Friday, August 12. 2011
OpenLeaks doing strange things with SSL
OpenLeaks is a planned platform like WikiLeaks, founded by ex-Wikileaks member Daniel Domscheit-Berg. It's been announced a while back and a beta is currently presented in cooperation with the newspaper taz during the Chaos Communication Camp (where I am right now).I had a short look and found some things noteworthy:
The page is SSL-only, any connection attempt with http will be forwarded to https. When I opened the page in firefox, I got a message that the certificate is not valid. That's obviously bad, although most people probably won't see this message.
What is wrong here is that an intermediate certificate is missing - we have a so-called transvalid certificate (the term "transvalid" has been used for it by the EFF SSL Observatory project). Firefox includes the root certificate from Go Daddy, but the certificate is signed by another certificate which itself is signed by the root certificate. To make this work, one has to ship the so-called intermediate certificate when opening an SSL connection.
The reason why most people won't see this warning and why it probably went unnoticed is that browsers remember intermediate certificates. If someone ever was on a webpage which uses the Go Daddy intermediate certificate, he won't see this warning. I saw it because I usually don't use Firefox and it had a rather fresh configuration.
There was another thing that bothered me: On top of the page, there's a line "Before submitting anything verify that the fingerprints of the SSL certificate match!" followed by a SHA-1 certificate fingerprint. Beside the fact that it's english on a german page, this is a rather ridiculous suggestion. Checking a fingerprint of an SSL connection against one you got through exactly that SSL connection is bogus. Checking a certificate fingerprint doesn't make any sense if you got it through a connection that was secured with that certificate. If checking a fingerprint should make sense, it has to come through a different channel. Beside that, nowhere is explained how a user should do that and what a fingerprint is at all. I doubt that this is of any help for the targetted audience by a whistleblower platform - it will probably only confuse people.
Both issues give me the impression that the people who designed OpenLeaks don't really know how SSL works - and that's not a good sign.
Comments
Display comments as
(Linear | Threaded)
I'm not saying that i trust openleaks technicians, but trusting SSL for something like this today is the worst mistake you can ever make. SSL is broken, for too many years, stop talking like is a good thing because it only adds a security sense that is not there.
no, ssl is not that broken, it works pretty well on most browser.
but the ssl certificate chain management is broken in a "human" way : too many authorities can sign too many domain names with too few controls (see the conference "is ssliverse a safe place" from EFF at the CCC Conference)
but yes, the point of this article stays : openleaks don't know ssl well, which make me fear for the security of submitted material ...
but the ssl certificate chain management is broken in a "human" way : too many authorities can sign too many domain names with too few controls (see the conference "is ssliverse a safe place" from EFF at the CCC Conference)
but yes, the point of this article stays : openleaks don't know ssl well, which make me fear for the security of submitted material ...
Ich glaube Du hast das Problem nicht ganz verstanden:
Sie hatten ein "teures" Cert. Sie haben es nur nicht korrekt installiert.
Sie hatten ein "teures" Cert. Sie haben es nur nicht korrekt installiert.
I don't agree that the message "Before submitting anything verify that the fingerprints of the SSL certificate match!" is completely useless. Seein a matching fingerprint certainly doesn't mean that the line is secure as it might be changed. But seeing a non-matching fingerprint warns me that the connection is rigged. This actually happend to me!
https://twitter.com/#!/lostgen/status/101956044925845504
https://twitter.com/#!/lostgen/status/101956044925845504
Lostgen, if your connection were compromised, a smart attacker would have changed the fingerprint as well. This implies you will never see a non-matching fingerprint when your connection is compromised by a man-in-the-middle attack.
I'd suggest to armor-sign the fingerprint with PGP (this will even be ok over the very same ssl-connection) - as long as you have verified the key before at least once.
Also, you might want to try perspectives (http://www.heise.de/security/artikel/Perspectives-und-Co-271022.html). It will cross-check the certificate you see with recently-seen certificates by you and others.
I'd suggest to armor-sign the fingerprint with PGP (this will even be ok over the very same ssl-connection) - as long as you have verified the key before at least once.
Also, you might want to try perspectives (http://www.heise.de/security/artikel/Perspectives-und-Co-271022.html). It will cross-check the certificate you see with recently-seen certificates by you and others.
Tracked: Aug 16, 13:54
Tracked: Aug 17, 14:40