-
intosi
Sorry guys, my bad. Prosody didn't come back up after upgrading to the new openssl.
-
intosi
StartSSL is probably going to make heaps of money from all the revocation requests they will get.
-
Link Mauve
It seems there is only two XEPs remaining here: http://xmpp.org/xmpp-protocols/xmpp-extensions/
-
intosi
That's not many.
-
intosi
It's only the index that's broken. The actual XEPs seem to work just fine.
-
Link Mauve
Yeah.
-
intosi
That;s a bit of a relief. Still bad, but not as bad as it could be.
-
intosi
Who generates the xeplist?
-
intosi
It was regenerated yesterday evening at 21:19 UTC.
-
Kev
Matt was doing it last night.
-
Kev
He and I spent quite some time trying to work out what the dependencies of Tobias's script was, and getting it to work.
-
intosi
Ah. There might be a slight issue still then.
-
fippo
blerg
-
Kev
I think on international Internet Is Broken day, probably not our biggest concern.
-
dwd
How are we all doing with "free" certificates today?
-
intosi
Very sucky, thank you very much.
-
intosi
Raspbian doesn't have an update for openssl yet.
-
intosi
They must run their buildbots on RPis.
-
intosi
Kev: right.
-
intosi
Rebooting perseus, see you at the other side of the reboot.
-
intosi
I guess the installed version of Prosody on xmpp.org doesn't let us know we're kicked out of the MUC after all.
-
dwd
.
-
dwd
Ah, goodie.
-
dwd
AMusing thing: RapidSSL refuse emails for revocation requests; they have to be faxes for security.
-
dwd
SO you send your fax using a free online service via email.
-
Ge0rG
intosi: MattJ promised to fix it. I suppose it will be on a Monday
-
intosi
Ge0rG: ta
-
Simon
this whole CA thing is just stupid. So broken. You fix revocations, then break it again by needing to use faxes… Bring on DNSSEC!
-
Simon
sorry - grumpy mood.
-
intosi
Simon: I think we all are a bit grumpy. The people with more than a few StartSSL certs even more so.
-
dwd
I think pretty well any sysadmin or devops is in a shitty mood today.
-
intosi
Well, that was the software side of all ik.nu-related machines.
-
Simon
It's hard to comprehend the scale of the heartbeat issue! Just effing mindblowing!.
-
intosi
Yup. Especially with PHBs who fail to understand the issue, and won't sign off the expenses for key revocations. A friend of mine happens to have this issue.
-
MattJ
Ge0rG, intosi: What did I promise to fix?
-
dwd
It's so nasty. Not as if you can even switch CA to avoid the bait-and-switch.
-
dwd
MattJ, Everything.
-
MattJ
Was afraid of that
-
intosi
dwd: indeed.
-
intosi
MattJ: xeplist only has two items.
-
Simon
anyone done a startssl revocation dance yet?
-
Ge0rG
MattJ: you wanted to fix heartbeat.
-
MattJ
My comment last night was about MUC/s2s on server reboots :)
-
Ge0rG
MattJ: it was worth a try ;)
-
fippo
mattj: it seems you're leaking all your precious server code in hearbeat!
-
fippo
err... bleed
-
intosi
Simon, I haven't yet. But they will be rising fast on the list of vendors to be dropped in a heartbeat if it turns out that they will insist on me paying for revocation of all my certs… That's a lot of money that would've bought me certs with vendors that do have a sane revocation policy. It's not like you usually revoke them because you thought it would be the fun thing to do today.
-
dwd
Heart Bleed Why do you miss, when my baby kisses me?
-
dwd
Turns out there's loads of songs I never knew about called "Heartbeat". You could build a whole playlist.
-
Simon
intosi: It's easy to bitch about StartSSL. They have also done more than any other CA to get people to start using certs by making the basic certs free.
-
dwd
Oh, this fills me with confidence in StartSSL's knowledge and understanding of security: 72.) I made a mistake, can I get my certificate revoked? Revocations carry a handling fee of currently US$ 24.90. Class 1 subscribers may use a different sub domain in order to create additional certificates without the need to revoke a previously created certificate. Alternatively it's possible to upgrade to Class 2 level which allows to create the same set of certificates once again (besides all the other benefits), because different levels are issued by different issuers, making revocation unnecessary.
-
dwd
Private key compromised? Oh, just get a new certificate, then it's all OK.
-
intosi
yeah, it sucks.
-
intosi
I just mailed them (on a personal title) asking them how they would envision handling this.
-
dwd
Also note that, to my amazement, it's not just free certs they charge for - it's anything below EV.
-
intosi
Yeah.
-
intosi
If someone has been gathering private keys using this exploit, StartSSL customers are a nice target for identity spoofing.
-
dwd
If you claim it was spoofed, they'll revoke it for free, and ban you for life.
-
dwd
So a double win.
-
intosi
Yup.
-
Simon
xnyphs: do you plan on adding any checks for old certs / compromised certs to xmpp.net?
-
xnyhps
Simon: Define "compromised"?
-
dwd
Simon, You mean running status checks on them?
-
xnyhps
Certs past their notAfter date (on the moment of testing) are given an F.
-
Simon
anything older than the heartbeat announcement?
-
xnyhps
It doesn't check CRL/OCSP yet.
-
dwd
I noticed a libnss update whizz past on my workstation - am I just being behind, or was that affected?
-
intosi
Strongest would be 'potentially compromised'
-
intosi
You cannot claim the certs are compromised at all.
-
Simon
intosi: you have a point
- Simon imagines TLA employee running ./cert-vacuum.sh 0.0.0.0/0
-
MattJ
dwd, http://changelogs.ubuntu.com/changelogs/pool/main/n/nss/nss_3.15.4-1ubuntu7/changelog
-
MattJ
http://matthewwild.co.uk/uploads/dsas.png :'(
-
dwd
Oh, different problem.
-
MattJ
intosi, seems someone in prosody@ got an, erm, negative reply from StartSSL
-
intosi
Negative in what sense?
-
intosi
"We will kill your account", or "pay us, we will revoke"?
-
dwd
intosi, The quote was "fuck you stupid", but I'm hoping that's paraphrasing.
-
intosi
Ehm, ouch.
-
intosi
Would be quite unprofessional if it wasn't.
-
Simon
are cert revocations still handled as a massive file that clients download? or is there some kind of querying standard?
-
MattJ
Best answer: both
-
dwd
Simon, CRLs - signed lists - can be downloaded, and there's also OCSP for querying. In addition, servers can provide a recent OCSP response themselves, via OCSP Stapling, a TLS extension.
-
intosi
I shouldn't have had that last cup of coffee.
- Simon is informed.
-
Ge0rG
is anybody (read: a client implementation) actually using CRLs or OCSP?
-
dwd
Ge0rG, Swift may well be. But the TLS implementations don't tend to do this for you - NSS might do, but OpenSSL certainly won;t.
-
xnyhps
Ge0rG: If you enable it system-wide on OSX, then Adium does.
-
Simon
xnyhps - how does one enable it system wide on OSX?
-
xnyhps
Simon: Open "Keychain Access" -> Preferences -> tab "Certificates"
-
dwd
xnyhps, This isn't on by default?
-
intosi
It's "Best effort"
-
xnyhps
I don't remember what the defaults are, but I'm guessing no.
-
Simon
thanks.
-
intosi
Err, best attempt.
-
Simon
defaults to "best effort"
-
xnyhps
Ah, so it works, except when you need it to work. ;)
-
intosi
Yes, because strict checking would lead to a lessened end-user experience, probably ;)
-
Ge0rG
intosi: isn't that true of all security measures?
-
intosi
Usually.
-
dwd
Ge0rG, Failing to do security right does also have a detrimental effect on the user experience, too. :-)
-
Ge0rG
dwd: counter-example: cryptocat
-
intosi
dwd: like leaving your door unlocked. In normal use it's more convenient, until someone empties your home :)
-
dwd
Right, leaving your home unlocked means you can get in and out quickly and easily, but may hamper later attempts to watch the telly you no longer have.
-
Ge0rG
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4817504d069b4c5082161b02a22116ad75f822b1 - Robin Seggelmann broke the Internet. And he also coauthored SCTP-DTLS
-
Simon
anyone know of a hosted XMPP service that lets you upload your cert+key?
-
fippo
ge0rg: ah, it's not ekr who is accused this time?
-
dwd
Friend of mine just pointed out it's not just private keys that could be leaked.
-
MattJ
Of course
-
fippo
dwd: user data as well
-
dwd
Right, passwords etc.
-
intosi
dwd: pretty much anything in memory of the process, right?
-
fippo
for https also cookies, csrf token etc
-
MattJ
This is what I posted to the Prosody list last night: https://groups.google.com/d/topic/prosody-users/LvbwWkUOGGU/discussion
-
Kev
intosi: And either process.
-
dwd
Kev, Oh, if a server requests heartbeats of a client?
-
MattJ
Yes, it's possible
-
MattJ
I was going to say in XMPP that's not too exciting, because the server generally knows everything the client knows
-
MattJ
But not in the case of OTR...
-
intosi
Nor in the case of certificate authentication.
-
dwd
Or SRP, or SCRAM.
-
MattJ
True
-
intosi
It appears that once you think you know the magnitude of the impact of this issue, you're not thinking big enough.
-
Ge0rG
basically all data stored in the client or server process is screwed.
-
MattJ
Also on the topic of security issues: http://thread.gmane.org/gmane.comp.security.oss.general/12514/focus=12523
-
dwd
Ah, CVE politics.
-
Ge0rG
the bitcoin client is also linked against libssl. sounds like major emoney movement
-
MattJ
No TLS there though, surely?
-
Zash
DTLS perhaps
-
Zash
or hashes and stuff
-
Kev
https://twitter.com/warrenguy/status/453510021930680320 It gets better.
-
Ge0rG
at least one less of the horrible things: https://twitter.com/agl__/status/453472368589942785
-
intosi
Paraphrasing StartCom: "fuck you"
-
intosi
More detailed:
-
intosi
It's upon the subscriber to take appropriate action since the certificate authority can't enforce which software to use. The terms of service and related fees will not change due to that. See also the Subscriber Obligations at https://www.startssl.com/policy.pdf in particular: • Never share private keys with any third party and use adequate protection and best security practices to secure private keys in order prevent losses and compromises thereof. • Notify StartCom immediately in case of a private key compromise and request revocation of the affected certificate(s). Regards Signer: Nikolay Duhman, CVO StartCom Ltd. <http://www.startcom.org/> E-Mail: nikolayd@startcom.org Phone: +972-57-631-56-27
-
intosi
I believe StartCom fails to see the scale of this issue.
-
Ge0rG
intosi: yeah, they fail to see it for the many dollar signs in their eyes
-
Ge0rG
intosi: is there a source on that paste?
-
Kev
Well, StartCom's model is free certs and paid for revokations if something goes wrong.
-
Ge0rG
Kev: sensible if something goes wrong due to admin fail.
-
Ge0rG
I wish I could make dumb people pay more for my time.
-
intosi
Ge0rG: what do you mean? This is the answer I got from StartCom when I asked about this issue.
-
Ge0rG
intosi: I mean something like a pastebin URL I could submit to HN for some easy karma points :P
-
intosi
Ah. http://pastebin.com/B0UnY00p
-
Ge0rG
thanks very much :)
-
Kev
FWIW, I don't see that this is worth anger at StartCom. The model was clear up front.
-
Kev
And the openssl vulnerability was hardly their fault.
-
intosi
While true, this might hurt the trust in StartCom. This is not an admin-error either.
-
intosi
In fact, the desire to have better security is one of the reasons many sites upgraded to openssl 1.0.1 in the first place.
-
Ge0rG
it might be good publicity for startcom to open a window of maybe 1 month for free revocations
-
intosi
I will most certainly reconsider my plans to get a Class 2 certification with them. I was about to do that.
-
Simon
Kev: totally agree. Startcom is very clear that their basic certs are free and that additional services are payed for.
-
Ge0rG
StartCom is adding a free angle to the whole CA extortion business.
-
Ge0rG
I also like it how they provide an easy way to generate the private keys on their servers.
-
Simon
yes - that took me by surprise too.
-
Ge0rG
On my paranoid IT-companies-run-by-Mossad list they range right before ICQ
-
Tobias
usability WTF
- Simon is happy with the free-for-opensource-certs from globalsign. (but wouldn't touch them if I had to pay)
-
Tobias
Simon, why not?
-
Simon
expensive.
-
Tobias
ah..k
-
Simon
Can't believe we're still putzing around with CAs.
-
Ge0rG
or with TLS
-
Simon
(when IPSEC could solve a lot of this for us)
-
Simon
Bring back double-rot-13
-
Ge0rG
there is even a dedicated opcode on most CPU archs for double-rot13... on x86 it is 0x90
-
Simon
one opcode up from the /dev/null acceleration unit?
-
dwd
intosi, What amazes me is that StartCom charge for revocation on Class 2. I'd not realised that before.
-
intosi
Neither did I until now.
-
intosi
Assumptions, and mothers of something I guess.
-
dwd
In fairness, I only knew about the revocation charges because I'd stumbled on it before. I disagree that it was "clear up front", I don't think you're warned when you're getting the thing.
-
intosi
You're not.
-
Kev
OK. I assumed it was clear, because you'd warned me.
-
intosi
You only find out about it if you read the FAQ, which is usually when you want to revoke.
-
Kev
(Which is why I didn't use them in the end)
-
Kev
(That and I felt more trust towards other CAs)
-
intosi
It's probably buried in the small print somewhere.
-
edhelas
hi
-
dwd
I've only seen it in the FAQ, under "I made a mistake, can I get my certificate revoked?"
-
intosi
There is something in 4.9.1 of the policy.
-
intosi
"Revocations of certificates may carry a handling fee"
-
Kev
OK. That's considerably less obvious than I'd assumed.
-
intosi
Quite.
-
intosi
That footnote only applies to "The subscriber makes a request for revocation".
-
intosi
"The subscriber’s key is suspected to be compromised;" doesn't have a (*)
-
ralphm
intosi: I did know about this. They have to make money somehow, I suppose.
-
ralphm
intosi: I wonder if they make an exception this time around, though
-
intosi
Sure. And for admin-fuckups, I agree.
-
intosi
ralphm: I contacted them, and they said no.
-
ralphm
intosi: I am guessing they will back down on this later today
-
dwd
ralphm, Why? They'll make more money today than they'll have made the rest of the year.
-
intosi
What dwd said.
-
intosi
It might lose them a few customers, but those will be mostly just the free-loaders.
-
ralphm
dwd: depends. it might result in a PR disaster
-
intosi
And perhaps some Class 2 customers who only just found out they are charged for revocation as well.
-
dwd
intosi, Except you can't just walk away if you understand and care about security, so they'll pay the fee anyway.
-
intosi
Yup.
-
ralphm
someone suggested their CA cert should be revoked instead :-)
-
dwd
I'd love to see the handling fee on that.
-
ralphm
7am. I suppose I should get tonwork early today
-
ralphm
-n
-
intosi
Have some bacon first.
-
dwd
Last hotel I stayed at had unlimited free bacon thanks to my status.
-
dwd
As far as I could tell, despite some efforts on my behalf to find one, there was no AUP either.
-
ralphm
This hotel is pretty good *except* for breakfast. I never seen things so minimal.
-
dwd
ralphm, US business hotel?
-
intosi
They might charge you a revocation fee should you decide not to eat all your bacon.
-
ralphm
dwd: no. I assume no chef and no dishwasher.
-
intosi
(or if the vendor of your utensils found out it compromised the bacon)
-
ralphm
dwd: the breakfast at Aloft is Royal, in comparision
-
Kev
Golly.
-
ralphm
intosi: the more retweets, the better, maybe
-
dwd
ralphm, What, really? That's really almost travelodgian.
-
ralphm
dwd: plastic ware and no cheese or meats, no eggs, no whole fruits, dry croissants
-
ralphm
They do have a waffel maker, oddly enough
-
Tobias
intosi, any news on wiki.xmpp.org?
-
intosi
Tobias: nothing apart from "works if you allow your browser to remember the cookie for 180 days"
-
Tobias
how do i tell chrome to allow that :)
-
intosi
Well, see the nifty checkbox on the login page?
-
intosi
Check that when logging in.
-
Tobias
ahh :)
-
Tobias
yup..that works...thanks :)
-
intosi
Still need to fix the issue though.
-
intosi
But having a workaround is good.
-
dwd
BTW, Yahoo is apparently leaking passwords via Heartbleed on login.
-
Kev
Yep.
-
Kev
I thought I pasted that in here a while back.
-
dwd
Oh, quite possibly.
-
MattJ
dwd, my favourite is the comments on the Ars Technica article... they posted it while their site was still vulnerable, and now users are posting comments on the article as each other using dumped session cookies
-
edhelas
we need to regenerate our XMPP certificates ? https://xmpp.net/ the certificates are still valid for my server
-
MattJ
edhelas, they may have been compromised though
-
MattJ
i.e. it may have been possible that someone downloaded your key file
-
edhelas
yup
-
Simon
does anyone know if gtalk.com can pass IQ messages?
-
Simon
or am I being hit by some kind of rate limiting?
-
Simon
seems possible: https://developers.google.com/cloud-print/docs/rawxmpp
-
ralphm
Simon: depends. Since May, many things are broken in this respect
-
Simon
thanks ralphm.
-
ralphm
Like that if the recipient has enabled hangouts, you might not even get iq responses
-
dwd
On reddit, somebody claims that OpenSSL.org was vulnerable two hours ago.
-
intosi
That's… odd. It's mostly down for me.
-
intosi
Ah, no, it's back again.
-
intosi
And filippo.io agrees.
-
intosi
http://filippo.io/Heartbleed/#openssl.org
-
dwd
intosi, I'm hearing that test is not reliable - it can give false positives.
-
Simon
I recommend using http://possible.lv/tools/hb/
-
Ge0rG
that test does not retest already tetsted domains
-
dwd
Ge0rG, Ah, gotcha.
-
Ge0rG
not sure if the caching is browser- or server-side
-
Tobias
i wonder how fast banks are with their patching
-
dwd
I've seen suggestions that some banks have been caught out.
-
Simon
I'm avoiding logging into anything crucial today
-
Ge0rG
looks like my bank is safe.
-
Tobias
dwd, indeed
-
dwd
intosi, Lloyd: Ta for the re-tweet. Bit cheeky. I wonder if they'll reply.
-
ralphm
dwd: given that they are based in Israel, probably not soon
-
dwd
True, they're probably into their evening now.
-
dwd
The Ars Technica article's comments have a severe misunderstanding of PFS. Sadly, I think you could get at the DH parameters on the server, and that'd make EDH protected sessions pretty weak, wouldn't it?
-
xnyhps
dwd: I'd hope the server securely erases the EDH private key as soon as the handshake is done.
-
m&m
xnyhps: you presume much
-
intosi
Securely erasing things costs cycles, while a simple free() is much cheaper.
-
intosi
Guess which of the two many developers will choose?
-
xnyhps
I got far enough into the OpenSSL code to see that DH_free is doing something called "cleanse". But then I gave up.
-
Kev
It doesn't just cost cycles, it's hard bordering on impossible, depending on platform.
-
Ge0rG
the other problem with securely erasing memory is: compilers. optimizing compilers. compilers optimizing away your write-before-free!
-
Kev
That's what I alluded to with 'hard'.
-
Ge0rG
oh, you might as well have referenced managed languages with immutable data types, which are impossible to clean up.
-
Kev
That was the 'impossible' bit :)
-
m&m
nevermind virtualized services
-
Ge0rG
And what about storage on SSD?
-
intosi
Well, any virtual memory.
-
Ge0rG
intosi: any memory in a modern computer is virtual.
-
MattJ
I've seen a couple of people saying that StartSSL have waived revocation fees now
-
MattJ
Maybe they're seeing the light
-
stpeter
MattJ: wow
-
stpeter
yeah
-
m&m
really?
-
m&m
probably for today only, *IF* it's true
-
stpeter
their servers are probably overloaded
-
Kev
intosi might appreciate a highlight, then.
-
dwd
Just seen someone over in prosody@ say they've had an "Exceptionally revoked without fee" from them.
-
ralphm
dwd: maybe someone just screwed up
-
ralphm
that said, how well do browsers even check revocation?
-
dwd
ralphm, Looked into this. Most pass-on-fail. Chromium and Chrome both seemed to be set to not check by default.
-
ralphm
splendid
-
m&m
not checking is FAST
-
dwd
By "pass-on-fail", I mean if the OCSP server is down they'll just silently pass.
-
ralphm
right
-
dwd
[21:16:17] tribut: hah. for a second cert i just recieved a request for a paypal transfer. so not always free it seems. @ dwd, ben
-
MattJ
Meanwhile: https://twitter.com/startssl/status/453631038883758080
-
ralphm
woah
-
ralphm
That's not even trying to be nice
-
Lance
i really dont understand the mixed messages from startssl. they keep saying 'no' to waiving fees, and yet people say they did get waived fees
-
ralphm
Lance: right. I am thinking that some of their support people have been slightly more friendly than others