[OpenID] The HTTPS in the OpenID (Re: Bug in OpenID RP implementations)

Peter Williams pwilliams at rapattoni.com
Fri Jan 9 17:03:44 UTC 2009 

Folks at CAcert.org (the organization that Mozilla has traditionally struggled to admit to the exclusive Root CA club) are questioning the appropriateness of my continuing to link

https://cacert.at/homepw to https://homepw.myopenid.com.

The problem is that myopenid identity page (and the source of openid assertions) appears to have the assurance level of one of those pesky md5 certs from VeriSign/Equifax.

Presumably it was very cheap (since it’s a wildcard cert).

Not sure the argument that vanity https URLs must use CAs in the browser'platform list is valid. The argument that cheap sources of CA services ensure little barrier is erected to users is also suspect. As of last week, the example now exists that cheap, highly branded certs act (and continue to act) against the users interest (my VISTA cardspace interaction with myopenid is in no way objecting to the md5 issue)

Interestingly, I'm not sure the invocation of https by cardspace can be controlled by the sp metadata, or myopenid metadata (or my own vanity metadata, if it existed).

Setting a similar playstation cluster against the myopenid SSL cert _specifically_ is not out of the question, I would warn.

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Peter Williams
> Sent: Monday, January 05, 2009 10:17 AM
> To: Eddy Nigg (StartCom Ltd.)
> Cc: OpenID List
> Subject: Re: [OpenID] The HTTPS in the OpenID (Re: Bug in OpenID RP
> implementations)
>
> Slowly getting there! Between denial and word spin, openid evidently
> has some  "full disclosure" culture yet to be adopted.
>
> First denial that compromise of a vital security policy rule has
> occurred (or could even occur) .
>
> Second, denial a cert was minted based on one analogously cutting a
> signature from the bottom of one bit of paper, and tacking it onto a
> new bit of paper, publishing the apparent forgery as if the parts were
> attached by the named signer.
>
> Third denial that an ee ocsp responder is relevant, perhaps for openid
> discover too?
>
> Now we are at: only focus on, peter, the impact (of the two things that
> didn't happen) and ignore something microsoft folk recommended, as it
> that has no relevance.
>
> Perhaps microsoft didn't recommend enterpise customers deploying an ee
> ocsp responder (in light of the information they apparently received)?
> Perhaps the very issue of ee ocsp was not part of the attackers own
> story?
>
> So to openid.  How do we handle things in openid if the op compromises
> its store of private associations? The effect is more severe than if a
> given rp does the same thing. Does the recovering op purge all name
> federations at some or all sp entities? Does it need to send a letter
> to each subscriber?
>
> The attackers apparently gave impact assessment notice to browser
> makers. But they didnt bother to give it to the 26000 openid rp sites
> capable of doing openid1 https openid discovery. If there was no
> impact, why apparently pre-inform the browser vendors (and allegedly
> list 2 of them on the presentation slides)?
>
> But at least the role of op entities is getting highlighted by all
> this, since its an assertion maker. Or is it, under uci? Perhaps an op
> (unlike a shib idp) is but a user #agent#?
>
> -----Original Message-----
> From: Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org>
> Sent: Monday, January 05, 2009 5:05 AM
> To: Peter Williams <pwilliams at rapattoni.com>
> Cc: Eric Norman <ejnorman at doit.wisc.edu>; OpenID List
> <general at openid.net>
> Subject: Re: [OpenID] The HTTPS in the OpenID (Re: Bug in OpenID RP
> implementations)
>
> On 01/05/2009 11:09 AM, Peter Williams:
>
>
>
> > -----Original Message-----
>
> > From: general-bounces at openid.net<mailto:general-bounces at openid.net>
> [mailto:general-bounces at openid.net] On
>
> > Behalf Of Eric Norman
>
> > Sent: Sunday, January 04, 2009 11:43 PM
>
>
>
> > As Eddy (and lots of others) said, there are almost certainly
>
> > no certificates in the field that have been forged with this
>
> > attack.
>
>
>
> Eddy, did you really say that? ”almost certainly no certificates…?”
>
>
>
> If you know of a URL that disproves this, perhaps send it to Eric. I’d
> expect most people in the CA business to know it. Even the folks at
> cacert.org know it…
>
>
>
> Can you show me a case where certificates where successfully used and
> created damage to any relying parties? To all of my knowledge this is
> not the case for this or that reason.
>
> Regards
>
> Signer:         Eddy Nigg, StartCom Ltd.<http://www.startcom.org>
> Jabber:         startcom at startcom.org<xmpp:startcom at startcom.org>
> Blog:   Join the Revolution!<http://blog.startcom.org>
> Phone:  +1.213.341.0390
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list