Windows Peer Verification

11 years ago by Daniel Lowrey — view source — reply

unread

Neither plain-text download nor unverified TLS should be used for
the trusted CA root list.

What follows is more general information than an answer. I'm simply
copy/pasting curl's explanation for this question. The original can be
found here (http://curl.haxx.se/docs/caextract.html):

Yes, pointing out that this contents is not hosted on a HTTPS
site is a popular thing to do but really it doesn't help anyone,
nor does it bring any news.

If you don't trust the data or want to be more certain: run the
script yourself. Offering the data over HTTPS would give you a
chicken-and-egg problem as which CAs would you trust when
you download the bundle? You're free to run your own caextract
service on a HTTPS site to redeem this. The scripts and everything
we use to offer data on this page are available in the curl source
code tree.

11 years ago by Sanford Whiteman — view source — reply

unread

If you don't trust the data or want to be more certain: run the
script yourself. Offering the data over HTTPS would give you a
chicken-and-egg problem as which CAs would you trust when
you download the bundle?

Thanks for posting this. I find their excuse entirely fallacious.
There is no chicken-and-egg "problem" as all OSes and browsers ship
with trusted CAs, and every single one of us works under the
assumption that it is possible to securely download and/or purchase an
OS. You don't assume that the first site you visit in IE or Safari
(probably to get Firefox or Chrome!), or the first connection to the
Microsoft or Apple Update server, is not a peer-verified TLS
connection to the best of the browser's current ability. To suggest
that the list of trusted CAs might as well be initialized over
plain-text is an embarrassment.

If we didn't have any starting point of trust, whether that be
sneakernet from Red Hat HQ or whatever, there could be no such thing
as "trusted CAs".

They also imply the main vulnerability is that their copy will be
altered in transit from their site... ? That's not the point. The
problem is using plain text broadens the attack surface so that it
is even easier to make someone download your substitute copy rather
than hitting their server at all (DNS cache poisoning, IP spoofing to
direct you to attacker's DNS, straight-up compromising a DNS server
and adding a fake zone, or one-second mod of HOSTS when someone is at
the water cooler, for some examples). All that and also being able
to rewrite the plain-text response if you intercept it.

-- S.