1. 5

  2. 4

    I must be too jaded hearing how Google is concerned about privacy. It’s obviously true that OCSP breach can expose browsing history. But so can Google breach given that Chrome sends virtually everything to the mothership.

    I’d rather the article didn’t highlight the privacy aspect that much.

    An easy fix to OCSP privacy concerns would be to proxy those requests through a central proxy. OCSP breach would see that Google requested cert checks a bunch of times and no personal data would be exposed.

    One thing I don’t see discussed is how A in CA is getting eroded. CAs are invited to participate in submission of revoked certificates to CRLSets. CRLSets are basically embedded databases of revoked certificates. To update this db user needs to update Chrome and restart their browser. At the same time:

    The Chromium source code that implements CRLSets is, of course, public. But the process by which they are generated is not.

    Which means that the ultimate authority to revoke a certificate is now at Google. They decide whether to include a revoked certificate. Or even, whether to include a live certificate.

    1. 3

      You /can/ pay an additional carrier in the form of a VPN but the vast majority are sketchy and very few have an actual multi party setup that provides the privacy that they all claim - but also OCSP is pretty useless as it closes open so if someone is in a position that results in you seeing a revoked cert they can also trivially defeat OCSP (basically CAs are terrible and cannot provide sufficient uptime for their OCSP responders to not break a depressing amount of the internet if you require a valid response). Then there’s the additional significant pageload impact if you require an OCSP response for your TLS connections, and finally there’s the significant privacy violation (which is less relevant if you’ve hopped on board the chrome “I want Google to know everything about me” wagon).

      As far as EV certs specifically go: They were an invention by CAs because they were able to see the development of LetsEncrypt and realized that would meant they lost their SSL cert printing press, especially as LetsEncrypt has actual secure DV work rather than the commercial CAs that repeatedly miss issued certs. EV certs were marketed with a not insignificant part of the “security” being that they would cost 10k so it wasn’t possible for criminal orgs to get one. However once they managed to force browsers to include the stupid green bar/box UI they realised that they could make more money by charging less but selling more EV certs, which negated that argument. They then were also repeatedly found to misissue EV certs as well, despite the “extended” validation. The biggest improvement in recent years came from the non-CA parts of the PKI community: the introduction of certificate transparency. This is more effective at catching misissued certificates, and also allows the browser vendors to identify CAs that are not trustworthy, and now provide objective data justifying removal of trust.

      But even if you assume the CA companies that offered EV were actually competent, the entire concept of the EV UI is flawed. The first problem is that EV green is not always present, even if a company forked over the money for the green text it’s trivially easy for them to include non-EV content that should result in the green text disappearing, but even if that doesn’t, plenty of these companies shard at the dns level and don’t buy separate certs for each so you quickly got redirected a non-green bar again. This all leads to the next issue: because the appearance of the green bar was - from the PoV of a user - essentially random and so the absence of the green bar conveys no information. The final problem means that users can actually end up not trusting the EV green text: The name in the EV text is the legal identity, not the marketing identity, and for many companies those are not the same.

      EV certs were never a benefit to the user, their primary reason to exist was CAs trying to maintain their their low cost + high revenue business model.

      The alternatives to OCSP are better than actual OCSP in every way: they are better for pageload, they don’t depend on CA infrastructure liveness, and they don’t broadcast what sites your looking at to a group of companies with a track record of scummy behavior.

      1. 2

        An easy fix to OCSP privacy concerns would be to proxy those requests through a central proxy. OCSP breach would see that Google requested cert checks a bunch of times and no personal data would be exposed.

        Then you are giving all of that data to the proxy operator,

        1. 2

          Google already has all your data. It wouldn’t get anything new by implementing this proxy.

          1. 1

            No it doesn’t. Just because you have chosen to provide an advertising company with access to everything you do doesn’t mean everyone else has.

            1. 1

              That’s not necessarily true. If you don’t have Chrome configured to sync history (or have Chrome configured to sync history encrypted) Google won’t get your full browsing history (though they’ll get a large fraction of it via Adwords and Google Analytics).