Mozilla followed through on its intention to sanction misbehaving certificate authorities, removing WoSign and...
StartCom from its list of trusted certificate authorities after questionable practices were revealed.
Mozilla imposed consequences on the certificate authorities (CAs) in line with recommendations made in the report issued earlier this year, though the CAs may reapply for trusted certificate authority status as soon as June 1, 2017. Mozilla's actions start with distrusting certificates from WoSign or StartCom that have a "notBefore" date later than Oct. 21, 2016 -- as well as the backdated SHA-1 certificates already identified -- as of Firefox 51. Mozilla also will no longer accept audits done by Ernst & Young Hong Kong.
Mozilla plans to remove the affected certificates from its root store at some point after March 2017. If the CAs successfully apply for root inclusion before Mozilla has removed the old root certificates, Mozilla may coordinate with the CAs to simplify customer migration from the old root certificates to the new ones.
And that's not all: "Mozilla reserves the right to take further or alternative action," the Mozilla security team wrote.
WoSign ran afoul of Mozilla's rules for certificate authorities on a number of issues -- perhaps most seriously by issuing backdated SHA-1 certificates and purchasing the Israel-based CA StartCom without notifying Mozilla.
By issuing backdated SHA-1 certificates, WoSign allowed the certificate owners to bypass restrictions on the use of SHA-1 after the algorithm's deprecation due to no longer being secure. In October 2014, CA/Browser Forum -- the organization that sets the rules for CA operation -- prohibited the issuance of certificates using SHA-1 after Jan. 1, 2016.
Another serious infraction involved WoSign's purchase of StartCom, an Israel-based CA. "While purchasing another CA is by no means illegal, Mozilla's program requirements say that a change of CA ownership must be disclosed," last month's report read. "In this case, that was not done -- and, in fact, the change was directly denied a few months after it happened."
The consequences are spelled out in Mozilla's WoSign and StartCom action items and require the CAs to come up with a plan to ensure no future violations of Mozilla's CA Certificate Policy and the CA/Browser Forum's Baseline Requirements. They also require the CAs implement the changes, prove -- through audits -- compliance and support 100% embedded certificate transparency for all issued certificates.
Mozilla to support TLS 1.3
Meanwhile, Mozilla also took action to move forward on supporting version 1.3 of the Transport Layer Security (TLS) protocol in its browsers, though the reveal came through a mozilla.dev.platform mailing list message from Martin Thomson, principal engineer at Mozilla.
"TLS 1.3 is the next version of TLS, the protocol that secures the web," Thomson wrote. "TLS 1.3 removes old and unsafe cryptographic primitives, it is built using modern analytic techniques to be safer, it is always forward secure, it encrypts more data and it is faster than TLS 1.2."
TLS 1.3 is currently specified as an internet draft, and Thomson stated Mozilla would ship TLS 1.3 support based on draft 16 of the protocol and will update to draft 17 when possible.
Find out more about the benefits of the TLS 1.3 update.
Find out more about why SHA-1 is being undermined as a reliable algorithm.
Read about risks related to certificate authorities.