
python-zope-interface
python2-acme
python2-certbot
python2-certbot-apache
python2-configargparse
python2-configobj
python2-dialog
python2-funcsigs
python2-mock
python2-pbr
python2-psutil
python2-pyrfc3339
pytz

Still fails

$ sudo dnf install python2-certbot-apache
Last metadata expiration check performed 2:49:52 ago on Wed Sep 28 04:06:26 2016.
Error: nothing provides python2-augeas needed by python2-certbot-apache-0.8.1-1.fc23.noarch
(try to add '--allowerasing' to command line to replace conflicting packages)

Workaround

wget https://dl.fedoraproject.org/pub/fedora/linux/updates/23/x86_64/p/python2-certbot-apache-0.8.1-1.fc23.noarch.rpm
sudo rpm --install --nodeps python2-certbot-apache-0.8.1-1.fc23.noarch.rpm

What got installed?

$ rpm -q -l -p ./python2-certbot-apache-0.8.1-1.fc23.noarch.rpm  | grep -v test
/usr/lib/python2.7/site-packages/certbot_apache
/usr/lib/python2.7/site-packages/certbot_apache-0.8.1-py2.7.egg-info
/usr/lib/python2.7/site-packages/certbot_apache-0.8.1-py2.7.egg-info/PKG-INFO
/usr/lib/python2.7/site-packages/certbot_apache-0.8.1-py2.7.egg-info/SOURCES.txt
/usr/lib/python2.7/site-packages/certbot_apache-0.8.1-py2.7.egg-info/dependency_links.txt
/usr/lib/python2.7/site-packages/certbot_apache-0.8.1-py2.7.egg-info/entry_points.txt
/usr/lib/python2.7/site-packages/certbot_apache-0.8.1-py2.7.egg-info/requires.txt
/usr/lib/python2.7/site-packages/certbot_apache-0.8.1-py2.7.egg-info/top_level.txt
/usr/lib/python2.7/site-packages/certbot_apache/__init__.py
/usr/lib/python2.7/site-packages/certbot_apache/__init__.pyc
/usr/lib/python2.7/site-packages/certbot_apache/__init__.pyo
/usr/lib/python2.7/site-packages/certbot_apache/augeas_configurator.py
/usr/lib/python2.7/site-packages/certbot_apache/augeas_configurator.pyc
/usr/lib/python2.7/site-packages/certbot_apache/augeas_configurator.pyo
/usr/lib/python2.7/site-packages/certbot_apache/augeas_lens
/usr/lib/python2.7/site-packages/certbot_apache/augeas_lens/httpd.aug
/usr/lib/python2.7/site-packages/certbot_apache/centos-options-ssl-apache.conf
/usr/lib/python2.7/site-packages/certbot_apache/configurator.py
/usr/lib/python2.7/site-packages/certbot_apache/configurator.pyc
/usr/lib/python2.7/site-packages/certbot_apache/configurator.pyo
/usr/lib/python2.7/site-packages/certbot_apache/constants.py
/usr/lib/python2.7/site-packages/certbot_apache/constants.pyc
/usr/lib/python2.7/site-packages/certbot_apache/constants.pyo
/usr/lib/python2.7/site-packages/certbot_apache/display_ops.py
/usr/lib/python2.7/site-packages/certbot_apache/display_ops.pyc
/usr/lib/python2.7/site-packages/certbot_apache/display_ops.pyo
/usr/lib/python2.7/site-packages/certbot_apache/obj.py
/usr/lib/python2.7/site-packages/certbot_apache/obj.pyc
/usr/lib/python2.7/site-packages/certbot_apache/obj.pyo
/usr/lib/python2.7/site-packages/certbot_apache/options-ssl-apache.conf
/usr/lib/python2.7/site-packages/certbot_apache/parser.py
/usr/lib/python2.7/site-packages/certbot_apache/parser.pyc
/usr/lib/python2.7/site-packages/certbot_apache/parser.pyo
/usr/lib/python2.7/site-packages/certbot_apache/tls_sni_01.py
/usr/lib/python2.7/site-packages/certbot_apache/tls_sni_01.pyc
/usr/lib/python2.7/site-packages/certbot_apache/tls_sni_01.pyo
/usr/share/doc/python2-certbot-apache
/usr/share/doc/python2-certbot-apache/README.rst
/usr/share/licenses/python2-certbot-apache
/usr/share/licenses/python2-certbot-apache/LICENSE.txt

You also have to install

certbot

. It will list, but fails to create, the directories /etc/letsencrypt and /var/lib/letsencrypt

$ sudo dnf install certbot
Last metadata expiration check performed 0:18:54 ago on Wed Sep 28 07:09:29 2016.
Dependencies resolved.
====================================================================================================
 Package               Arch                 Version                     Repository             Size
====================================================================================================
Installing:
 certbot               noarch               0.8.1-2.fc23                updates                20 k

Transaction Summary
====================================================================================================
Install  1 Package

Total download size: 20 k
Installed size: 20 k
Is this ok [y/N]: y
Downloading Packages:
certbot-0.8.1-2.fc23.noarch.rpm                                      42 kB/s |  20 kB     00:00    
----------------------------------------------------------------------------------------------------
Total                                                                16 kB/s |  20 kB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : certbot-0.8.1-2.fc23.noarch                                                     1/1 
  Verifying   : certbot-0.8.1-2.fc23.noarch                                                     1/1 

Installed:
  certbot.noarch 0.8.1-2.fc23                                                                       

Complete!
$ rpm -q -l certbot
/etc/letsencrypt
/usr/bin/certbot
/usr/bin/letsencrypt
/usr/share/doc/certbot
/usr/share/doc/certbot/CHANGES.rst
/usr/share/doc/certbot/CONTRIBUTING.md
/usr/share/doc/certbot/README.rst
/usr/share/licenses/certbot
/usr/share/licenses/certbot/LICENSE.txt
/var/lib/letsencrypt
$ rpm -q -l certbot | xargs ls -ld
ls: cannot access /etc/letsencrypt: No such file or directory
ls: cannot access /var/lib/letsencrypt: No such file or directory
-rwxr-xr-x. 1 root root   302 Jul  6 06:42 /usr/bin/certbot
lrwxrwxrwx. 1 root root    16 Jul  6 06:42 /usr/bin/letsencrypt -> /usr/bin/certbot
drwxr-xr-x. 2 root root  4096 Sep 28 07:28 /usr/share/doc/certbot
-rw-r--r--. 1 root root   362 Jun 14 16:46 /usr/share/doc/certbot/CHANGES.rst
-rw-r--r--. 1 root root   604 Jun 14 16:46 /usr/share/doc/certbot/CONTRIBUTING.md
-rw-r--r--. 1 root root  7702 Jun 14 16:46 /usr/share/doc/certbot/README.rst
drwxr-xr-x. 2 root root  4096 Sep 28 07:28 /usr/share/licenses/certbot
-rw-r--r--. 1 root root 11456 Jun 14 16:46 /usr/share/licenses/certbot/LICENSE.txt
$ certbot plugins
An unexpected error occurred:
OSError: [Errno 13] Permission denied: '/etc/letsencrypt'
Please see the logfile 'certbot.log' for more details.

You have to do it yourself:

sudo mkdir /etc/letsencrypt /var/lib/letsencrypt

Summarization of the Guide to Deploying Diffie-Hellman for TLS from weakdh.org

Shown (here, but see there)

Not Shown (here, but see there)

  • Sendmail (SMTP) → available
  • Dovecot (IMAP) → available
  • OpenSSH (SSH) → available
  • OpenVPN (OPENVPN) → no advice given.
  • …other…

Diffie-Hellman Group

Generate a new, unique-to-you, Diffie Hellman Group.  Set this aside, install as directed.

openssl dhparam -out ~/tmp/dhparams.pem 2048

Case 1. Current

Condition
  • Apache v2.4.8+ and OpenSSL v1.0.2+
Action

In the Apache (httpd) SSL configuration area (e.g. /etc/httpd/conf/ssl.conf) declare explicitly:

SSLOpenSSLConfCmd DHParameters "pki/dhparams.pem"

Case 2. Not Too Old

Conditions
  • Apache with LibreSSL
  • Apache v2.4.7 and OpenSSL v0.9.8a+
Action

Append the dhparams.pem to the end of the server certificate file.

Case 3: Too Old

No advice given.

Apache (mod_ssl)

In the Apache (httpd) SSL configuration area (e.g. /etc/httpd/conf/ssl.conf) declare

SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder     on

Background

System Administration Guide at weakdh.org
With recipes for

  • Apache HTTP mod_ssl
  • Apache Tomcat
  • Dovecot
  • HAproxy
  • Lighttpd
  • Nginx
  • OpenSSH
  • Sendmail

David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, Paul Zimmermann; Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice; Available at weakdh.org; 2015-05-20; 13 pages; previously noted.

Inventory

Based on information, belief & hearsay; and inspecting some running systems.

Fedora 22

$ rpm -q httpd openssl
httpd-2.4.12-1.fc22
openssl-1.0.1k-6.fc22

Fedora 21

$ rpm -q httpd openssl
httpd-2.4.12-1.fc21
openssl-1.0.1k-6.fc21

Fedora 20

$ rpm -q httpd openssl
httpd-2.4.10-1.fc20
openssl-1.0.1e-42.fc20

Fedora 19

$ rpm -q httpd openssl
httpd-2.4.10-1.fc19
openssl-1.0.1e-37.fc19.1

Fedora 18

$ rpm -q httpd openssl
httpd-2.4.6-2.fc18
openssl-1.0.1e-37.fc18

Fedora 17

$ rpm -q httpd openssl
httpd-2.2.23-1.fc17
openssl-1.0.0k-1.fc17

Fedora 16

$ rpm -q httpd openssl
httpd-2.2.22-2.fc16
openssl-1.0.0j-1.fc16

Fedora 15

$ rpm -q httpd openssl
httpd-2.2.22-1.fc15
openssl-1.0.0j-1.fc15

Fedora 14

$ rpm -q httpd openssl
httpd-2.2.17-1.fc14
openssl-1.0.0c-1.fc14

Using SSL with MariaDB (MySQL)


# Create clean environment
shell> rm -rf newcerts
shell> mkdir newcerts && cd newcerts

# Create CA certificate
shell> openssl genrsa 2048 > ca-key.pem
shell> openssl req -new -x509 -nodes -days 3600 \
         -key ca-key.pem -out ca.pem

# Create server certificate, remove passphrase, and sign it
# server-cert.pem = public key, server-key.pem = private key
shell> openssl req -newkey rsa:2048 -days 3600 \
         -nodes -keyout server-key.pem -out server-req.pem
shell> openssl rsa -in server-key.pem -out server-key.pem
shell> openssl x509 -req -in server-req.pem -days 3600 \
         -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

# Create client certificate, remove passphrase, and sign it
# client-cert.pem = public key, client-key.pem = private key
shell> openssl req -newkey rsa:2048 -days 3600 \
         -nodes -keyout client-key.pem -out client-req.pem
shell> openssl rsa -in client-key.pem -out client-key.pem
shell> openssl x509 -req -in client-req.pem -days 3600 \
         -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem

mysql> show global variables like '%ssl%'; 
+---------------+---------------------------------------+
| Variable_name | Value                                 |
+---------------+---------------------------------------+
| have_openssl  | YES                                   |
| have_ssl      | YES                                   |
| ssl_ca        | /etc/pki/mysql/root/ca-bundle.pem     |
| ssl_capath    |                                       |
| ssl_cert      | /etc/pki/mysql/server/cert.pem        |
| ssl_cipher    |                                       |
| ssl_key       | /etc/pki/mysql/server/key.pem         |
+---------------+---------------------------------------+
7 rows in set (0.00 sec)

MariaDB [(none)]> status;
--------------
mysql  Ver 15.1 Distrib 5.5.41-MariaDB, for Linux (x86_64) using readline 5.1

Connection id:		5
Current database:	
Current user:		wbaker@devbox.example.com
SSL: Cipher in use is DHE-RSA-AES256-GCM-SHA384
Current pager:		stdout
Using outfile:		''
Using delimiter:	;
Server:			MariaDB
Server version:		5.5.41-MariaDB MariaDB Server
Protocol version:	10
Connection:		mysql.example.com via TCP/IP
Server characterset:	latin1
Db     characterset:	latin1
Client characterset:	utf8
Conn.  characterset:	utf8
TCP port:		3306
Uptime:			8 min 50 sec

Threads: 1  Questions: 10  Slow queries: 0  Opens: 0  Flush tables: 2  Open tables: 26  Queries per second avg: 0.018
--------------

GRANT ALL PRIVILEGES ON test.* TO 'someuser'@'somehost'
  REQUIRE
      ISSUER '/C=US/ST=RedState/L=Thistown/O=MySQL Trust Authority 99/CN=The Man/emailAddress=ca@example.com'
  AND SUBJECT '/C=US/ST=BlueState/L=Thattown/O=ACME Widgets/CN=John Doe/emailAddress=john.doe@example.com';

Certificate Transparency

Certificate Transparency, a project of Google

Descriptive

  • RFC 6962Certificate Transparency; Ben Laurie, Adam Langly, Emilia Kasper (Google); IETF; 2013-06.
  • NIST Workshop; 2013-04.
    • Certificate Transparency (Presentation I); Adam Langley, Ben Laurie Emilia Kasper, Al Cutter, Stephen McHenry (Google); 17 slides
    • New Window of Opportunity (Presentation II); Ben Wilson (DigiCert); 11 slides
      Teaser: Certificate Transparency – A Certification Authority’s Perspective
  • Ben Laurie, Cory Doctorow; Computing: “Secure the Internet”; In Nature, Issue 491; 2012-11-15; paywalled.

Materials

Actualities

Certificate Transparency Project

Via: backfill

SOLVED: POST fails in SSL with ‘request body exceeds maximum size (131072) for SSL buffer’

tl;dr

  1. Turn KeepAlive to On
  2. Set SSLRenegBufferSize to a very large value

Condition

  • Large media uploads fail in WordPress
  • Where “large” is over 128K.

Configuration

Diagnostics

The apache log files indicate this problem with lines of the form

request body exceeds maximum size (131072) for SSL buffer, referer: https://example.com/wp-admin/media-new.php
could not buffer message body to allow SSL renegotiation to proceed, referer: https://example.com/wp-admin/media-new.php

Solution

  • Ensure that a GET occurs before the POST such that SSL renegotiation does not occur in the same SSL session.
  • Thus KeepAlive is required..
  • Ensure that the KeepAlive interval is respected between the GET and the POST.
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 30

Refereces

Background

Archaeological order … more original materials deeper down the stack…

SOLVED[fail]: Android WebView does not support Client Certificates at all

Problem Statement

Context

Outcome

Partial success…

  • Webware => just works
    • desktop officework browser
      i.e. Firefox 29+
    • mobile browser => “just works”
      i.e. Chrome 40, Blink 537.36, Android 4.4.4 (what is that, Jelly Bean, Key Lime Pie?, Lollipop?)
  • Appware => FAIL
    • Android does not work, cannot be made to work.
    • WordPress Android is unuseable in this mode.

Environment: Webby Officework Desktop

Outcome: just works

Cases

  • Firefox (Fedora) “just works”
  • Chrome (Android) “just works”

Configuration

  • User receives the certificate as a PKCS #12 (a .p12 file)
  • Install fhe certificate
    • … in the browser (Firefox, Linux)
    • … in the operating system (Android)

Environment: WordPress Android

Outcome: FAIL

  • Do not use Android WordPress on these blogs
  • Use the webby interface with Chrome.
  • WordPress Android uses an embedded WebView which does not implement client certificates at all.

Referenced

Others have tried … but Android does not yet support this concept

HOWTO: Secure A Website With Client SSL Certificates

HOWTO: Securing A Website With Client SSL Certificates; Staff; In Some Blog; 2006-09-06.

tl;dr

Require valid certificates from clients.by FakeBasicAuth so if the certificate is good, then authorization can be granted in the filtering step.

SSLVerifyClient require
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars

The authorization filtering step itself:

SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ and %{SSL_CLIENT_S_DN_O} eq "Example LLC" and %{SSL_CLIENT_S_DN_OU } in {"Department of Department Management", "Department of Oversight Management", "Department of Administration Adequacy"} )
  • The cipher must not be null or the lowgrade export-level
  • The Distinguished Name’s Organization must be exactly Example LLC
  • The Distinguished Name’s Organizational Unit must equal to one of
    • Department of Department Management
    • Department of Oversight Management
    • Department of Administration Adequacy

A list of the certificates to deny.

SSLCARevocationFile /etc/ssl/private/ca.crl

Mentioned

Environment Variables

  • SSL_CLIENT_S_DN_O
  • SSL_CLIENT_S_DN_OU
  • SSL_CLIENT_S_DN_CN
  • SSL_CLIENT_S_DN_Email

FakeBasicAuth

<quoe>When this option is enabled, the Subject Distinguished Name (DN) of the Client X509 Certificate is translated into a HTTP Basic Authorization username. This means that the standard Apache authentication methods can be used for access control. The user name is just the Subject of the Client’s X509 Certificate (can be determined by running OpenSSL’s openssl x509 command: openssl x509 -noout -subject -in certificate.crt). Note that no password is obtained from the user. Every entry in the user file needs this password: “xxj31ZMTZzkVA”, which is the DES-encrypted version of the word `password”. Those who live under MD5-based encryption (for instance under FreeBSD or BSD/OS, etc.) should use the following MD5 hash of the same word: “$1$OXLyS...$Owx8s2/m9/gfkcRVXzgoE/”.</quoe>

References

Via: backfill.

SSL, TLS & Perfect Forward Secrecy

Mentions

  • CRL
  • OSCP
  • Perfect Forward Secrecy (PFS)
  • Elliptic Curve Cryptography (ECC)

Protocols

  • HTTPS
  • SSL
  • TLS

Theory

Algorithms

  • AES128-SHA

Perfect Forward Secrecy (PFS)

  • DHE-RSA-AES128-SHA
  • ECDHE-RSA-AES128-SHA
  • DHE-RSA-AES128-SHA

Cipher Suites

  • ECDHE-RSA-AES128-SHA:AES128-SHA:RC4-SHA
    • Optional
  • ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:EDH-DSS-DES-CBC3-SHA
    • Required

Standards

  • RFC 6090 Fundamental Elliptic Curve Cryptography Algorithms; D. McGrew (Cisco), K. Igoe, M. Salter (NSA); 2011-02.
  • RFC 5246 The Transport Layer Security (TLS) Protocol, Version 1.2; T. Dierks (self), E. Rescoria (RTFM); 2008-08.
  • RFC 5077 Transport Layer Security (TLS) Session Resumption without Server-Side State; J. Salowey (Cisco), H. Zhou (Cisco), P. Eronen (Nokia), H. Tschofenig (Nokia Siemens); 2008-01.
  • RFC 4492 Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS); S. Blake-Wilson (SafeNet), N. Bolyard (Sun), V. Gupta (Sun), C. Hawk (Corriente), B. Moeller (Ruhr-Uni Bochum), 2006-05.
  • NIST P-256
  • NIST P-521
  • NIST P-224

Patents

Who

  • Bodo Möller, Emilia Käsper  (Google), Adam Langley (Google) => 64bit optimized versions of NIST P-224, P-256 and P-521 for OpenSSL
  • Emilia Käsper (Google)

Package Support

OpenSSL

Yet Fedora does not have ECC in OpenSSL

$ openssl ciphers ECDH
Error in cipher list
139915857282912:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314:
$ rpm -q openssl
openssl-1.0.1e-4.fc18.x86_64
$ cat /etc/fedora-release 
Fedora release 18 (Spherical Cow)

Mozilla Network Security Services (NSS)

  • Version?

Client Support

Support for NIST P-256, P-384 and P-521

  • “Recent” versions of Firefox and Chrome (circa 2011-11) “should”
  • “Most” versions, Internet Explorer do not support

Server Support

Apache httpd

  • httpd-2.3.3
  • ensure the order of cipher suites is respected.
    • SSLHonorCipherOrder on
  • Curve is what?
    • Specify with what?

nginx

  • nginx-1.0.6.
  • nginx-1.1.0.
  • ensure the order of cipher suites is respected.
    • ssl_prefer_server_ciphers on.
  • Curve is NIST P-256
    • Specify with ssl_ecdh_curve

stud

  • pull/61; Adding support for ECDHE in stud

Cited & Referenced

General

Implementation

Background

Indirect

Cited in Cryptographic Key Length Recommendation

Via & transitively via: backfill, backfill. backfill

On the Security of RC4 in TLS and WPA | AlFardan, Bernstein, Patterson, Poettering, Schuldt

Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt; On the Security of RC4 in TLS and WPA; At Their Shop; 2013-03-13, updated 2013-07-08.

Mentions

  • Single-byte bias attack on TLS.
  • To be presented at USENIX Security 2013, Washington DC, USA, 2013-08-14.
  • Claims <quote>
    • The most effective countermeasure against our attack is to stop using RC4 in TLS. [there are other countermeasures]
    • One of the attacks also applies to WPA/TKIP, the IEEE’s successor protocol to WEP. The most effective countermeasure against our attack against WPA/TKIP is to stop using WPA/TKIP and upgrade to WPA2.
      </quote>

Referenced

  • Nadhem J. AlFardhan, Daniel J. Bernstein, Kenneth G. Paterson, Bertram Poettering, Jacob C. N. Schuldt; On the Security of RC4 in TLS and WPA; In Proceedings of the USENIX Security Symposium 2013; 2013-07-08; 31 pages.
    Data & Evidence

  • CVE-2013-2566; National Vulnerability Database, National Institute of Standards & Technology, U.S.

    • Description: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
    • Overview: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Related

Via: backfill.

The GPG Key Signing Recipe

Precondition

$ALICE and $BOB know each other directly and can validate each others identities and keys directly.

Recipe

Here’s what one does recipe

See $BOB sign the $ALICE key:

  • gpg –list-keys
  • gpg –list-keys | grep -C 5 -e $ALICE_EMAIL
  • gpg –fingerprint $ALICE_ID
  • gpg -u $BOB_EMAIL –sign-key $ALICE_ID
  • gpg –armor –output $ALICE_ID-signed-by-$BOB_ID.asc –export $ALICE_ID
  • return $ALICE_ID-signed-by-$BOB_ID.asc

See $ALICE sign the $BOB key:

  • gpg –list-keys
  • gpg –list-keys | grep -C 5 -e $BOB_EMAIL
  • gpg –fingerprint $BOB_ID
  • gpg -u $ALICE_EMAIL –sign-key $BOB_ID
  • gpg –armor –output $BOB_ID-signed-by-$ALICE_ID.asc –export $BOB_ID
  • return $BOB_ID-signed-by-$ALICE_ID.asc

References

Dates for Phasing out MD5-based signatures and 1024-bit moduli | Mozilla

Mozilla; Dates for Phasing out MD5-based signatures and 1024-bit moduli; last updated 2012-09-12 (as seen 2013-01-21).
Mentions

  • 2013-12-31 – Mozilla will disable or remove all root certificates with RSA key sizes smaller than 2048 bits.
  • Mozilla’s Root Change Process
  • NIST SP 800-57 Recommendation for Key Management; Part 1 (2012-07), Part 2 (2005-08), Part 3(2009-12).
    • minimum key sizes recited inline
  • SP-800-131 DRAFT Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes SP-800-131A

Notes on the evolution of PKI, SSL, TLS, DV certs, EV certs & CAs

Certificate Authorities

Free or low-cost

Alternative

Industry Organizations & Discussion Forums

Auditors, Audits, Studies, Research

Architectures

Terms

Tools

Errors & Responses

Violations & Vulnerabilities

Disasters & After-Actions

CAcert

CAcert

Recent Activity

Products

Location

  • Legal: New South Wales, Australia
  • Serving:
    • (IPv6) Servers geolocate into Netherlands 2013-01-21
    • $ host cacert.org
      cacert.org has address 213.154.225.245
      cacert.org has IPv6 address 2001:7b8:3:9c::245
      cacert.org mail is handled by 10 email.cacert.org.

Who

  • Mark Lipscombe; seems to maintain the wiki
  • (Governing) Board, per the 2012-11-25 General Meeting
    • Dirk Astrath, DE
    • Michael Tänzer, DE
    • Werner Dworak, DE
    • Tomas Trnka, CZ
    • Kevin Dawson, AU
    • Sven Andriske, AU
    • Peter Yuill, AU

Legal

  • CAcert Inc. Incorporated
  • New South Wales (NSW), AU
  • Incorporated 2003-07-24
  • Full Name: CAcert Incorporated
  • Incorporation: INC9880170
  • DUNS: 75-605-6102.

Sponsors

Contact

Licenses

Policies

  1. CAcert Community Agreement (COD9)
  2. Certification Practice Statement (CPS => COD6).
  3. Dispute Resolution Policy (DRP => COD7).
  4. Privacy Policy (PP => COD5).
  5. Principles of the Community.

Status

Inclusion

Audit

Documentation

 Factoids & Artifacts

Aldo Cortesi mitmproxy Announcements through mitmproxy 0.8

Announcements

Mentions

Referenced

Happenings