Hacker News new | past | comments | ask | show | jobs | submit | page 2 login
Lavabit SSL Cert Revoked (lavabit.com)
420 points by jambo on Oct 8, 2013 | hide | past | favorite | 304 comments



So I wonder, if he has been banned from revealing that he has handed over the key, does revoking it count as such a revelation?

At this point, the authorities have Streisand'ed their own case - anybody they were interested in would have stopped using Lavabit months ago. So they seem to be pursuing it out of pure belligerence at this point.


which isn't all that surprising. The feds act like spoiled children when they don't get their way.


That's awesome that the certificate authority is being proactive.


Is it clear that's the case? Or is it possible that this was upon request from Levison?


good question. not sure


Or from the FBI


It would be interesting to see it be re-instated at the behest of the FBI.


They'd have to go after GoDaddy to do that:

  $ curl http://crl.godaddy.com/gds1-64.crl | 
  > openssl crl -text -noout -inform DER | 
  > grep -A 6 2771FD5D73A8BB
    Serial Number: 2771FD5D73A8BB
        Revocation Date: Oct  3 22:57:44 2013 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code:
                Key Compromise
            Invalidity Date:
                Feb 16 07:00:00 2012 GMT


It would be pointless, everyone knows by now that it is burned.


Perhaps there is some automated robot that uses it that doesn't follow the news headlines.


Hopefully if such a robot really cares about security, it is checking for revoked certificates. Although this is admittedly a pain to set up.


This is not new people! We've known for many years that MiTM was "normal" in surveillance circles. We've been saying for years that CAs are probably compromised as well. Why does it take some "revelation" to make people PAY ATTENTION?

This is not a technical issue. It's a rights issue. Solving it by technical means only kicks the can down the road by an exceedingly small amount of time. Fix the system first.


Isn't the fact the cert was revoked showing that the CA system works? The FBI would love for it to be still chained back to a valid CA.

You were only seconds away from calling folks "sheeple", weren't you ;)


Safari on my iPhone is capable of accessing it with no warning. Anyone else seeing this?


same with chrome on my android


Confirmed.


I'm sure this comment will be buried, but I sleep better at night knowing HN can still get its panties in a wad over tramplings of freedom and the abuse of the system -- long after the main stream media has lost interest. The young and old hackers reading these posts will no doubt start spending frontal lobe CPU cycles on solutions that will find their agile way into the public sphere in months, not years.


I cannot ignore this warning in Firefox 24 from official repository on Ubuntu 13.04. Actually, I cannot ignore outdated certificates, or those with unknown OCSP status (for example freshly issued certs) either.

Was there some change in Firefox's security model or is it my config? It's rather annoying.


Firefox treats an explicit "unknown" OCSP status as equivalent to being revoked, except we don't cache the "unknown" status.

Firefox doesn't allow the user to override "revoked." The thinking behind our cert error override strategy is that cert error overrides are intended mostly to allow the user to fix something that is probably supposed to work, but a revocation is a very explicit signal that the certificate isn't supposed to work.

Also, ensure Options -> Advanced -> Certificates -> Validation -> When an OCSP server connection fails, treat the certificate as invalid is unchecked.


Thanks for answering.

Yes, I have it unchecked. Is there some about:config magic or "kamikaze mode" that I could enable that would allow me to ignore at least outdated certs?

Last night I locked myself out of my own website. The old cert expired and the OCSP server didn't know about the new one yet.


Interesting. Normally we allow users to override "expired."

Was the OCSP server returned "unknown" for the old cert after it expired? One way to check this would be to uncheck the first check box in that dialog box ("Use OCSP"). If you are able to override the cert error for the expired cert then that is a good indication that the server is returning "unknown" for expired certs.

If "unknown" response for the expired cert is the cause, this is the law of unintended consequences at work. Previously, it was very common for a CA's OCSP responder to return "good" for any certificate that it didn't know about; i.e. their OCSP responders returned "revoked" for every certificate that they knew was revoked, but "good" by default. After the DigiNotar incident, we (Mozilla and other browser vendors) pushed CAs to change the default to be "unknown."

However, it is also fair for the CA to "forget" about a certificate as soon as it has expired and/or to revoke it as soon as it has expired. If so, the OCSP responder would return "revoked" or "unknown" for any expired certificate. That would turn a user-overridable error (expired) into a non-user-overridable error (revoked/unknown). This is something we hadn't considered.

Certificate authorities need to be careful that they update their OCSP responders ASAP, preferably BEFORE they give the customer the cert, to avoid this issue in the newly-issued certificate case. Because many CAs have just recently implemented this policy of returning "unknown" for unknown certs, there are still some bugs to sort out, I guess. I will bring this up in the CA/Browser forum to make sure everybody knows it is a real-world issue.


You can disable querying OCSP servers by setting the "security.OCSP.enabled" to false. This adds some privacy (otherwise OCSP servers can know and collect what SSL enabled sites you visit). Combined with the Certificate Patrol add-on [0] (to track certificate changes) this must be pretty secure, except when a certificate is being revoked you will not know about it automatically.

[0] - http://patrol.psyced.org


Which begs the question: "Better to enable OSCP and leak info or run the risk of a bad cert and disable OSCP?"


This brings up an important issue.

If you're able to access OPs link unhindered, you need to investigate your cert handling.


When I viewed this page running Chrome (Version 30.0.1599.88 beta) on a ChromeOS device I did not get any warnings.

Interestingly, when I used chrome on my Win8 PC (version 29.0.1547.76 m), I did see the warning pop up.

Doing some quick searching online revealed that chrome does not appear to do online revocation checks any longer by default[1]. You can still manually turn it back on with the "Check for server certificate revocation"[2] option which is what I did.

[1] - http://www.macworld.com/article/1165273/google_chrome_will_n...

[2] - chrome://settings/search#revocation


Almost on display: heavy-handed web-browsers that won't let us visit a site, for our own good.


Unfortunately the way cookies, etc. work it's nontrivial for a browser to just visit a site that's offering a compromised certificate without undermining past and future security.

A revoked certificate being offered doesn't have any innocent explanations, you would want to use a specialized tool not a general-purpose web browser to analyze it.


Am I reading into this right? The court declared he must hand over the private key to the SSL encryption on his server so the government could do as they wished with the traffic... and then Levison revoked the key, thus making it useless to everyone?


He shut down the site, so unless they've been capturing all the encrypted data and the sessions didn't have forward secrecy, the key was already useless.


This is both chilling and depressing. The only reason why the general public is barely phased or even cares about this nonsense is that they don't even understand what a SSL Cert is or what it means to have it taken away.


The lavabit case highlights something interesting that we need. We need that not only individuals have privacy, but that businesses have privacy of who their users are. The same way we provide anonymity to users through centralized means, is there not a way to provide a way for service provider to have a sufficient level of opaqueness of who their customers are. You can't subpeona Service Provider A if you don't know whether Person of Interest X is using the services of A, B, C, or D, etc.


Customer: I wish to make a complaint.

Shopkeeper: Go away. I don't know you.

Dead parrot problem solved.


Not exactly the same. The company can know that I am a customer. What I'm talking about is a third party not knowing that I am a customer of the company.


Android 4.3 cm shows page with no problems. CRL not working?


Here to with 2.3.7-CM. If you explicitly check the certificate it even says: "This certificate is valid" with a reassuring green check mark. Seems legit ... These things really makes me pull out my hair.


Same thing for me, in both Chrome and the default browser. This is troubling.


The rebel's force is weaken. Feel the power of the Empire.

:-)


Well this is annoying.


They are still down today.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: