Expired SSL certificate
manjaro.github.ioWTF, changing your PC date is not a solution! This will cause more issues.
A much better workaround would have been to install SuperFish as that completely disables all certificate checking on SSL.
I guess they should have just put a notice up saying forums and wiki unavailable, that could have prevented this whole mess.
Indeed, what a silly workaround.
Yeah, doesn't that generally result in a time mismatch? I thought the server and client had to roughly agree on the time.
What is shocking is that they still haven't found the way to properly fix it after 3 days.
I updated some SSL certificates last week (which even required contortions such as moving to a new issuer since some legacy software requires old-style SHA-1 signed ones which our current one doesn't provide), and it didn't take more than one (long) day of work.
At this point, changing out a cert takes me about 15 minutes (typically for multiple servers). 10 of those is figuring out the order in which to include intermediate certs. I really should script that part out.
It's just embarrassing.
I can only assume the sysop is on holiday.
Checking their about page, they have 3 web developers, one of which wrote that post. That's worrying.
The available web developers may not have access to either the SSL vendor or where the certificate is stored. None of the front-end devs I work with have access to either of those things.
The first problem is solved by getting a new vendor. The second, well someone has to have access to that.
I wonder if browsers should for (say) a week after a cert has expired, show an error so alarms are raised, but allow the dialog to be dismissed with an OK instead of all the "Confirm Security Exception" that would go on for a more serious cert rejection.
I think the real problem is that, by assuming users won't read error messages carefully, and making them shorter/less informative as a result, we've been implicitly encouraging this behaviour, leading to even less attention paid to the messages, etc. and the vicious cycle continues.
The original argument was that seeing error messages often will make users ignore them, but I don't think certificate errors should be very common now. Either way, I think we should be encouraging users to read error messages more carefully. Maybe the Yes/No buttons on the dialog should be put in a random order, and the question randomly flips between "Do you want to proceed?" and "Do you want to abort?"... adding a "learn more" option would be a good idea too.
I like this idea. At the moment there is nothing that differentiates a "this cert expired yesterday" warning from a "someone is MITMing your connection" warning, at least not for the casual user.
And since the former is (sadly) pretty common, this only teaches people that these warnings are not that unusual, and can safely be overridden.
It would be much better to have one "the server admin forgot to renew his certificate" type of warning and another "a totalitarian regime is trying to spy on you" type of warning...
And because of this I overheard someone say "I just click Okay because else the website won't load!".
That is by far not the job of a browser to remind server administrators to renew there certs and display that message to random users.
Alas, in this imperfect world, phone calls from random users are how server admins are notified of cert expiry.
...where a 10-line cron script would have done the same job, in advance.
And then the cron job (that only needs to work every few years) breaks and you find out about it after the fact when a user complains.
Needs to work every few years for each domain. Unless all your certificates expire at the same time (or you only have a few), this will be triggered a few times per year.
And moreover, your scenario is essentially "worst case: fall back to previous behavior." That's not too bad...
In this "imperfect" world nowadays eveyone try to ship his responsability to someone else.
I'll wait for someone else to respond to your comment.
I don't agree. If this happens, same rule should apply for domain name expiration.
You just made me wonder what happens if you have a cert but let the name expire. Can you MITM your old domain until the cert expires?
Sure, if you can get the client to connect through your machine.
If that's the case, shouldn't all certs only be valid until the domain expires, and all domain name sales should require revocation of all certs?
Sure, but how do you enforce the latter?
The latter can't be enforced, but individual buyers can demand that for all known certs.
And I think you can currently get certs expiring later than the domain, which seems wrong to me. Is there a good justification for that?
That's actually not a bad idea.
That shouldn't be default behaviour in any browser but rather a plugin that you can install that gives the notification. Preferably with a whitelist of websites that I want to get notifications of.
In chrome, if I click "advanced", it tells me that it's expired, and how long ago.
Our website monitoring service https://t1mr.com will warn you before your certificate expires (in addition to warning you when your site is down, and giving you reports of inbound and outbound dead links).
As does nagios' http check with the -c option. Basic monitoring helps solve so many problems.
Should we set it to 1st of April?
I can't help but notice the motto:
Enjoy the simplicity
Rant mode:
If I understand right, getting a replacement cert doesn't result in a change of the private key anyways.
It's just magically, on the expiration date, your cert is somehow insecure and we must treat it as if YOU ARE IN DANGER!! - even though it's still better than then plain HTTP that everyone uses every single goddamned day. Hell, a self signed cert is better than plain HTTP, yet for some backwards-ass reason we treat it as worse, despite the fact it makes you immune from passive eavesdropping and any injection attacks, which the average person is a lot more likely to run into than a self-signed cert being used by an attacker to MITM you.
CA's are a scam and a racket. I can't wait for Mozilla's Let's Encrypt[1] to come along and put them all out of business, hopefully before the last decade or so of training users to ignore the wolf-crying cert warnings comes to fruition.
Yeah, this is irresponsible on Manjaro's part, they know the rules of the game, but the game is broken!
A "passive eavesdropper" has all the information they need to become an active man-in-the-middle. Observe the DNS query on its way out and send your own response with your IP before the real response comes back. The client will then make its TCP connection to that injected IP.
send your own response with your IP before the real response comes back
Being able to inject traffic is not "passive".
The DNS response doesn't have to come from the same channel as the original request. If you've got an ISP that doesn't check the source IP of what you're sending, your target's endpoint will see your fake response and treat it as the real one.
Where we stand now, the only thing stopping an eavesdropper from becoming a man-in-the-middle is the will and resources of that eavesdropper.
Yup - but there's still a difference. Someone might just want to snoop on your traffic rather than mess with it.
Self-signed can be worse because by the same token it can be MITM'd by another self-signed cert. It would create the false illusion of security, which could lead people to provide information they otherwise would not have.
With all due respect, how is that worse than HTTP? Plain HTTP can be MITMed just as well, only that on HTTP - except that no one would do that because for HTTP, plain old packet sniffing is enough to eavesdrop on a connection. Which doesn't work for self-signed HTTPS connections. And there are in fact a lot of common scenarios where it is easy for an attacker to sniff packets but harder to establish an MITM.
Because you'd never put your credit card into an HTTP web site, but you would on HTTPS.
Your argument about MITM being uncommon is moot because it's not impossible and is only rare because the current system is the way that it is. Changing the system would change the attackers' methods.
Worse in the sense that you expect an HTTPS connection to be secure, while you don't (or shouldn't!) expect an HTTP connection to be.
Then treat a self signed HTTPS cert as equivalent to an unsecured HTTP connection and be done with it.
There's absolutely no reason that the most common failure modes (expiration, bare domain vs www., self signed) presents warnings that Something Fishy Is Going On®, when 9999/10000 times, there is not.
Smoke coming from my neighbor's yard in the summer might be a fire, but in all likelihood, they're running a barbecue grill. The SSL equivalent would be calling the fire department every time someone puts some steaks on.
You can't treat a self-signed HTTPS cert as equivalent, because it has "https" in the URL, which people use to distinguish a safe connection from an unsafe one.
In a graphical browser as used by most people? Sure you can. Chrome's method of striking out the https bit and turning it red is quite evocative.
What I take issue with here is the "HOLY CRAP, STOP EVERYTHING!" nature of the warnings as thrown by browsers nowadays. The severity of the warning is not proportional to the likelihood of there being something actually wrong, hence crying wolf. ("Yes, I know this is a self signed cert, because it's mine, now screw off and load the page I asked you to, thanks.") IMAO, there is zero reason for an expired certificate to throw this kind of warning.
And there's an argument that there's a good reason for that, but that reason ignores the fact that users have been steadily conditioned to click past the warnings, and most of the time, to no ill effect.
Apparently enough people fail to make the connection that there are plans to apply the same thing to plain http connections sometime in the near future.
In 2010 China MITM'd 15% of the entire internet[0]. Last month, a Chinese CA issued an unauthorized certificate for the google.com domain[1].
Invalid certificates _need_ to be treated as a major security risk, and an expired certificate is still invalid. The only way the system works is via a network of trust, and if I'm an issuer of certificates I would expect that if I said a certificate I issued is expired, it would be treated as such.
Yes it sucks that managing the certificates is difficult and expensive, and it's great that Mozilla is doing something about that, but the technical foundations on which the current certificate system is built are in place for very good reasons. Encrypting traffic doesn't do any good when you're encrypting on the middleman's terms, and the only way to make sure that's not happening is by verifying the identity of the server you're talking to.
[0] http://www.eweek.com/c/a/Security/15-Percent-of-Internet-Tra...
[1] http://thenextweb.com/insider/2015/04/02/google-to-drop-chin...
I think there are two issues being conflated here, the push to encrypt all the things, and common sense encrypting things when you're doing sensitive stuff like entering PII.
For the first use case, using HTTPS, whether it be self signed, expired, bad domain, or whatever the failure mode, is strictly better than using HTTP. It's that simple, because you're providing a layer that does not exist otherwise. Hell, at least if you're getting MITMed, it's you vs the one attacker, not you vs the government and every other kiddie with a copy of wireshark.
For the second one, we care a lot more about the authentication bit.
and an expired certificate is still invalid.
..for no good reason whatsoever. If renewing a cert required a rekey, that would be one thing, but it does not. If an attacker has compromised your private key, nothing is stopping them from going out to your CA with a fresh CSR in hand and regenning the cert themselves! The functional difference between an expired cert and a non expired one is how loud the browser whines about it - you're just as secure, identity has still been verified to the same degree. It's arbitrary and pointless and bureaucratic and causes more problems that it solves, and needs to go away.
if I'm an issuer of certificates I would expect that if I said a certificate I issued is expired, it would be treated as such.
If you're an issuer of certificates, you have a vested interest in making the process to become a competitor of yours as annoying and expensive as possible. (How'd that ~$30k WebTrust audit work out for some of the CA's recently?) You also have no differentiation in product - once you're an accepted CA, your cert is as good as VeriSign's and provides absolutely nothing that theirs does not.
What this means is that the vendors trade on fear, much like antivirus companies used to (and kind of still do) - creating this bogus perception that a signed SSL cert is anything other than a signed SSL cert depending on who you paid and how much.
You can get MITM'd at every single switch or router your traffic passes through, not just one attacker. That includes your government, other governments, the company running the public wifi you're connected to, your ISP, everyone.
In fact, some of them would probably do it wholesale. If PRISM doesn't already have a google.com MITM-ready certificate, they sure as hell would once we dropped the CA trust system.
> and an expired certificate is still invalid.
>..for no good reason whatsoever.
For very good reason. The certificate system is built on trust, and as soon as the expiry point is reached that certificate and the identity it represents is no longer vouched for by the CA.
I'm not advocating getting rid of the web of trust system - it has a reason to exist. What I am advocating is the burning to a smoking, lifeless crater of the current system of CAs and their mafia-like relationship with their customers. ("Gee, that's a nice website you have there, would be a shame if all your visitors got scary, misleading warnings...")
Let's Encrypt is a great first step towards that. If certs are issued by a known good actor with no perverse incentives, most of the other problems I'm complaining about completely go away, or at least become a lot less problematic, and as a nice side benefit, the Startcoms and the Verisigns of the world get to do something more productive with their time.
As to the expiration, that is a completely arbitrary and bureaucratic distinction, not a practical one. Your domain doesn't stop being owned by you and your private key doesn't lose its qualities just because the date is D+1d.
The entire concept of expiring certs could be removed from the web SSL system with no ill impact.
Look at it this way:
* If the idea was to prevent against key compromise, a rekey would be required - it isn't.
* If the idea was to re-verify your identity, renewing a cert would be more involved than logging in and pasting a CSR - it isn't. And that goes double when the cert is only for domain validation and doesn't vouch for anything other than the fact that the guy who generated the CSR had access to the server the domain points at when the cert was generated.
Both of these are practical concerns that are completely ignored - so what reasons are left?
30 minutes, comodo reseller, seriously; You won't get SHA256, but you won't be asking your users to hurt themselves.
Don't pretty much all browsers let you accept using an expired certificate?
The issue is with HSTS. If you've visited the site before you've likely cached that SSL is required and your browser will refuse to connect. Using e.g. a 'private window' will allow it to be bypassed.
> Using e.g. a 'private window' will allow it to be bypassed
In Firefox, yes. But not in Chrome (in my experience).
Yes was my thought also but put glasses on this workaround is even better, as it may scrow up more ssl certs from other domains.
Not if you're using HSTS. Here's what the error looks like in current Chrome: https://certsimple.com/images/blog/hsts.png
Why is this on the frontpage?
Because it's kind of completely ridiculous; both the problem and the proposed solution.
...and the fact that it kind of suggests that you might not want to trust a Linux distro to get security right on your boxes if they are unable to fix their SSL certs after 3 days.
Manjaro had a rather… iffy relationship with developing a security mindset in the past: http://allanmcrae.com/2013/10/comparison-of-security-issue-h...
It appears they're not learning.
The two are not really related.
With regards package updates, when Arch started publishing security update announcements Manjaro could start pushing those out faster. Delayed updates of other upstream packages is not really an issue (e.g. Ubuntu and CentOS have many packages that are not in sync with upstream).
Because people are forgetting that the first rule of Hacker News is that no fun is allowed.
This is really awesome. Why do certificates expire in the first place?
By having an expiry, revoked certs can be forgotten about once the expiry has passed. We'd need to keep a forever growing list of revocations otherwise.
Also certs get switched to ones with stronger algorithms and longer keylengths after expiry. You also would have to revoke old certs all the time when their crypto isn't safe anymore.
Awesome