O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

TLS Certificates on the Web – The Good, The Bad and The Ugly

515 visualizações

Publicada em

At RSA 2016, CASC member Rick Andrews talked about TLS certificates on the web: the good, the bad and the ugly.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

TLS Certificates on the Web – The Good, The Bad and The Ugly

  1. 1. SESSION ID: #RSAC Rick Andrews TLS Cer1ficates on the Web – The Good, The Bad and The Ugly PDAC-R04 Senior Technical Director Symantec Trust Services
  2. 2. #RSAC TLS Cer1ficates 2   TLS Ecosystem is almost 20 years old   Recently endured three cer>ficate-based migra>ons:   Away from MD2 and MD5 to SHA-1   Away from small RSA keys to 2048-bit keys or larger   Away from SHA-1 to SHA-256
  3. 3. #RSAC What’s Driving These Migra1ons? 3   Relentless march of aNacks (only gePng beNer)   CA/Browser Forum   Baseline Requirements   EV Guidelines   Cer>fica>on Authori>es   Browser vendors
  4. 4. #RSAC What’s Slowing These Migra1ons? 4   Use of TLS in non-browser applica>ons   Mail, XMPP and other non-web servers   POS and other devices   Lack of auto-update capabili>es   Ins>tu>onal iner>a   Companies wait years to perform a server refresh
  5. 5. #RSAC TLS Cer1ficates – the Good
  6. 6. #RSAC Deployment of SHA-2 Certificates TLS Cer1ficates – the Good Trajectory of SHA-2 deployment is encouraging (Netcra_) 6
  7. 7. #RSAC TLS Cer1ficates – the Good 7   99.98% of cer>ficates contain RSA 2048-bit, ECC 224-bit or larger keys (Netcra_)   200K certs with keys >= RSA 4096 bits (Netcra_)   BR Compliance   Responsible for standardizing cer>ficate profiles   10.7% of sites use EV (TIM)
  8. 8. #RSAC TLS Cer1ficates – the Bad
  9. 9. #RSAC TLS Cer1ficates – the Bad 9   Remaining SHA-1 certs will not work in browsers a_er 2016:   13.3% (Netcra_)   11.6% (TIM)   US DOD s>ll issuing SHA-1 cer>ficates   hNp://news.netcra_.com/archives/2016/01/08/us-military-s>ll- shackled-to-outdated-dod-pki-infrastructure.html   More than 1,000 with < RSA 2048-bit or ECC 224-bit (Netcra_)   Browsers con>nue to add compliance checks
  10. 10. #RSAC TLS Cer1ficates – the Bad 10   EV viola>ons   ~6% of all EV cer>ficates (Netcra_)   Most don’t have a valid Subject Business Category (unlikely to cause usability problems)   Thousands don’t provide EV treatment in Chrome (customer doesn’t benefit from the extra cost of EV)   BR viola>ons   ~3% of all cer>ficates found (Netcra_)   Most are policy viola>ons (CN must appear in SAN, invalid Subject State or Country, etc.) unlikely to cause usability problems
  11. 11. #RSAC TLS Cer1ficates – the Bad 11   Strong keys signed by weaker keys (a dozen or so) don’t provide the cryptographic protec>on expected by the cer>ficate owner:   ECC P-384 signed by ECC P-256   ECC P-384 signed by RSA 2048   RSA 4096 and 8192 signed by RSA 2048   Cer>ficate expira>on is embarrassing   hNp://news.netcra_.com/archives/2015/04/30/instagram-forgets-to- renew-its-ssl-cer>ficate.html   Almost 4% of sites serve an incomplete cer>ficate chain (TIM)   Most browsers don’t try to fetch missing subordinate CA
  12. 12. #RSAC TLS Cer1ficates – the Ugly
  13. 13. #RSAC TLS Cer1ficates – the Ugly 13   Invalid Cer>ficates abound   In Netcra_’s survey, approximately two thirds of all TLS cer>ficates seen are valid, issued by a trusted CA. The remaining one-third are either self-signed, expired, signed by an unknown issuer or contain mismatched names.   One MD5, 3-year cert issued in 2013 by a public CA (RSA 1024-bit key) it’s got 6 other BR viola>ons   One 512-bit RSA key used by Government of Korea (South), although it’s signed using SHA-2 it’s got 4 other BR viola>ons   Browsers block access to such sites
  14. 14. #RSAC TLS Cer1ficates – the Ugly 14   Invalid Public Key Exponent: one cer>ficate with an RSA exponent of 1   TLS data is sent in cleartext   Mul>ple CNs are prohibited, but Netcra_ found cer>ficates with up to 24 CNs   2009 study demonstrated aNacks on certs with mul>ple CNs   EV certs with fewer than the correct number of SCTs   Customer doesn’t benefit from the extra cost of EV in Chrome
  15. 15. #RSAC TLS Cer1ficates – the Ugly, con1nued 15   One cert with RSA 15,424-bit key! (includes 72 SAN values!) It’s an Apache server, but not a web site   No harm to the Web   Ten-year end-en>ty cer>ficates, issued a_er the BRs became effec>ve   Most browsers block public TLS certs with excessive dates   Cer>ficates with more than 50 SANs (Netcra_)   Nothing illegal, but might cause performance problems
  16. 16. #RSAC Applying What We’ve Learned
  17. 17. #RSAC Apply 17   2048-bit RSA with SHA-256 is adequate for now   Keep SANs to a minimum (20 or fewer), and only one CN   Replace all weak, invalid, revoked or soon-to-expire cer>ficates   Generate a new key pair every >me you replace a cer>ficate   Make sure your EV cer>ficates have the correct number of SCTs   Test your cer>ficate with all major browsers (don’t forget mobile)   Confirm that your CA has correctly issued the cer>ficate
  18. 18. #RSAC Check Your Work 18   Check TLS cer>ficates and configura>on on all servers, not just web servers   hNps://cryptoreport.websecurity.symantec.com/checker/   hNps://www.ssllabs.com/ssltest/   Consider a discovery tool like Cer>ficate Intelligence Center   hNps://www.symantec.com/ssl-cer>ficates/cer>ficate-intelligence- center/   Certlint from Amazon (open source)   hNps://github.com/awslabs/certlint
  19. 19. #RSAC Data Sets 19   Netcra_   hNp://www.netcra_.com   ICSI   hNps://notary.icsi.berkeley.edu/   Trustworthy Internet Movement (TIM) SSL Pulse   hNps://www.trustworthyinternet.org/ssl-pulse/   Comodo’s cer>ficate search tool   hNps://crt.sh
  20. 20. #RSAC Thank you!