[tbb-bugs] #29628 [Applications/Tor Browser]: Distrust DarkMatter Intermediate CAs

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Mar 1 19:00:03 UTC 2019 

#29628: Distrust DarkMatter Intermediate CAs
--------------------------------------+--------------------------
 Reporter:  nsuchy                    |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------
Changes (by sysrqb):

 * priority:  Immediate => Medium
 * severity:  Critical => Major


Comment:

 You may find the entire thread discussing this topic enlightening. I am
 personally in support of Mozilla denying the root inclusion request and
 revoking their intermediate CA certificate. However, as it was said
 numerous times in the discussion thread, the only reason we know
 DarkMatter have these CA certificates is because they applied for root
 inclusion - in a public forum. It is very easy for a malicious
 organization to obtain an intermediate CA certificate without that
 certificate being attributable to them. As far as anyone knows (publicly),
 DarkMatter haven't used their current Intermediate CA with malicious
 intent, yet(!). If DarkMatter use their CA for malicious purpose in the
 future and that malicious activity is detected, then their intermediate CA
 certificate should be revoked by DigiCert (and therefore they lose their
 trusted position globally). The current question is whether Mozilla should
 pre-emptively revoke DarkMatter's Intermediate certificate and reject
 their current root.

 The Tor Project isn't in a position where we can successfully audit all
 anchor and intermediate CAs included in Mozilla's root store. And, even if
 we could, we likely wouldn't be able to maintain that long-term. We can
 distrust DarkMatter's current intermediate, but given the previous
 statement about how Intermediate CAs certificates can be obtained
 relatively easily under alternative-names, I don't know if this is a
 winning solution. In reality, distrusting one intermediate CA is likely
 pointless, other than making a political statement.

 I'll leave this open, in case anyone else on the team has more input here.

 https://groups.google.com/d/msg/mozilla.dev.security.policy/nnLVNfqgz7g/YiybcXciBQAJ

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29628#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list