From fjmd1a at gmail.com Wed May 6 17:41:20 2015 From: fjmd1a at gmail.com (Francis Davey) Date: Wed, 6 May 2015 17:41:20 +0100 Subject: Cahoot Message-ID: My apologies if this is a stupid question, but someone might be able to give me some perspective. If I navigate to https://www.cahoot.com, Chrome seems less than happy. It complains about the cryptographic technology being obsolete and also that the site does not possess a public key certificate (if I am interpreting correctly). The icon it displays suggests a fairly qualified acceptance of the site. If I then click on the log in button I am sent to securebank.cahoot.com for which Chrome has other (but slightly different) complaints. Also: in the process a window very briefly appears and then vanishes again (which is always unsettling). Is it safe for me to go forward and enter my security details to access my account, or should I contact the bank and ask them to fix it (or rather to wait in their customer service queue to be told "no" after much incomprehension I suspect). Thoughts? I am keen not to have my bank account hacked. -- Francis Davey -------------- next part -------------- An HTML attachment was scrubbed... URL: From amidgley at gmail.com Wed May 6 20:36:38 2015 From: amidgley at gmail.com (Adrian Midgley) Date: Wed, 06 May 2015 19:36:38 +0000 Subject: Cahoot In-Reply-To: References: Message-ID: TLS 1.0 is a bit obsolete and breakable I think. It isn't any riskier than last month, but is more risky than the year before last, is how I read it. The pictures don't really need encrypting, I think, but the bank should upgrade its secure layer. On Wed, 6 May 2015 at 17:42 Francis Davey wrote: > My apologies if this is a stupid question, but someone might be able to > give me some perspective. > > If I navigate to https://www.cahoot.com, Chrome seems less than happy. It > complains about the cryptographic technology being obsolete and also that > the site does not possess a public key certificate (if I am interpreting > correctly). The icon it displays suggests a fairly qualified acceptance of > the site. > > If I then click on the log in button I am sent to securebank.cahoot.com > for which Chrome has other (but slightly different) complaints. Also: in > the process a window very briefly appears and then vanishes again (which is > always unsettling). > > Is it safe for me to go forward and enter my security details to access my > account, or should I contact the bank and ask them to fix it (or rather to > wait in their customer service queue to be told "no" after much > incomprehension I suspect). > > Thoughts? I am keen not to have my bank account hacked. > > > -- > Francis Davey > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mozolevsky at gmail.com Wed May 6 17:59:08 2015 From: mozolevsky at gmail.com (Igor Mozolevsky) Date: Wed, 6 May 2015 17:59:08 +0100 Subject: Cahoot In-Reply-To: References: Message-ID: Francis, On 6 May 2015 at 17:41, Francis Davey wrote: If I navigate to https://www.cahoot.com, Chrome seems less than happy. It > complains about the cryptographic technology being obsolete and also that > the site does not possess a public key certificate (if I am interpreting > correctly). The icon it displays suggests a fairly qualified acceptance of > the site. > www.cahoot.com:443 sends: depth=2 /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=ES/ST=Santander/L=Santander/O=GRUPO SANTANDER/OU=DIVISION UK/CN= www.cahoot.com i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C 1 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) 2 s:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) --- Server certificate -----BEGIN CERTIFICATE----- MIIFIzCCBAugAwIBAgIETCOu1jANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xNDA3MjIwOTA0MjBaFw0xNTA3MjMw MDE3MjlaMH4xCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlTYW50YW5kZXIxEjAQBgNV BAcTCVNhbnRhbmRlcjEYMBYGA1UEChMPR1JVUE8gU0FOVEFOREVSMRQwEgYDVQQL EwtESVZJU0lPTiBVSzEXMBUGA1UEAxMOd3d3LmNhaG9vdC5jb20wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZNBe1nrJBJ5Zy3WIo/WXVbwLkCABx1C09 YKQ/wmCEOKE0p/qKzQK15PehNxosS6Y6i7K5fY579g9s7FIRSoeQGlySXhyJ/9k6 UC/jI+7YgX+zMrscLugIBzcM/vledApo8ngudI+wBlQ1DZjwJAMdB4SPfRLu1YoJ YohSZCmVIud6IjDEweaV+t/52AVFb6PItR9owezG7EH7fC0lq7jpb7OFaA8Uixn+ B9eLPscT76xeofy676yWKQswl7o0dDX7cWsJBOvy66+eL7PieOmCSazfYKVXtu24 xGMV+99NMI8dWwt7VzS2pYJT4ZF8Y3GwJAKghX0pRKp+OJRwwLXNAgMBAAGjggFz MIIBbzALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMwYDVR0fBCww KjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFjLmNybDBkBggr BgEFBQcBAQRYMFYwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0 MC8GCCsGAQUFBzAChiNodHRwOi8vYWlhLmVudHJ1c3QubmV0LzIwNDgtbDFjLmNl cjBKBgNVHSAEQzBBMDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIBFhpodHRwOi8v d3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwGQYDVR0RBBIwEIIOd3d3LmNh aG9vdC5jb20wHwYDVR0jBBgwFoAUHvGriQb4SQ8BM3fuFHruGXyTKE0wHQYDVR0O BBYEFEQWznuvLSeX1IdjqdcS8ixaICgAMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEF BQADggEBAAaIGyyusMrUHrB6/muf0ToAj9ZbVJi5w/TnkwNg2eGH5CYZQxyb2Xwc kcwG+fQ1HmOGrMWxVzDCLypdsIoUbr+RPv/4odGuANtx9hTX0F71jA/KswAOC8VD rYSb2gf1TkUCKWK5SpmKhaFfqxsbHuxiTT9fr1xZiS5EQsGsU0QJTJRldwHOfQZg /zHNkNy1d3v3c6ntwpju4IOYtXuLmBWo2FeIzoVUHG69/gInHOg2k+X0ZZ6AarS+ zlg1Dp0d/LWCRjfh65FaH2saRB1y8Y4uO2Twe2+GLqr0170UTmDXhlH80U1tI6HJ 4RBrwsHdTXoWxEhTy7xZC1Yl1sXD9i0= -----END CERTIFICATE----- subject=/C=ES/ST=Santander/L=Santander/O=GRUPO SANTANDER/OU=DIVISION UK/CN= www.cahoot.com issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C --- No client certificate CA names sent --- SSL handshake has read 3814 bytes and written 440 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 6F25ED1BBB26096C29E4E76A281B5799033ADF5B75B4B6540D27979740C8D434 Session-ID-ctx: Master-Key: EEFB43D5A0340356DAA0EBA78E8BE2730D047FF9AA64ECDF8717363DA8646207AE0F5B7674CD0F70BBAA0807A0B13A52 Key-Arg : None Start Time: 1430930711 Timeout : 300 (sec) Verify return code: 0 (ok) --- I suspect the complaint is about the use of RC4-MD5; in contrast, NatWest use AES128-SHA (just checked). FYI, Cisco downgraded RC4 to "avoid" some time toward the end of 2013 [1]. 1. http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html -- Igor M. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben at links.org Wed May 6 21:50:03 2015 From: ben at links.org (Ben Laurie) Date: Wed, 6 May 2015 21:50:03 +0100 Subject: Cahoot In-Reply-To: References: Message-ID: On 6 May 2015 at 17:41, Francis Davey wrote: > My apologies if this is a stupid question, but someone might be able to give > me some perspective. > > If I navigate to https://www.cahoot.com, Chrome seems less than happy. It > complains about the cryptographic technology being obsolete and also that > the site does not possess a public key certificate (if I am interpreting > correctly). The icon it displays suggests a fairly qualified acceptance of > the site. > > If I then click on the log in button I am sent to securebank.cahoot.com for > which Chrome has other (but slightly different) complaints. Also: in the > process a window very briefly appears and then vanishes again (which is > always unsettling). > > Is it safe for me to go forward and enter my security details to access my > account, or should I contact the bank and ask them to fix it (or rather to > wait in their customer service queue to be told "no" after much > incomprehension I suspect). > > Thoughts? I am keen not to have my bank account hacked. Clearly the question is not stupid: why present information that is not useful to you. The most obvious problem with that site is they're using MD5, which everyone agrees is past its sell-by. But obviously end users are completely oblivious to. There may be other problems, the warning is less than clear. And I know what I'm talking about, mostly! From jon+ukcrypto at unequivocal.co.uk Wed May 6 19:42:37 2015 From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens) Date: Wed, 6 May 2015 19:42:37 +0100 Subject: Cahoot In-Reply-To: References: Message-ID: <20150506184237.GA5474@unequivocal.co.uk> On Wed, May 06, 2015 at 05:41:20PM +0100, Francis Davey wrote: > My apologies if this is a stupid question, but someone might be able to > give me some perspective. > If I navigate to https://www.cahoot.com, Chrome seems less than happy. > It complains about the cryptographic technology being obsolete and also > that the site does not possess a public key certificate (if I am > interpreting correctly). It does have a public key certificate (otherwise there would be no padlock icon at all), they are saying it doesn't use the extended validation that some sites use to provide a verified organisation name as well as just a verified site address. > The icon it displays suggests a fairly qualified acceptance of the site. > If I then click on the log in button I am sent to securebank.cahoot.com > for which Chrome has other (but slightly different) complaints. Also: in > the process a window very briefly appears and then vanishes again (which > is always unsettling). > Is it safe for me to go forward and enter my security details to access my > account, or should I contact the bank and ask them to fix it (or rather to > wait in their customer service queue to be told "no" after much > incomprehension I suspect). > Thoughts? I am keen not to have my bank account hacked. The Chrome alert is because the certificate is using an SHA1 hash, and as of fairly recently, Chrome has started to complain mildly about this because it is considered weak but it is not completely broken. However, there appear to be various other things about the SSL configuration for securebank.cahoot.com that give cause for concern. It may be completely insecure if your connection can be intercepted: https://www.ssllabs.com/ssltest/analyze.html?d=securebank.cahoot.com I would recommend not accessing the bank except via a trusted network connection, i.e. your home broadband or suchlike, not public wifi hotspots. You may wish to also contact them and see what they say (they won't say anything of course except "we use the latest encryption technologies to keep you safe"). From ukcrypto at absent-minded.com Wed May 6 22:02:16 2015 From: ukcrypto at absent-minded.com (Mark Lomas) Date: Wed, 6 May 2015 22:02:16 +0100 Subject: Cahoot In-Reply-To: References: Message-ID: Francis, The site appears to be vulnerable to several possible attacks. You may be interested in what Qualys thinks of that site. https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fwww.cahoot.com I wouldn't use that site at present. I suspect that part of the problem is that if they fixed the major problem they would break compatibility with older browsers. Mark On 6 May 2015 at 17:41, Francis Davey wrote: > My apologies if this is a stupid question, but someone might be able to > give me some perspective. > > If I navigate to https://www.cahoot.com, Chrome seems less than happy. It > complains about the cryptographic technology being obsolete and also that > the site does not possess a public key certificate (if I am interpreting > correctly). The icon it displays suggests a fairly qualified acceptance of > the site. > > If I then click on the log in button I am sent to securebank.cahoot.com > for which Chrome has other (but slightly different) complaints. Also: in > the process a window very briefly appears and then vanishes again (which is > always unsettling). > > Is it safe for me to go forward and enter my security details to access my > account, or should I contact the bank and ask them to fix it (or rather to > wait in their customer service queue to be told "no" after much > incomprehension I suspect). > > Thoughts? I am keen not to have my bank account hacked. > > -- > Francis Davey > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From brian at thejohnsons.co.uk Wed May 6 23:02:38 2015 From: brian at thejohnsons.co.uk (Brian L Johnson) Date: Wed, 06 May 2015 23:02:38 +0100 Subject: Cahoot In-Reply-To: References: Message-ID: On Wed, 06 May 2015 17:41:20 +0100, Francis Davey wrote: > Thoughts? I am keen not to have my bank account hacked. Apart from using weak crypto, the main issue appears to be that some elements of the page are insecure. In Chrome's words: "Your connection to the site is encrypted, but Google Chrome has detected mixed content on the page. Be careful if you're entering information on this page. Mixed content can provide a loophole for someone to manipulate the page. This content could be third- party images or ads embedded on the page." So, if someone inserts an ad which is designed to look like the box where you enter your username and password... -- brianlj From mel at herald.co.uk Wed May 6 23:48:06 2015 From: mel at herald.co.uk (Melanie Dymond Harper) Date: Wed, 6 May 2015 23:48:06 +0100 Subject: Cahoot's cert In-Reply-To: References: Message-ID: <20150506224806.GC31136@localhost.localdomain> > From: Jon Ribbens > The Chrome alert is because the certificate is using an SHA1 hash, > and as of fairly recently, Chrome has started to complain mildly about > this because it is considered weak but it is not completely broken. For once Chrome isn't complaining about this aspect, because while it is an SHA-1 cert, it expires in 2015 and thus isn't covered by Chrome's complaints about such certs -- they are distrusting SHA-1 certs (or certs involving a SHA-1 intermediate in their chain) which expire on or after 1/1/2016. This time it's complaining about something algorithm/cipher related, and I really wish they would be more explicit about exactly the problem was in each case; I have spent a significant amount of support time dealing with this sort of question lately... Cheers Mel From fjmd1a at gmail.com Thu May 7 09:29:30 2015 From: fjmd1a at gmail.com (Francis Davey) Date: Thu, 7 May 2015 09:29:30 +0100 Subject: Cahoot In-Reply-To: References: Message-ID: 2015-05-06 23:02 GMT+01:00 Brian L Johnson : > > > Apart from using weak crypto, the main issue appears to be that some > elements of the page are insecure. > > In Chrome's words: > > "Your connection to the site is encrypted, but Google Chrome has detected > mixed content on the page. Be careful if you're entering information on > this page. Mixed content can provide a loophole for someone to manipulate > the page. This content could be third- party images or ads embedded on the > page." > > So, if someone inserts an ad which is designed to look like the box where > you enter your username and password... Thanks for all the responses (including this one). They all make perfect sense. I'll try and send something to my bank about it but my guess is that I'll have the expected canned response. In the longer run, maybe I should switch banks. -- Francis Davey -------------- next part -------------- An HTML attachment was scrubbed... URL: From jon+ukcrypto at unequivocal.co.uk Thu May 7 11:37:22 2015 From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens) Date: Thu, 7 May 2015 11:37:22 +0100 Subject: Cahoot's cert In-Reply-To: <20150506224806.GC31136@localhost.localdomain> References: <20150506224806.GC31136@localhost.localdomain> Message-ID: <20150507103722.GA2027@unequivocal.co.uk> On Wed, May 06, 2015 at 11:48:06PM +0100, Melanie Dymond Harper wrote: > > From: Jon Ribbens > > The Chrome alert is because the certificate is using an SHA1 hash, > > and as of fairly recently, Chrome has started to complain mildly about > > this because it is considered weak but it is not completely broken. > > For once Chrome isn't complaining about this aspect, because while it is > an SHA-1 cert, it expires in 2015 and thus isn't covered by Chrome's > complaints about such certs -- they are distrusting SHA-1 certs (or > certs involving a SHA-1 intermediate in their chain) which expire on or > after 1/1/2016. This time it's complaining about something > algorithm/cipher related, and I really wish they would be more explicit > about exactly the problem was in each case; I have spent a significant > amount of support time dealing with this sort of question lately... For securebank.cahoot.com, the certificate expires 14th May 2016 so SHA1 *is* what Chrome is complaining about. For www.cahoot.com, the cryptography is particularly rubbish given that it's using MD5 and RC4, but as you say the expiry is in 2015 and what Chrome is actually complaining about is that the page mixes content from http and https sources. From amidgley at gmail.com Thu May 7 13:10:43 2015 From: amidgley at gmail.com (Adrian Midgley) Date: Thu, 07 May 2015 12:10:43 +0000 Subject: Cahoot's cert In-Reply-To: <20150507103722.GA2027@unequivocal.co.uk> References: <20150506224806.GC31136@localhost.localdomain> <20150507103722.GA2027@unequivocal.co.uk> Message-ID: TLS 1 On Thu, 7 May 2015 11:37 Jon Ribbens wrote: > On Wed, May 06, 2015 at 11:48:06PM +0100, Melanie Dymond Harper wrote: > > > From: Jon Ribbens > > > The Chrome alert is because the certificate is using an SHA1 hash, > > > and as of fairly recently, Chrome has started to complain mildly about > > > this because it is considered weak but it is not completely broken. > > > > For once Chrome isn't complaining about this aspect, because while it is > > an SHA-1 cert, it expires in 2015 and thus isn't covered by Chrome's > > complaints about such certs -- they are distrusting SHA-1 certs (or > > certs involving a SHA-1 intermediate in their chain) which expire on or > > after 1/1/2016. This time it's complaining about something > > algorithm/cipher related, and I really wish they would be more explicit > > about exactly the problem was in each case; I have spent a significant > > amount of support time dealing with this sort of question lately... > > For securebank.cahoot.com, the certificate expires 14th May 2016 so > SHA1 *is* what Chrome is complaining about. For www.cahoot.com, the > cryptography is particularly rubbish given that it's using MD5 and > RC4, but as you say the expiry is in 2015 and what Chrome is actually > complaining about is that the page mixes content from http and https > sources. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jon+ukcrypto at unequivocal.co.uk Thu May 7 13:38:01 2015 From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens) Date: Thu, 7 May 2015 13:38:01 +0100 Subject: Cahoot's cert In-Reply-To: References: <20150506224806.GC31136@localhost.localdomain> <20150507103722.GA2027@unequivocal.co.uk> Message-ID: <20150507123801.GB2027@unequivocal.co.uk> On Thu, May 07, 2015 at 12:10:43PM +0000, Adrian Midgley wrote: > TLS 1 An appropriately cryptic message for a crypto mailing list, but unfortunately you have provided far too little ciphertext to even begin to attempt a decryption. From bdm at fenrir.org.uk Thu May 7 14:49:25 2015 From: bdm at fenrir.org.uk (Brian Morrison) Date: Thu, 7 May 2015 14:49:25 +0100 Subject: Cahoot's cert In-Reply-To: References: <20150506224806.GC31136@localhost.localdomain> <20150507103722.GA2027@unequivocal.co.uk> Message-ID: <20150507144925.00006c3a@surtees.fenrir.org.uk> On Thu, 07 May 2015 12:10:43 +0000 Adrian Midgley wrote: > TLS 1 Currently acceptable but not preferred: http://www.theregister.co.uk/2015/05/07/ietf_updates_tlsssl_best_practice/ -- Brian Morrison From amidgley at gmail.com Thu May 7 20:03:27 2015 From: amidgley at gmail.com (Adrian Midgley) Date: Thu, 07 May 2015 19:03:27 +0000 Subject: Cahoot's cert In-Reply-To: <20150507144925.00006c3a@surtees.fenrir.org.uk> References: <20150506224806.GC31136@localhost.localdomain> <20150507103722.GA2027@unequivocal.co.uk> <20150507144925.00006c3a@surtees.fenrir.org.uk> Message-ID: As remarked by Chrome in the page in question. On Thu, 7 May 2015 19:25 Brian Morrison wrote: > On Thu, 07 May 2015 12:10:43 +0000 > Adrian Midgley wrote: > > > TLS 1 > > Currently acceptable but not preferred: > > http://www.theregister.co.uk/2015/05/07/ietf_updates_tlsssl_best_practice/ > > -- > > Brian Morrison > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jon+ukcrypto at unequivocal.co.uk Fri May 8 01:17:11 2015 From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens) Date: Fri, 8 May 2015 01:17:11 +0100 Subject: Cahoot's cert In-Reply-To: References: <20150506224806.GC31136@localhost.localdomain> <20150507103722.GA2027@unequivocal.co.uk> <20150507144925.00006c3a@surtees.fenrir.org.uk> Message-ID: <20150508001710.GC2027@unequivocal.co.uk> On Thu, May 07, 2015 at 07:03:27PM +0000, Adrian Midgley wrote: > As remarked by Chrome in the page in question. No, Chrome does not complain about use of TLS 1.0. From bakeryworms at gmail.com Fri May 8 09:28:24 2015 From: bakeryworms at gmail.com (bakeryworms at gmail.com) Date: Fri, 08 May 2015 09:28:24 +0100 Subject: Cahoot's cert In-Reply-To: <20150508001710.GC2027@unequivocal.co.uk> References: <20150506224806.GC31136@localhost.localdomain> <20150507103722.GA2027@unequivocal.co.uk> <20150507144925.00006c3a@surtees.fenrir.org.uk> <20150508001710.GC2027@unequivocal.co.uk> Message-ID: <20150508082824.5701711.23803.341@gmail.com> One thing this episode shows is how difficult it is for Joe Public to understand the crypto/certificate errors and warnings from browsers. And which are safe to ignore and which are important to heed.? It undermines the security of TLS/SSL.? KRS Mark ? Original Message ? From: Jon Ribbens Sent: Friday, 8 May 2015 01:17 To: ukcrypto at chiark.greenend.org.uk Reply To: UK Cryptography Policy Discussion Group Subject: Re: Cahoot's cert On Thu, May 07, 2015 at 07:03:27PM +0000, Adrian Midgley wrote: > As remarked by Chrome in the page in question. No, Chrome does not complain about use of TLS 1.0. From otcbn at callnetuk.com Sat May 9 14:58:35 2015 From: otcbn at callnetuk.com (Peter Mitchell) Date: Sat, 09 May 2015 14:58:35 +0100 Subject: Policy under an unchained Theresa May Message-ID: <554E128B.7090601@callnetuk.com> ?A Conservative government would be giving the security agencies and law enforcement agencies the powers that they need to ensure they're keeping up to date as people communicate with communications data. We were prevented from bringing in that legislation into the last government because of the coalitions with the Lib Dems and we are determined to bring that through because we believe that is necessary to maintain the capabilities of our law enforcement agencies so they can continue to do the excellent job day in day out of keeping us safe and secure? From ajmartin297 at gmail.com Sat May 9 17:04:45 2015 From: ajmartin297 at gmail.com (A. Martin) Date: Sat, 9 May 2015 17:04:45 +0100 Subject: Policy under an unchained Theresa May In-Reply-To: <554E128B.7090601@callnetuk.com> References: <554E128B.7090601@callnetuk.com> Message-ID: There's always the possibility that with only a 12-seat majority a backbench rebellion [1] could prevent this passing, but if it's put through before Labour have a new leader, one who would hopefully [2] enforce a three-line whip against the Draft Communications Data Bill, then opposition MPs such as Hazel Blears (& the DUP) could vote for it, as such support has been forthcoming on previous legislation There has been some talk of *extremely* minute limitations on the mass-deployment of DPI probes already [3], but it's hard to see any light at the end of this tunnel, if you'll excuse the unintentional pun. I think legislation like this really only provides some form of legal framework to cover the scale of collection, and ultimately, much like the ridiculous blustering about backdoors, it is too much a distraction from the real issue which affects communications security from any given global "passive" adversary: end-point vulnerabilities. [1] David Davis has consistently opposed the draft legislation. [2] A political analyst might suggest this may be only out of a desire to simply bloody the government's nose, rather than any commitment to supporting evidence-based policy. [3] http://www.theregister.co.uk/2012/07/11/communcations_data_bill_joint_committee/ On Sat, May 9, 2015 at 2:58 PM, Peter Mitchell wrote: > ?A Conservative government would be giving the security agencies and law > enforcement agencies the powers that they need to ensure they're keeping up > to date as people communicate with communications data. We were prevented > from bringing in that legislation into the last government because of the > coalitions with the Lib Dems and we are determined to bring that through > because we believe that is necessary to maintain the capabilities of our > law enforcement agencies so they can continue to do the excellent job day > in day out of keeping us safe and secure? > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From colinthomson1 at o2.co.uk Sat May 9 18:43:22 2015 From: colinthomson1 at o2.co.uk (Tom Thomson) Date: Sat, 9 May 2015 18:43:22 +0100 Subject: Policy under an unchained Theresa May In-Reply-To: <554E128B.7090601@callnetuk.com> References: <554E128B.7090601@callnetuk.com> Message-ID: <000001d08a7f$a50014b0$ef003e10$@o2.co.uk> Yes, it's pretty horrifying. Almost as if we had Labour and Blunkett back again. I guess the only way to stop the slide into police-statehood would be to elect a LibDem government (but I'm not sure that even that would be much good). .... Peter Mitchell wrote:- > ?A Conservative government would be giving the security agencies and law > enforcement agencies the powers that they need to ensure they're keeping > up to date as people communicate with communications data. We were > prevented from bringing in that legislation into the last government because > of the coalitions with the Lib Dems and we are determined to bring that > through because we believe that is necessary to maintain the capabilities of > our law enforcement agencies so they can continue to do the excellent job > day in day out of keeping us safe and secure? From peter at pmsommer.com Sat May 9 19:36:03 2015 From: peter at pmsommer.com (Peter Sommer) Date: Sat, 09 May 2015 19:36:03 +0100 Subject: Policy under an unchained Theresa May In-Reply-To: References: <554E128B.7090601@callnetuk.com> Message-ID: <554E5393.5050806@pmsommer.com> On 09/05/2015 17:04, A. Martin wrote: > opposition MPs such as Hazel Blears Hazel Blears stood down as an MP at the election. If she had stayed on she would have been a candidate for Chair of the ISC Peter Sommer --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com From ajmartin297 at gmail.com Sat May 9 21:29:55 2015 From: ajmartin297 at gmail.com (A. Martin) Date: Sat, 9 May 2015 21:29:55 +0100 Subject: Policy under an unchained Theresa May In-Reply-To: <554E5393.5050806@pmsommer.com> References: <554E128B.7090601@callnetuk.com> <554E5393.5050806@pmsommer.com> Message-ID: That had slipped my mind, thank you Peter. On Sat, May 9, 2015 at 7:36 PM, Peter Sommer wrote: > On 09/05/2015 17:04, A. Martin wrote: > >> opposition MPs such as Hazel Blears >> > Hazel Blears stood down as an MP at the election. If she had stayed on > she would have been a candidate for Chair of the ISC > > > Peter Sommer > > > --- > This email has been checked for viruses by Avast antivirus software. > http://www.avast.com > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From zenadsl6186 at zen.co.uk Sun May 10 12:10:42 2015 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Sun, 10 May 2015 12:10:42 +0100 Subject: Policy under an unchained Theresa May In-Reply-To: <554E128B.7090601@callnetuk.com> References: <554E128B.7090601@callnetuk.com> Message-ID: <554F3CB2.1080403@zen.co.uk> On 09/05/15 14:58, Peter Mitchell wrote: > ?A Conservative government would be giving the security agencies and law > enforcement agencies the powers that they need to ensure they're keeping > up to date as people communicate with communications data. We were > prevented from bringing in that legislation into the last government > because of the coalitions with the Lib Dems and we are determined to > bring that through because we believe that is necessary to maintain the > capabilities of our law enforcement agencies so they can continue to do > the excellent job day in day out of keeping us safe and secure? I don't think "people communicate with communications data"; that aside, I don't get Theresa May either, she already seems madder than Mad Maggie at her maddest. Unchained?? Ouch. Maybe Cameron is keeping his enemies closer .. But will it work? Afaics the Police and/or spooks are telling her: 1] "we are losing access to content because people are using encryption" 2] "we are losing access to comms data because people are using facebook (and perhaps the ECtJ ruling)" and 3] "we need lots of data to datamine for terrorists" - they may be telling the Foreign Secretary as well as Theresa. Back to ISPs storing straight comms data? I suppose it could be worse. Comms data for people communicating via Facebook, online games, etc? Mass "black box" Facebook comms data can't be collected unless the black box decrypts everything, and there is probably too much data there anyway. I don't think it's realistically possible to collect mass Facebook-type data with black boxes, though perhaps targeted data could be collected. However, as targeted Facebook-type comms data could be collected by the ISP, with some sort of "comms data only" warrant or authorisation, I don't think black boxes are a suitable means for collecting targeted FB-type comms data. Even then, something would have to be done about encryption for FB-type comms data collection. Banning encryption, mandatory backdoors? At least this list will be getting busier. But it won't work, and it most certainly isn't going to be cost-effective - the cost of banning TLS would be astronomical. Even if it did work, all it can produce is either targeted data (which can be obtained in other ways, in most cases at lower cost) or mass data, which is useless for catching people. Wrote this for something else, but it seems relevant here: Mass data can help once someone is caught, eg there are tales of supporting evidence found in people's comms data after they were arrested - but it can't catch people in the first place. But datamining for terrorists doesn't work, the baseline problem (aka base rate fallacy) rules it out. http://www.badscience.net/2009/02/datamining-would-be-lovely-if-it-worked/ https://www.schneier.com/essays/archives/2005/03/why_data_mining_wont.html When you look at a population the size of the UK, depending how you look there are either too many potential suspects, so it doesn't help, or too few. almost all of whom are false positives - so you don't actually catch the bad guys. This is especially true of the real bad guys, who try not to be caught, and who don't post their murders on facebook or the like. In the US there are no known cases where datamining of mass interception product or comms data has initially identified someone as a person of interest, who was subsequently investigated as a result of that identification and convicted. All the NSA's vaunted mass data collection? - datamining it has never initially identified a single terrorist. Not one. [There aren't any known cases in the UK either, but as evidence of interception wouldn't be allowed in Court that doesn't say much, so I use the US example instead.] -- Peter Fairbrother From richard at lamont.me.uk Sun May 10 15:40:57 2015 From: richard at lamont.me.uk (Richard Lamont) Date: Sun, 10 May 2015 15:40:57 +0100 Subject: Policy under an unchained Michael Gove [was: Theresa May] In-Reply-To: <554E128B.7090601@callnetuk.com> References: <554E128B.7090601@callnetuk.com> Message-ID: <554F6DF9.5030106@lamont.me.uk> On 09/05/15 14:58, Peter Mitchell wrote: > ?A Conservative government would be giving the security agencies and law > enforcement agencies the powers that they need to ensure they're keeping > up to date as people communicate with communications data. We were > prevented from bringing in that legislation into the last government > because of the coalitions with the Lib Dems and we are determined to > bring that through because we believe that is necessary to maintain the > capabilities of our law enforcement agencies so they can continue to do > the excellent job day in day out of keeping us safe and secure? According to a report on Radio 4's The World This Weekend, the snoopers' charter will now be the responsibility of Michael Gove, the newly-appointed Minister of Justice, and not the Home Secretary. http://www.bbc.co.uk/programmes/b05tbst1 The relevant bit of audio starts at 07:48 in. -- Richard Lamont From lists at internetpolicyagency.com Mon May 11 16:04:43 2015 From: lists at internetpolicyagency.com (Roland Perry) Date: Mon, 11 May 2015 16:04:43 +0100 Subject: Policy under an unchained Michael Gove [was: Theresa May] In-Reply-To: <554F6DF9.5030106@lamont.me.uk> References: <554E128B.7090601@callnetuk.com> <554F6DF9.5030106@lamont.me.uk> Message-ID: In article <554F6DF9.5030106 at lamont.me.uk>, Richard Lamont writes >According to a report on Radio 4's The World This Weekend, the snoopers' >charter will now be the responsibility of Michael Gove, the >newly-appointed Minister of Justice, and not the Home Secretary. That makes a certain amount of sense given that Data Protection is an MoJ matter, rather Home Office. -- Roland Perry From ajmartin297 at gmail.com Mon May 11 19:12:05 2015 From: ajmartin297 at gmail.com (A. Martin) Date: Mon, 11 May 2015 19:12:05 +0100 Subject: Policy under an unchained Michael Gove [was: Theresa May] In-Reply-To: References: <554E128B.7090601@callnetuk.com> <554F6DF9.5030106@lamont.me.uk> Message-ID: The report was mistaken. I spoke to The MoJ this morning. It's still a Home Office lead. On Mon, May 11, 2015 at 4:04 PM, Roland Perry < lists at internetpolicyagency.com> wrote: > In article <554F6DF9.5030106 at lamont.me.uk>, Richard Lamont < > richard at lamont.me.uk> writes > >> According to a report on Radio 4's The World This Weekend, the snoopers' >> charter will now be the responsibility of Michael Gove, the >> newly-appointed Minister of Justice, and not the Home Secretary. >> > > That makes a certain amount of sense given that Data Protection is an MoJ > matter, rather Home Office. > -- > Roland Perry > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at internetpolicyagency.com Tue May 12 21:02:47 2015 From: lists at internetpolicyagency.com (Roland Perry) Date: Tue, 12 May 2015 21:02:47 +0100 Subject: Geekspeak I don't understand Message-ID: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> Can anyone tell me what this really means, and what might have gone wrong, or what's amiss in 'my setup'? "An error occurred during a connection to www.facebook.com. The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden. (Error code: mozilla_pkix_error_key_pinning_failure) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem." -- Roland Perry From peter at pmsommer.com Wed May 13 07:25:53 2015 From: peter at pmsommer.com (Peter Sommer) Date: Wed, 13 May 2015 07:25:53 +0100 Subject: Geekspeak I don't understand In-Reply-To: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> Message-ID: <5552EE71.9040304@pmsommer.com> From the Mozilla wiki: Public Key Pinning is a mechanism for sites to specify which certificate authorities have issued valid certs for that site, and for user-agents to reject TLS connections to those sites if the certificate is not issued by a known-good CA. Public key pinning prevents man-in-the-middle attacks due to rogue CAs not on the site's list (see the Diginotar attack which Chrome detected and we did not: The feature binds a set of hashes public keys to a domain name such that when connecting to a site using TLS the browser ensures that there is an intersection between the public keys in the computed trust chain and the set of fingerprints associated with that domain. This check is done during the certificate verification phase of the connection, before any data is sent or processed by the browser. In particular we are pinning the sha256 digest of the der encoded subject public key info. In order to reduce rejections, Firefox computes all potential trust chains before deciding that are no valid pins. https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning But it's interesting that this affects Facebook.... Peter Sommer On 12/05/2015 21:02, Roland Perry wrote: > Can anyone tell me what this really means, and what might have gone > wrong, or what's amiss in 'my setup'? > > "An error occurred during a connection to www.facebook.com. The server > uses key pinning (HPKP) but no trusted certificate chain could be > constructed that matches the pinset. Key pinning violations cannot be > overridden. (Error code: mozilla_pkix_error_key_pinning_failure) > > The page you are trying to view cannot be shown because the > authenticity of the received data could not be verified. > > Please contact the website owners to inform them of this problem." --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com From jon+ukcrypto at unequivocal.co.uk Wed May 13 13:31:03 2015 From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens) Date: Wed, 13 May 2015 13:31:03 +0100 Subject: Geekspeak I don't understand In-Reply-To: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> Message-ID: <20150513123103.GA25424@unequivocal.co.uk> On Tue, May 12, 2015 at 09:02:47PM +0100, Roland Perry wrote: > Can anyone tell me what this really means, and what might have gone wrong, > or what's amiss in 'my setup'? > > "An error occurred during a connection to www.facebook.com. The server uses > key pinning (HPKP) but no trusted certificate chain could be constructed > that matches the pinset. Key pinning violations cannot be overridden. (Error > code: mozilla_pkix_error_key_pinning_failure) > > The page you are trying to view cannot be shown because the > authenticity of the received data could not be verified. > > Please contact the website owners to inform them of this problem." Is it a corporate computer or similar that might have a root certificate installed by the IT department? The error message means that the 'wrong' certificate was seen by your browser. I assume if the certificate didn't verify at all then a more usual error message would appear. From pgut001 at cs.auckland.ac.nz Wed May 13 15:43:24 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Wed, 13 May 2015 14:43:24 +0000 Subject: Geekspeak I don't understand Message-ID: <9A043F3CF02CD34C8E74AC1594475C73AB01DA4C@uxcn10-tdc05.UoA.auckland.ac.nz> Roland Perry writes: >Can anyone tell me what this really means, The plain-English translation is, approximately "massa make big magic, Gunga Din, and protect you from bad spirits". Firefox (I assume, from the Mozilla name), was expecting to find one of a particular set of certificates associated with the site, didn't find it, and so won't continue. In the long-standing tradition of PKI error messages, this issue is conveyed to the user as incomprehensible gibberish. Peter. From tim at night-shade.org.uk Wed May 13 17:26:19 2015 From: tim at night-shade.org.uk (Tim Fletcher) Date: Wed, 13 May 2015 17:26:19 +0100 Subject: Geekspeak I don't understand In-Reply-To: <20150513123103.GA25424@unequivocal.co.uk> References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> <20150513123103.GA25424@unequivocal.co.uk> Message-ID: <55537B2B.9010108@night-shade.org.uk> On 13/05/15 13:31, Jon Ribbens wrote: > On Tue, May 12, 2015 at 09:02:47PM +0100, Roland Perry wrote: >> Can anyone tell me what this really means, and what might have >> gone wrong, or what's amiss in 'my setup'? >> >> "An error occurred during a connection to www.facebook.com. The >> server uses key pinning (HPKP) but no trusted certificate chain >> could be constructed that matches the pinset. Key pinning >> violations cannot be overridden. (Error code: >> mozilla_pkix_error_key_pinning_failure) >> >> The page you are trying to view cannot be shown because the >> authenticity of the received data could not be verified. >> >> Please contact the website owners to inform them of this >> problem." > > Is it a corporate computer or similar that might have a root > certificate installed by the IT department? The error message means > that the 'wrong' certificate was seen by your browser. I assume if > the certificate didn't verify at all then a more usual error > message would appear. It's not just the installation of a root cert on a corporate computer but MitM on the SSL traffic. This is normally so that filtering can take place, basically a server decrypts, filters and then encrypts using it's own SSL cert the traffic which doesn't match the pin set. -- Tim Fletcher From lists at internetpolicyagency.com Wed May 13 22:27:10 2015 From: lists at internetpolicyagency.com (Roland Perry) Date: Wed, 13 May 2015 22:27:10 +0100 Subject: Geekspeak I don't understand In-Reply-To: <20150513123103.GA25424@unequivocal.co.uk> References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> <20150513123103.GA25424@unequivocal.co.uk> Message-ID: In article <20150513123103.GA25424 at unequivocal.co.uk>, Jon Ribbens writes >> or what's amiss in 'my setup'? >> >> "An error occurred during a connection to www.facebook.com. The server uses >> key pinning (HPKP) but no trusted certificate chain could be constructed >> that matches the pinset. Key pinning violations cannot be overridden. (Error >> code: mozilla_pkix_error_key_pinning_failure) >> >> The page you are trying to view cannot be shown because the >> authenticity of the received data could not be verified. >> >> Please contact the website owners to inform them of this problem." > >Is it a corporate computer or similar that might have a root >certificate installed by the IT department? No, it's my five year old laptop where only I am the administrator. Not sure if it matters but about three months ago I wiped the Win7-upgraded-to-Win8 installation and did in effect a "factory reset" back to Vista. I use Facebook multiple time most days (for years), and have never before seen any error message like this. -- Roland Perry From jon+ukcrypto at unequivocal.co.uk Wed May 13 23:10:18 2015 From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens) Date: Wed, 13 May 2015 23:10:18 +0100 Subject: Geekspeak I don't understand In-Reply-To: <55537B2B.9010108@night-shade.org.uk> References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> <20150513123103.GA25424@unequivocal.co.uk> <55537B2B.9010108@night-shade.org.uk> Message-ID: <20150513221018.GB25424@unequivocal.co.uk> On Wed, May 13, 2015 at 05:26:19PM +0100, Tim Fletcher wrote: > On 13/05/15 13:31, Jon Ribbens wrote: > > Is it a corporate computer or similar that might have a root > > certificate installed by the IT department? The error message means > > that the 'wrong' certificate was seen by your browser. I assume if > > the certificate didn't verify at all then a more usual error > > message would appear. > > It's not just the installation of a root cert on a corporate computer > but MitM on the SSL traffic. This is normally so that filtering can > take place, basically a server decrypts, filters and then encrypts > using it's own SSL cert the traffic which doesn't match the pin set. Well, yes, that's why you might see the 'wrong' cert, hence my question. Although, now I think about it, I seem to recall that this kind of certificate pinning tends to have a deliberate exception in it for locally-added certificates. From jon+ukcrypto at unequivocal.co.uk Wed May 13 23:17:47 2015 From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens) Date: Wed, 13 May 2015 23:17:47 +0100 Subject: Geekspeak I don't understand In-Reply-To: References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> <20150513123103.GA25424@unequivocal.co.uk> Message-ID: <20150513221747.GC25424@unequivocal.co.uk> On Wed, May 13, 2015 at 10:27:10PM +0100, Roland Perry wrote: > In article <20150513123103.GA25424 at unequivocal.co.uk>, Jon Ribbens > writes > >Is it a corporate computer or similar that might have a root > >certificate installed by the IT department? > > No, it's my five year old laptop where only I am the administrator. > > Not sure if it matters but about three months ago I wiped the > Win7-upgraded-to-Win8 installation and did in effect a "factory reset" back > to Vista. > > I use Facebook multiple time most days (for years), and have never before > seen any error message like this. It does seem very peculiar. Also, as far as I can see, Facebook does not use certificate pinning. Something strange happened. It could be a bug in Firefox I suppose. From brian at thejohnsons.co.uk Thu May 14 07:36:54 2015 From: brian at thejohnsons.co.uk (Brian Johnson) Date: Thu, 14 May 2015 07:36:54 +0100 Subject: Geekspeak I don't understand In-Reply-To: References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> <20150513123103.GA25424@unequivocal.co.uk> Message-ID: I also use Facebook multiple times every day and have never seen that message. I use a Chromium-based browser (Vivaldi or Opera) run on Vista32. Perhaps Facebook were doing something to their certs at just the time you happened along? Does Google (or whoever) show that anyone else noticed? Brian -----Original Message----- From: "Roland Perry" Sent: ?13/?05/?2015 22:27 To: "ukcrypto at chiark.greenend.org.uk" Subject: Re: Geekspeak I don't understand In article <20150513123103.GA25424 at unequivocal.co.uk>, Jon Ribbens writes >> or what's amiss in 'my setup'? >> >> "An error occurred during a connection to www.facebook.com. The server uses >> key pinning (HPKP) but no trusted certificate chain could be constructed >> that matches the pinset. Key pinning violations cannot be overridden. (Error >> code: mozilla_pkix_error_key_pinning_failure) >> >> The page you are trying to view cannot be shown because the >> authenticity of the received data could not be verified. >> >> Please contact the website owners to inform them of this problem." > >Is it a corporate computer or similar that might have a root >certificate installed by the IT department? No, it's my five year old laptop where only I am the administrator. Not sure if it matters but about three months ago I wiped the Win7-upgraded-to-Win8 installation and did in effect a "factory reset" back to Vista. I use Facebook multiple time most days (for years), and have never before seen any error message like this. -- Roland Perry -------------- next part -------------- An HTML attachment was scrubbed... URL: From bdm at fenrir.org.uk Thu May 14 10:30:36 2015 From: bdm at fenrir.org.uk (Brian Morrison) Date: Thu, 14 May 2015 10:30:36 +0100 Subject: Geekspeak I don't understand In-Reply-To: References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> <20150513123103.GA25424@unequivocal.co.uk> Message-ID: <20150514103036.00006b8c@surtees.fenrir.org.uk> On Wed, 13 May 2015 22:27:10 +0100 Roland Perry wrote: > I use Facebook multiple time most days (for years), and have never > before seen any error message like this. There has been a recent update to FF38, perhaps this has made the difference? -- Brian Morrison From zenadsl6186 at zen.co.uk Thu May 14 13:57:06 2015 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Thu, 14 May 2015 13:57:06 +0100 Subject: Geekspeak I don't understand In-Reply-To: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> Message-ID: <55549BA2.6000103@zen.co.uk> On 12/05/15 21:02, Roland Perry wrote: > Can anyone tell me what this really means, and what might have gone > wrong, or what's amiss in 'my setup'? > > "An error occurred during a connection to www.facebook.com. The server > uses key pinning (HPKP) but no trusted certificate chain could be > constructed that matches the pinset. There are two main forms of key pinning. In the first the browser does all the work, eg Chrome pins all the www.google.com sites to Google CAs, in later Windows installations IE pins www.microsoft-update.com sites to a Microsoft CA. It's all a bit incestuous, but it probably works fairly well, and a fatal error block is justified here when pinning fails. Firefox started doing this last September, and afaik there haven't been any significant problems. Another form involves the first visit to a HTTPS site which claims to use cert pinning. The first visit is supposed to be especially trusted, though I can't imagine why. Thereafter the browser is supposed to trust only the certificate authority (or reportedly, ouch, the certificate) mentioned in the first visit. This may or may not apply to all subdomains as well as the main domain. I think this latter form may be what has bitten you, though afaik Facebook doesn't use hpkp. Maybe some thing else on the page, from another source, does? Firefox started doing this second type of pinning very recently. > Key pinning violations cannot be > overridden. (Error code: mozilla_pkix_error_key_pinning_failure) > > The page you are trying to view cannot be shown because the > authenticity of the received data could not be verified. > > Please contact the website owners to inform them of this problem." The RFC says you must refuse a connection if pinning fails, but this is just plain stupid. I am a great fan of blocking connections when it is 100% correct to do so, as many will know - but here someone can MITM a page, give out a false cert for the first visit, and cause you a permanent DOS. There are other holes too, eg you can block access to a site which has been legitimately set up by MITM-ing a wrong cert. Firewalls and proxies can cause trouble too. What happens if you want to delete a CA in the browser list of CAs, and a pinning relies on it? What happens when a site wants to change CA? Privacy? I don't want someone who inspects my computer to know I have visited kinkyporn.com. I don't want that kept in a list of pinnings. The second form of key pinning is pretty rubbish, security-wise. They haven't done anything like a proper security cost-benefit analysis. A warning, yes that is appropriate. A report, even more so. Block it? No. You haven't the authority of correctness to do that. It would be like hanging someone when you not only didn't know for sure he did the crime, but were not even sure that a crime had been committed. You are sacrificing availability for supposed integrity and/or confidentiality; but availability is often, usually, and in general, more important than confidentiality or integrity. Another disadvantage of blocking is that you can't get a secure connection through hostile partial MITMing. As the whole point of HPKP is to prevent MITM cryptographic attacks, we must assume the ability to MITM traffic is available in any case which HPKP might actually be useful. Until April nss did not actually block sites in Linux for Firefox/Chrome, but they changed it then. I don't know about Windows, OSX. Ben Laurie was/is doing some stuff along these lines, and would know more. Ben? You there? -- Peter Fairbrother From zenadsl6186 at zen.co.uk Thu May 14 17:45:03 2015 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Thu, 14 May 2015 17:45:03 +0100 Subject: Geekspeak I don't understand In-Reply-To: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> Message-ID: <5554D10F.6020000@zen.co.uk> On 12/05/15 21:02, Roland Perry wrote: > Can anyone tell me what this really means, and what might have gone > wrong, or what's amiss in 'my setup'? > > "An error occurred during a connection to www.facebook.com. The server > uses key pinning (HPKP) but no trusted certificate chain could be > constructed that matches the pinset. Key pinning violations cannot be > overridden. (Error code: mozilla_pkix_error_key_pinning_failure) > > The page you are trying to view cannot be shown because the > authenticity of the received data could not be verified. > > Please contact the website owners to inform them of this problem." BTW, to turn pinning off in Firefox, if it's a continuing problem: Type about:config in the browser address bar. Click OK on the warning. Set the preference security.cert_pinning.enforcement_level to 0. -- Peter F From alan.braggins at gmail.com Thu May 14 18:23:42 2015 From: alan.braggins at gmail.com (Alan Braggins) Date: Thu, 14 May 2015 18:23:42 +0100 Subject: Geekspeak I don't understand In-Reply-To: <20150513221018.GB25424@unequivocal.co.uk> References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> <20150513123103.GA25424@unequivocal.co.uk> <55537B2B.9010108@night-shade.org.uk> <20150513221018.GB25424@unequivocal.co.uk> Message-ID: On 13 May 2015 at 23:10, Jon Ribbens wrote: > Although, now I think about it, I seem to recall that > this kind of certificate pinning tends to have a deliberate exception > in it for locally-added certificates. Certainly Chrome has - I haven't checked Firefox https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state.cc&l=135 -- alan.braggins at gmail.com http://www.chiark.greenend.org.uk/~armb/ From zenadsl6186 at zen.co.uk Thu May 14 22:01:03 2015 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Thu, 14 May 2015 22:01:03 +0100 Subject: Geekspeak I don't understand In-Reply-To: References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> <20150513123103.GA25424@unequivocal.co.uk> <55537B2B.9010108@night-shade.org.uk> <20150513221018.GB25424@unequivocal.co.uk> Message-ID: <55550D0F.2050802@zen.co.uk> On 14/05/15 18:23, Alan Braggins wrote: > On 13 May 2015 at 23:10, Jon Ribbens wrote: >> Although, now I think about it, I seem to recall that >> this kind of certificate pinning tends to have a deliberate exception >> in it for locally-added certificates. > > Certainly Chrome has - I haven't checked Firefox > https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state.cc&l=135 Yes, Firefox too - in Firefox the default value of 1 for the preference security.cert_pinning.enforcement_level allows locally-added certificates. https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning There is a list of pinnings which are on by default - they come with the browser. They typically include TOR, Twitter, Google, Microsoft, some Mozilla and Firefox sites- but not Facebook. So far this seems to work well enough. Pinnings can include more than one CA, which is good. The problems start when pinnings for new sites are dynamically added to the list. Quote from https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning/Implementation_Details : "Something is Broken, and we Think it's Pinning" -- Peter F From jon+ukcrypto at unequivocal.co.uk Fri May 15 00:23:42 2015 From: jon+ukcrypto at unequivocal.co.uk (Jon Ribbens) Date: Fri, 15 May 2015 00:23:42 +0100 Subject: Geekspeak I don't understand In-Reply-To: References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> <20150513123103.GA25424@unequivocal.co.uk> <55537B2B.9010108@night-shade.org.uk> <20150513221018.GB25424@unequivocal.co.uk> Message-ID: <20150514232342.GA1782@unequivocal.co.uk> On Thu, May 14, 2015 at 06:23:42PM +0100, Alan Braggins wrote: > On 13 May 2015 at 23:10, Jon Ribbens wrote: > > Although, now I think about it, I seem to recall that > > this kind of certificate pinning tends to have a deliberate exception > > in it for locally-added certificates. > > Certainly Chrome has - I haven't checked Firefox > https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state.cc&l=135 Now I think about it more, perhaps the most likely explanation is that Roland mistyped 'facebook' in his browser ;-) From lists at internetpolicyagency.com Fri May 15 21:30:44 2015 From: lists at internetpolicyagency.com (Roland Perry) Date: Fri, 15 May 2015 21:30:44 +0100 Subject: Geekspeak I don't understand In-Reply-To: <20150514232342.GA1782@unequivocal.co.uk> References: <+TxA+cinxlUVFAJR@cf-f8.perry.co.uk> <20150513123103.GA25424@unequivocal.co.uk> <55537B2B.9010108@night-shade.org.uk> <20150513221018.GB25424@unequivocal.co.uk> <20150514232342.GA1782@unequivocal.co.uk> Message-ID: <$rkAgpA0dlVVFACU@cf-f8.perry.co.uk> In article <20150514232342.GA1782 at unequivocal.co.uk>, Jon Ribbens writes >Now I think about it more, perhaps the most likely explanation is that >Roland mistyped 'facebook' in his browser ;-) I haven't typed it in for years. It's one of the (often the top) saved websites on my Firefox home page. Just checked, today it's the 4th after: Realtime trains ulm moderation National Rail enquiries Closely followed by: Google Twitter VirginEastCoast eBay & Panoramio -- Roland Perry