Opened 3 months ago

Last modified 3 months ago

#29628 new defect

Distrust DarkMatter Intermediate CAs

Reported by: nsuchy Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Mozilla Firefox's root trust store trusts an intermediate ca for a spying firm called DarkMatter. They trust they intermediate ca as it was signed by Quovadis.

This already puts Tor users at risk as they can spy today, however once they are a root ca there will be no oversight by Quovadis/Digicert and they can misbehave and issue secret certificates to spy on Tor users.

They have a business interest in spying on HTTPS traffic. Google Chrome and Mozilla Firefox are still discussing this. It's in the best interest of Tor Users to immediately distrust the intermediate CA.

Thoughts?

References:
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-darkmatter-request-to-be-trusted-root-ca-raises-concerns/
https://protonmail.com/blog/dark-matter-quo-vadis/

Child Tickets

Change History (3)

comment:1 Changed 3 months ago by nsuchy

Also of note, Firefox does not enforce certificate transparency logs so DarkMatter could simply not log rouge issued certificates, or if they enforce only on new domains, they could backdate the certificates.

comment:2 Changed 3 months ago by sysrqb

Priority: ImmediateMedium
Severity: CriticalMajor

You may find the entire thread discussing this topic enlightening. I am personally in support of Mozilla denying the root inclusion request and revoking their intermediate CA certificate. However, as it was said numerous times in the discussion thread, the only reason we know DarkMatter have these CA certificates is because they applied for root inclusion - in a public forum. It is very easy for a malicious organization to obtain an intermediate CA certificate without that certificate being attributable to them. As far as anyone knows (publicly), DarkMatter haven't used their current Intermediate CA with malicious intent, yet(!). If DarkMatter use their CA for malicious purpose in the future and that malicious activity is detected, then their intermediate CA certificate should be revoked by DigiCert (and therefore they lose their trusted position globally). The current question is whether Mozilla should pre-emptively revoke DarkMatter's Intermediate certificate and reject their current root.

The Tor Project isn't in a position where we can successfully audit all anchor and intermediate CAs included in Mozilla's root store. And, even if we could, we likely wouldn't be able to maintain that long-term. We can distrust DarkMatter's current intermediate, but given the previous statement about how Intermediate CAs certificates can be obtained relatively easily under alternative-names, I don't know if this is a winning solution. In reality, distrusting one intermediate CA is likely pointless, other than making a political statement.

I'll leave this open, in case anyone else on the team has more input here.

https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/YiybcXciBQAJ

comment:3 in reply to:  2 Changed 3 months ago by nsuchy

Replying to sysrqb:

You may find the entire thread discussing this topic enlightening. I am personally in support of Mozilla denying the root inclusion request and revoking their intermediate CA certificate. However, as it was said numerous times in the discussion thread, the only reason we know DarkMatter have these CA certificates is because they applied for root inclusion - in a public forum. It is very easy for a malicious organization to obtain an intermediate CA certificate without that certificate being attributable to them. As far as anyone knows (publicly), DarkMatter haven't used their current Intermediate CA with malicious intent, yet(!). If DarkMatter use their CA for malicious purpose in the future and that malicious activity is detected, then their intermediate CA certificate should be revoked by DigiCert (and therefore they lose their trusted position globally). The current question is whether Mozilla should pre-emptively revoke DarkMatter's Intermediate certificate and reject their current root.

The Tor Project isn't in a position where we can successfully audit all anchor and intermediate CAs included in Mozilla's root store. And, even if we could, we likely wouldn't be able to maintain that long-term. We can distrust DarkMatter's current intermediate, but given the previous statement about how Intermediate CAs certificates can be obtained relatively easily under alternative-names, I don't know if this is a winning solution. In reality, distrusting one intermediate CA is likely pointless, other than making a political statement.

I'll leave this open, in case anyone else on the team has more input here.

https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/YiybcXciBQAJ

I agree that it's impossible for a small organization to monitor all intermediate cas, instead wait for someone to make a report in trac, review it's legitimacy, and distrust where appropriate. Even root cas like LetsEncrypt could in theory issue abusive certificates. In this case, evidence points towards the CA being likely to misbehave and it'd be a reasonable precaution given the evidence for the Tor Project to take action.

Also the Google Groups thread was interesting, thank you for sharing.

Note: See TracTickets for help on using tickets.