Yesterday, we had a meeting at CAcert Berlin where I had a little talk about how to almost-perfectly configure your HTTPS server. Motivation for that was the very nice Qualys SSL Server test, which can remote-check your SSL configuration and tell you a bunch of things about it.

While playing with that, I created a test setup which passes with 100 points in the Qualys test. However, you will hardly be able to access that page, which is mainly due to it's exclusive support for TLS 1.2. All major browsers fail. Someone from the audience told me that the iPhone browser was successfully able to access the page. To safe the reputation of free software, someone else found out that the Midori browser is also capable of accessing it. I've described what I did there on the page itself and you may also read it here via http.

Here are my slides "SSL, X.509, HTTPS - How to configure your HTTPS server" as ODP, as PDF and on Slideshare.

And some links mentioned in the slides:
Check SSL and SSH weak keys due to broken random numbers
EFF SSL Observatory
Sovereign Keys proect

Some great talks on the mentioned topics by others:
Facthacks Talk 29c3
MD5 considered harmful today - Creating a rogue CA Certificate
Is the SSLiverse a safe place?

Update: As people seem to find these browser issue interesting: It's been pointed out that the iPad Browser also works. Opera with TLS 1.2 enabled seems to work for some people, but not for me (maybe Windows-only). luakit and epiphany also work, but they don't check certificates at all, so that kind of doesn't count.

I've written in the past about the EFF SSL Observatory. It's a great project that has scanned the whole IP space for SSL-certificates used in HTTPS. They provide a database with meta information and their project found a couple of issues where CAs have issued certificates with weak security settings and violation of their own policies. CAcert is a project which tries to be the "better SSL authority" - it issues certificates for free, based on a web-of-trust community. The CAcert root certificate is not part of any major web browser. The EFF has mainly analyzed the browser-accepted CAs - but they provide the data, so I could do it myself.

I did some checks on the all_certs table selecting the certificates from cacert. I found out that there were 143 valid certificates with 512 bit. That is completely insecure and breakable by a home computer today. I also found that the majority of certificates still has 1024 bit, which by today's standards should be considered harmful - there have been no public breaks yet, but it's expected that it's possible to build an RSA-1024 cracker for an attacker with enough money.

I did the following query on the database:
SELECT RSA_Modulus_Bits, count(*) FROM all_certs WHERE `Validity:Not After datetime` > '2010-03-08' AND ( `Issuer` like '%CAcert.org%' OR `Issuer` like '%cacert.org') GROUP BY `RSA_Modulus_Bits` ORDER BY count(*);

+------------------+----------+
| RSA_Modulus_Bits | count(*) |
+------------------+----------+
[...]
| 512              |      143 |
| 4096             |      632 |
| 2048             |     3716 |
| 1024             |     5790 |
+------------------+----------+

Now, what further checks can we do? I checked for the RSA exponent. I found two certificates in the database with exponent 3. RSA with low exponent is also considered insecure, although one has to state that this is not a serious issue. RSA with low exponents is not insecure by itself, but it can create vulnerabilities in combination with other issues (if you're interested in details, read my diploma thesis).

I have not checked the CAcert database for the Debian SSL vulnerability, as that would've been non-trivial. There were scripts shipped with the SSL Observatory data, but I found them not easy to use, so I skipped that part.

My suggestions to cacert were to revoke all certificates with serious issues (like the 512 bit certificates). Also, I suggested that new certificates with insecure settings like RSA below 2048 bits or a low exponent should not be allowed. CAcert did most of this. By now, all 512 bit certificates should be revoked and it is impossible to create new ones below 1024 bit or with low exponents. It is however still possible to create 1024 bit certificates, which is due to a limitation in the client certificate creation script for the Internet Explorer. They say they're working on this and plan to prevent 1024 bit certificates in the future. They also told me that they've checked for the Debian SSL bug.

I've reported the issue on the 11th March and got a reply on the same day - that's pretty okay, one slight thing still: There was no security contact with a PGP key listed on the webpage (but I got a PGP-encrypted contact once I asked for it). That's not good, I expect especially from a security project that I can contact them for security issues with encrypted mail. One can also argue if four months is a bit long to fix such an issue, but as it was far away from being trivial, this can be apologized.

I'd say that I'm quite satisfied with the reactions of CAcert. I always got fast replies to questions I had and the issues were resolved in a proper way. I have other points of criticism on the security of CAcert, the issue that bothers me most is that they still use SHA-1 and refuse to switch to a more secure hashing algorithm like SHA-512, although all major browsers have support for this since a long time.

I want to encourage others to do further tests on CAcert. I'd like to see CAcert being an authority that does better than the commercial ones. The database from the observatory is a treasure and should be used by projects like CAcert to improve their security.

I recently took the new CAcert assurer test. Afterwards, one has to send a S/MIME-signed mail to get a PDF-certificate.

Having the same problem like Bernd, the answer came in an RC2-encrypted S/MIME-mail. I'm using kmail, kmail uses gpgsm for S/MIME and that doesn't support RC2.

While this opens some obvious questions (Why is anyone in the world still using RC2? Why is anyone using S/MIME at all?), I was able to circumvent that without the hassle of installing thunderbird (which was Bernd's solution).

openssl supports RC2 and can handle S/MIME. And this did the trick:

openssl smime -decrypt -in [full mail] -inkey sslclientcert.key

It needed the full mail, which took me a while, because I first tried to only decrypt the attachment.

In wenigen Stunden geht's los zur webinale open in Ludwigsburg. Dort werden wir als Linux User Group Backnang präsent sein, ebenso wird schokokeks.org sich präsentieren.

Am LUG-Stand werden wir verschiedene Projekte, unter anderem OpenStreetMap und CAcert, vorstellen, sowie Kubuntu-CDs verteilen und Compiz zeigen.

Erste Bilder

On Saturday, I was on the come2linux event in Essen, organized by the local linux user group.

Slides from my talk (3D-Desktop with Linux) can be downloaded as ODP and as PDF. It's a bit longer than my previous slides to that topic, because it was a »real« talk, not just a lightning one.

I had the strong impression that things are moving forward with linux on the desktop. One impression I had on my trip when I went into the magazine store in Düsseldorf mainstation, where the first thing I saw was a bunch of linux magazines. The GameStar (quite popular german computer game magazine) has a topic »Linux für Spieler« (which means Linux for Gamers).
The gaming-issue could be interesting, on the come2linux there was a quite big booth about linux gaming. Wine (the free/original one) is improving much in this area (although most people still refer to cedega when talking about games on linux).

Another thing I often notice is a growing interest in CAcert. The guys at the CAcert-booth were quite happy that I stayed there a while as I am able to give out 35 points (just like Pylon on Sunday). I had a CAcert sign and some cravat guys asked me to assure them when I walked around.

Heute (naja, gestern) wieder Webmontag in Karlsruhe im Kubik. Es gab drei Vorträge, einer davon von mir (ich hab das Gefühl, dass meine Vortragsroutine langsam besser wird), Slides wie immer als OpenDocument und als PDF. Die Leute waren heute sehr diskutierfreudig, weswegen es deutlich länger als geplant ging. Zwar musste natürlich irgendwann der Einwand »Businessmodel« kommen (ich glaub da schreib ich mal was längeres zu), aber insgesamt war's ganz in Ordnung.

Anschließend MNT über Simple Sharing Extensions, scheint ne interessante Sache zu sein, die evtl. einige der Probleme lösen könnte, über die ich mir auch schon Gedanken gemacht hab (wie verknüpf ich indizierte RSS-Elemente wieder mit ihrem Ursprung). Achja: Es ist zwar von Microsoft, aber die Dokumente als CC veröffentlicht.
Problem scheint im Moment zu sein, dass es keine Software dafür gibt.

Dritter und letzter Oliver Gassner, der sich am Begriff (oder, wie er meinte, nicht-Begriff) Web 2.0 störte, weil dieser völlig undefinierbar und unbrauchbar sei. Ich würde jetzt mal wagen, dem vorsichtig zu widersprechen, dass man schon grob einkreisen kann, worum es sich bei Web 2.0 dreht: Im weitesten Sinne offene Kommunikation mit Interaktionsmöglichkeiten, die die Möglichkeit zum reinen Lesen/Konsumieren bietet, aber dem Nutzer auf Wunsch irgendeine Art von Interaktion ermöglicht. Zwar hat Oliver einige Dinge mehr noch erwähnt, die angeblich Web 2.0 seien (Pay per click, kontextsensitive Werbung) und damit nix zu tun haben, ich fand aber unklar, wieso er die jetzt zu Web 2.0 mitzählen will. Alles, was ich allgemein drunter verstehen würde, hat schon dieses Interaktionsmerkmal zu eigen.

Im Anschluss beim Socialing hatten wir noch ne kleine Runde über CAcert (nächstes Mal gibt's glaub von mir dazu n ausführlichen Vortrag, scheint ja doch großes Interesse zu wecken) und eine etwas hitzigere Diskussion über Linux auf dem Desktop. Dabei hab ich gemerkt, dass ich mir in jüngerer Zeit angewöhnt hab, auch die Linux 9.0-Fraktion freundlich zu behandeln.

Seit gestern hat auch Karlsruhe einen Webmontag, welcher im Restaurant Stadtmitte stattfand, welches von unserer Anwesenheit aufgrund wohl mangelhafter Absprachen unter den Mitarbeitern etwas überrascht war.

Lediglich vier Kurzvorträge wurden aufgeboten, davon einer von mir selbst mit einigen Gedanken zu SSL und Webanwendungen (Slides hier). Das könnte hoffentlich nächstes Mal etwas mehr werden.
Mein eigener Vortrag löste vor allem Rückfragen bzgl. CAcert aus, es würde sich als anbieten, den nächsten Webmontag mit CAcert-Punkteverteilung zu verbinden.

Angesichts des doch recht großen Interesses und der offensichtlich ziemlich hohen Blogger-Dichte in Karlsruhe würde ich mal anregen, einen Planet Karlsruhe einzurichten. Die von Lars betriebene Plattform planetplanet.de würde sich hierzu anbieten, ich werde das mal in die Wege leiten.
Um der Formalia zwecks Urheberrechten gerecht zu werden, bitte ich alle Karlsruher Blogger, die damit einverstanden sind, auf einem Planet indiziert zu werden, mich samt URL + Feed-URL zu kontakten.

Update: Nächster Webmontag bereits in Planung für den 3. Juli.

I usually don't like to do too much blogging about my blog, but I recently installed two new features I find worth mentioning.

One is that I have installed the serendipity calendar plugin, which you can see on the right (if you aren't reading rss). It'll contain events I find interesting/worth mentioning and will probably visit and maybe write reports about. It's a bit limited, it doesn't support more detailed time information (events longer than a day, time etc.), it shows the days till the event, but not for the first one, which I don't understand yet why. Maybe I'll hack a bit on it.

The other thing is that this blog is now available on IPv6 and there also with a correct, CAcert-signed ssl-certificate. So you can now read my blog secure ;-)
CAcert is a noncommercial certification authority based on a web-of-trust mechanism and I suggest you install their root-cert in your browser.