Chrome 停止信任 Entrust 憑證的計畫

Hacker News 上看到「Entrust Certificate Distrust (googleblog.com)」這個討論,Google 決定要停止信任 Entrust 頒發的憑證:「Sustaining Digital Certificate Security - Entrust Certificate Distrust」。

快速翻了一下 Google 列出來在 Mozilla Bug List 上面的記錄 (在這裡),應該是出太多包,而且有些包給的解釋又不能說明出包的理由?

我拉了一下 Let's Encrypt 的情況,可以看到是兩種不同的情境:「這邊」,或是 GlobalSign:「這邊」。

目前的計畫是在下個 stable 版開始設限 (現在 stable 是 126,目前公告 127 開始擋),但給了四個月的期限,仍然會認 Entrust 在 2024/10/31 前發的憑證:

TLS server authentication certificates validating to the following Entrust roots whose earliest Signed Certificate Timestamp (SCT) is dated after October 31, 2024, will no longer be trusted by default.

因為有 Certificate Transparency (CT) 的關係,所有的簽署資料都會是公開可以查的,所以 Hacker News 上面有人整理出來有受到影響的網站... 看起來是把抓回來的資料丟到 ClickHouse 上分析:「SELECT rank, domain, certificate_issuer FROM minicrawl_processed WHERE startsWith(certificate_issuer, 'Entrust') AND date = today() ORDER BY rank::UInt32」。

裡面可以看到許多知名的網站 (畢竟還是 Entrust),這點從「Market share trends for SSL certificate authorities」這邊可以看得出來,雖然跟前面幾家比起來算小,但至少還是在榜上。

來等看看 MozillaApple 的動作,會不會有更嚴格的 distrust 的行為 (提前?),畢竟讓他再做四個月的生意也是很危險?

南極洲使用 Internet 的痛點

在「Engineering for Slow Internet (brr.fyi)」這邊看到的,這幾天還蠻紅的文章,在講網路受限的情況下要怎麼想辦法:「Engineering for Slow Internet」,作者是南極洲計畫 (USAP) 的 IT (目前已經回美國本土)。

主要的技術限制有幾個,第一個是對外網路的時間是有限的,因為受限於經過上空的衛星是有限的,這是 2023 年十月的一些資料:

可以看到主要是 DSCS (五顆服役中,但不是每科都有經過南極上空) 與 TDRS-6

這個是物理限制,沒有 workaround 可以做,所以所有人都得照著對應的時段安排傳輸。不過應該有其他的衛星可以隨時聯絡 (emergency channel),畢竟算是半個軍事計畫?

Hacker News 上也有人討論到 Starlink 好像還是有一些衛星會飛過南極洲,但不確定是否有 relay 的能力,如果有的話似乎也能考慮看看?(不過可能會需要客製天線,畢竟緯度的關係,設備需要的工作溫度區間不太一樣)

另外一個大問題是 latency,平均的 latency 是 750ms,而且 jitter 會到數秒:

Round-trip latency averaging around 750 milliseconds, with jitter between packets sometimes exceeding several seconds.

第三個是速度,一般使用者的平均網路速度大約是個位數的 kbps 到狀況好的時候大約是 2mbps,差不多是 1990 年代數據機的速度:

Available speeds, to the end-user device, that range from a couple kbps (yes, you read that right), up to 2 mbps on a really good day.

文章基本上就是圍繞這些問題在討論。

因為 latency 過高,而很多應用程式 (web 或是 app) 寫死 timeout,所以造成網路明明就有慢慢在傳輸資料,你放著慢慢傳遲早會傳完,但卻因為超時而失敗。

另外因為頻寬有限的問題,沒有提供續傳機制 (app 裡面沒做,或是沒有提供檔案直接讓有技術能力的人下載,像是 wget -c 這樣的工具) 就很容易因為失敗浪費頻寬。

另外是遇到軟體更新機制 (像是安全性更新) 無法下載檔案後直接安裝,都會有裝到一半中間要連網的事情。

另外一塊是現在太多工具太肥大,一個簡單的功能要先下載一包 20MB javascript 之類的 (然後換算一下前面提到的頻寬,在網路最好的情況下得花 80 秒下載這包 javascript)。

如果你的使用者族群包括了這類網路狀況不是很好的地區,這篇提到的蠻多東西都還蠻值得參考的。

NIST P-curve 的 Seed Bounty Program

Filippo Valsorda 發起了 seed bounty program,針對 NIST P-curve 裡 seed 的部分尋找 SHA-1 的 pre-image:「Announcing the $12k NIST Elliptic Curves Seeds Bounty」。

先講一下這次的 bounty program,希望找出下面這些 SHA-1 的 pre-image input (也就是找出 input,使得 SHA1(input) 會等於下面的東西):

3045AE6FC8422F64ED579528D38120EAE12196D5
BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5
C49D360886E704936A6678E1139D26B7819F7E90
A335926AA319A27A1D00896A6773A4827ACDAC73
D09E8800291CB85396CC6717393284AAA0DA64BA

金額是 US$12288,但是要五個都找到。

話說在寫這篇時,查資料發現 P-384 有獨立條目,但 P-256P-521 都是重導指到 Elliptic-curve cryptography 這個條目,但 P-384 看起來也沒什麼特別的,不知道當初編輯的人是怎麼想的...

回來原來的問題,要從一些背景開始講,橢圓曲線的表示法有多種,像是:

y^2 = x^3 + ax + b (Weierstrass form) y^2 = x^3 + ax^2 + bx (Montgomery form)

而這些常數 ab 的選擇會影響到計算速度,所以通常會挑過,但畢竟是密碼學用的東西,挑的過程如果都不解釋的話,會讓人懷疑是不是挑一個有後門的數字,尤其 NIST (NSA) 後來被證實在 Dual_EC_DRBG 裡面埋後門的醜聞,大家對於 NIST 選擇或是設計的密碼系統都有很多疑慮。

舉個例子來說,2005 年時 djb 發明了 Curve25519 (論文「Curve25519: new Diffie-Hellman speed records」則是記錄 2006),選擇的橢圓曲線是:

y^2 = x^3 + 486662x^2 + x

他就有提到這邊的 486662 是怎麼來的:他先在前一個段落說明,這邊數字如果挑的不好的話,會有哪些攻擊可以用,接下來把最小的三個值列出來,然後說明原因:

To protect against various attacks discussed in Section 3, I rejected choices of A whose curve and twist orders were not {4 · prime, 8 · prime}; here 4, 8 are minimal since p ∈ 1+4Z. The smallest positive choices for A are 358990, 464586, and 486662. I rejected A = 358990 because one of its primes is slightly smaller than 2^252, raising the question of how standards and implementations should handle the theoretical possibility of a user’s secret key matching the prime; discussing this question is more difficult than switching to another A. I rejected 464586 for the same reason. So I ended up with A = 486662.

而 P-192、P-224、P-256、P-384 與 P-521 的值都很怪,這是十六進位的值,在正式的文件或是正式的說明上都沒有解釋,屬於「magic number」:

3045AE6FC8422F64ED579528D38120EAE12196D5 # NIST P-192, ANSI prime192v1
BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5 # NIST P-224
C49D360886E704936A6678E1139D26B7819F7E90 # NIST P-256, ANSI prime256v1
A335926AA319A27A1D00896A6773A4827ACDAC73 # NIST P-384
D09E8800291CB85396CC6717393284AAA0DA64BA # NIST P-521

依照 Steve Weis 說,這些值當初是 Jerry Solinas 是隨便抓個字串,再用 SHA-1 生出來的:

Apparently, they were provided by the NSA, and generated by Jerry Solinas in 1997. He allegedly generated them by hashing, presumably with SHA-1, some English sentences that he later forgot.

這是 Steve Weis 的敘述,出自「How were the NIST ECDSA curve parameters generated?」:

[Jerry] told me that he used a seed that was something like:
SEED = SHA1("Jerry deserves a raise.")
After he did the work, his machine was replaced or upgraded, and the actual phrase that he used was lost. When the controversy first came up, Jerry tried every phrase that he could think of that was similar to this, but none matched.

如果可以證實當初的字串,那麼 NIST 在裡面埋後門的疑慮會再降低一些,這就是這次發起 bounty program 的原因。

EULA 不能禁止使用者 decompile 修 bug

Hacker News Daily 上翻到的,歐洲法院認為 EULA 不能禁止使用者 decompile 修 bug:「EU court rules no EULA can forbid decompilation, if you want to fix a bug (europa.eu)」,官方的英文版文件在這邊可以翻到,不過原始判決是法文:

* Language of the case: French.

這是 Top System SA 與比利時政府打的訴訟,法院認為修 bug 而需要 decompile 這件事情是合法的,即使考慮到 Article 6 的規範:

In the light of the foregoing considerations, the answer to the first question referred is that Article 5(1) of Directive 91/250 must be interpreted as meaning that the lawful purchaser of a computer program is entitled to decompile all or part of that program in order to correct errors affecting its operation, including where the correction consists in disabling a function that is affecting the proper operation of the application of which that program forms a part.

In the light of the foregoing considerations, the answer to the second question referred is that Article 5(1) of Directive 91/250 must be interpreted as meaning that the lawful purchaser of a computer program who wishes to decompile that program in order to correct errors affecting the operation thereof is not required to satisfy the requirements laid down in Article 6 of that directive. However, that purchaser is entitled to carry out such a decompilation only to the extent necessary to effect that correction and in compliance, where appropriate, with the conditions laid down in the contract with the holder of the copyright in that program.

案子看起來應該還有得打?看起來好像不是最終判決...

REQUEST for a preliminary ruling under Article 267 TFEU from the Cour d’appel de Bruxelles (Court of Appeal, Brussels, Belgium), made by decision of 20 December 2019, received at the Court on 14 January 2020[.]

但不管怎樣,算是有些東西出來了... 然後 Hacker News 上面的討論就看到一些很歡樂的例子:

This becomes incredibly interesting in terms of e.g. Denuvo. This anti-piracy middleware has been shown to make games unplayable, and this EU law seems to support removing it.

哭啊怎麼提到該死的 Denuvo XDDD

小企業的蘋果稅將從 30% 降到 15%

Apple 宣佈了小企業的 App Store 抽成將從明年起降價:「Apple announces App Store Small Business Program」。

新聞稿的副標先把重點拉出來了:

New program reduces App Store commission to 15 percent for small businesses earning up to $1 million per year

細節會在 12 月釋出,但蘋果先解釋了有哪些情況會符合 30% -> 15% 的條件,分成現有的帳戶與新的帳戶,基本上是以一百萬美金為標準:

While the comprehensive details will be released in early December, the essentials of the program’s participation criteria are easy and streamlined:

  • Existing developers who made up to $1 million in 2020 for all of their apps, as well as developers new to the App Store, can qualify for the program and the reduced commission.
  • If a participating developer surpasses the $1 million threshold, the standard commission rate will apply for the remainder of the year.
  • If a developer’s business falls below the $1 million threshold in a future calendar year, they can requalify for the 15 percent commission the year after.

不知道對蘋果的影響會有多少,但對於個人開發的 app 應該是可以拿到多一點,大企業的 app 主要都會超過而沒有什麼大影響。

感覺這應該跟最近一些內部文件與電子郵件被公開有關...

Apple 提供蝴蝶鍵盤免費維修 (全球性)

翻到文章的最後面可以看到「Information as of 2019-05-21」,不過剛剛才在 Hacker News 上看到這則消息:「Apple's service program for butterfly keyboard MacBooks, even out of warranty (support.apple.com)」,官方網站的說明在「Keyboard Service Program for MacBook, MacBook Air, and MacBook Pro」這邊:

Apple has determined that a small percentage of the keyboards in certain MacBook, MacBook Air, and MacBook Pro models may exhibit one or more of the following behaviors:

  • Letters or characters repeat unexpectedly
  • Letters or characters do not appear
  • Key(s) feel "sticky" or do not respond in a consistent manner

Apple or an Apple Authorized Service Provider will service eligible MacBook, MacBook Air, and MacBook Pro keyboards, free of charge. The type of service will be determined after the keyboard is examined and may involve the replacement of one or more keys or the whole keyboard.

機型從 MacBook (Retina, 12-­inch, Early 2015) 到最近的都有,可以從系統選單上面看到。時間上只要是售出四年內都包含在內,而且先前如果有因為鍵盤維修的也可以試著申請退費:

This worldwide Apple program does not extend the standard warranty coverage of your Mac notebook.

If you believe your Mac notebook was affected by this issue, and you paid to have your keyboard repaired, you can contact Apple about a refund.

The program covers eligible MacBook, MacBook Air, and MacBook Pro models for 4 years after the first retail sale of the unit.

Yubico 宣佈推出 Lightning 的 U2F 界面...

YubicoCES 2019 上宣佈推出兩用版的 YubiKey,同時支援 USB-CLightning 接頭:「Yubico Launches the Security Key NFC and a Private Preview of the YubiKey for Lightning at CES 2019」。

從照片可以看出來是直接做成兩側各一個頭:

目前是 Private Preview,開發者需要跟 Yubico 申請:

If you are a developer or service that would like to support strong hardware authentication on iOS, we invite you to work with us by applying to participate in the YubiKey for Lightning Program. Selected participants will have access to the private preview of YubiKey for Lightning and also the Yubico Mobile iOS SDK for Lightning.

不過看起來是硬體限制沒辦法朝 NFC 支援?另外如果蘋果下一代 iPhone 換掉變成 USB-C 就搞笑了...

歐盟對十四套 Open Source 軟體推出 Bug Bounty Program

歐盟對於 14 套 open source 軟體推出 bug bounty program,協助改善這些軟體的品質 (主要是資安這塊):「EU to fund bug bounty programs for 14 open source projects starting January 2019」、「In January, the EU starts running Bug Bounties on Free and Open Source Software」。

這十四套軟體的選擇應該可以參考「EU aims to increase the security of password manager and web server software: KeePass and Apache chosen for open source audits」這邊...

然後看到「Intigriti/Deloitte」這個才知道原來 Deloitte 也有做這個啊...

AWS 多了一卡車服務符合 PCI DSS

碰到信用卡卡號時會需要的 PCI DSS,在 AWS 上面多了一卡車服務過了這個認證:「AWS Adds 16 More Services to Its PCI DSS Compliance Program」。

多了這些,有不少其實蠻常用的東西:

  • Amazon Inspector
  • Amazon Macie
  • Amazon QuickSight
  • Amazon S3 Transfer Acceleration
  • Amazon SageMaker
  • Amazon Simple Notification Service
  • AWS Batch
  • AWS CodeBuild
  • AWS Lambda@Edge
  • AWS Shield
  • AWS Snowball
  • AWS Snowball Edge
  • AWS Snowmobile
  • AWS Systems Manager
  • AWS X-Ray

Lambda@Edge 可以用表示信用卡處理頁面上也可以卡這個服務進來了,另外比較意外的是,SNS 之前居然沒在 PCI DSS 清單裡面喔 XDDD

2017 年 CA/Browser Forum 在台北辦的見面會議的會議記錄出爐了...

2017 年 CA/Browser Forum 在台北舉辦的見面會議,會議記錄總算是出爐了:「2017-10-04 Minutes of Face-to-Face Meeting 42 in Taipei - CAB Forum」。

由於是辦在台北,所以台灣很多單位都有出席,像是中央警察大學 (1)、中華電信 (11)、日盛聯合會計師事務所 (1)、TWCA (3):

Attendance: Peter Bowen (Amazon); Geoff Keating and Curt Spann (Apple); Jeremy Shen (Central Police University); Franck Leroy (Certinomis / Docapost); Wayne Chan and Sing-man Ho (Certizen Limited); Wen-Cheng Wang, Bon-Yeh Lin, Wen-Chun Yang, Jenhao Ou, Wei-Hao Tung, Chiu-Yun Chuang, Chung-Chin Hsiao, Chin-Fu Huang, Li-Chun Chen, Pin-Jung Chiang, and Wen-Hui Tsai (Chunghwa Telecom); Alex Wight and JP Hamilton (Cisco), Robin Alden (Comodo), Gord Beal (CPA Canada), Ben Wilson and Jeremy Rowley (DigiCert), Arno Fiedler and Enrico Entschew (D-TRUST); Kirk Hall (Entrust Datacard); Ou Jingan, Zhang Yongqiang, and Xiu Lei (GDCA); Atsushi Inaba and Giichi Ishii (GlobalSign); Wayne Thayer (GoDaddy); Devon O’Brien (Google); David Hsiu (KPMG); Mike Reilly (Microsoft); Gervase Markham and Aaron Wu (Mozilla); Hoang Trung La (National Electronic Authentication Center (NEAC) of Vietnam); Tadahiko Ito (Secom Trust Systems); Leo Grove and Fotis Loukos (SSL.com); Brian Hsiung (Sunrise CPA Firm); Steve Medin (Symantec); Frank Corday and Tim Hollebeek (Trustwave); Robin Lin, David Chen, and Huang Fu Yen (TWCA); and Don Sheehy and Jeff Ward (WebTrust).

開頭有提到會議記錄 delay 的情況:

Preliminary Note: The CA/Browser Forum was delayed in completing the minutes for its last Face-to-Face meeting Oct. 4-5, 2017 in Taipei, and the proposed final Minutes were only sent by the Chair to the Members on December 13, 2017 for their review. There was not enough time for Members to review the draft before the next teleconference of December 14, and the teleconference of December 28 was cancelled due to the holidays. The next Forum teleconference is scheduled for January 11, 2018.

會議記錄很長,主要是有不少主題被拿到見面會議上討論,另外有一半的篇幅是在說明各家 root program policy 的變化。

下次的見面會議會在三月,然後會由 Amazon 辦在東岸:

Peter confirmed the next F2F meeting will be hosted by Amazon on March 6-8, 2018 at its Herndon, Virginia location. More information will be provided in the coming months.