Re: Russia attempts mandating installation of root CA on clients for TLS MITM

[Eric Kuhnke <eric.kuhnke () gmail com>]

Clarification, Google Chrome has its own root CA revocation/CRL program. It
does still rely on the operating system root CA trust store.

Using a typical intranet/RFC1918 IP space environment as an example, as you
might see in any $BIGCORP, if you install your own choice of root CA in the
Windows 10 root CA trust store, Chrome's TLS1.2/TLS1.3 access to internal
resources that are https only will work flawlessly without any security
warnings. Very normal configuration these days. Used for things like DLP in
banking/corporate environments or places where the gateway between internal
IP space and the public world has a firewall in place with MITM ability for
all TLS traffic.

On any windows 10 system with local admin privileges you can manually find
this by opening MMC, go to add/remove snap-ins, select the certificates
(local computer) snap-in, left side menu browse to trusted root
certificates.



On Fri, 11 Mar 2022 at 10:48, Mu <mu () zuqq me> wrote:

> > Mozilla is the only browser vendor these days that maintains its own
> independent root CA storage for the browser. Chrome, Chromium, Safari,
> Edge, IE etc all use whatever root CAs are trusted by the operating system.
> If they can get Windows 10 client PCs pushed to retail with an image that
> includes their CA...
>
> Google Chrome has it's own root program, and all vendors have been reliant
> on Mozilla's setup for some time. They don't just blindly trust the OS.
>
>
> ------- Original Message -------
> On Friday, March 11th, 2022 at 1:34 PM, Eric Kuhnke <eric.kuhnke () gmail com>
> wrote:
>
> Considering that 99% of non-technical end users of windows, macos,
> android, ios client devices *have no idea what a root CA is,* if an
> authoritarian regime can mandate the installation of a government-run root
> CA in the operating system CA trust store of all new devices sold at
> retail, as equipment is discarded/upgraded/replaced incrementally over a
> period of years, they could eventually have the capability of MITM of a
> significant portion of traffic.
>
> Presumably with Apple ending shipment of new MacOS devices to Russia and
> retail sales of new devices, this wouldn't be so much of an issue with
> MacOS. The process of re-imaging a modified MacOS install .DMG onto a
> "blank" macbook air or similar with a new root CA included would be non
> trivial, and hopefully might be impossible due to crypto signature required
> for a legit MacOS bootable install image.
>
> Mozilla is the only browser vendor these days that maintains its own
> independen root CA storage for the browser. Chrome, Chromium, Safari, Edge,
> IE etc all use whatever root CAs are trusted by the operating system. If
> they can get Windows 10 client PCs pushed to retail with an image that
> includes their CA...
>
>
>
>
>
>
> On Thu, 10 Mar 2022 at 18:27, Dario Ciccarone (dciccaro) via NANOG <
> nanog () nanog org> wrote:
>
> > I think the point Eric was trying to make is that while, indeed, the
> > initial, stated goal might be to be able to issue certificates to replace
> > those expired or expiring, there's just a jump/skip/hop to force
> > installation of this root CA certificate in all browsers, or for Russia to
> > block downloads of Firefox/Chrome from outside the Federation, and instead
> > distribute versions which would already include this CA's certificate. And
> > then MITM the whole population without their knowledge or approval.
> >
> > GIVEN: savvy users might know how to delete the certificate, or others
> > may teach them how, and how to download other CA's certificates (if the
> > government was to ship only this certificate with the browser). Cat and
> > mouse game. The North Korean and Chinese governments have been doing these
> > kind of shenanigans for a long time - I am sure Russia could copy their
> > model. And considering the tight media control they’re already exercising,
> > I don't think it is crazy or paranoid to think Internet will be next. They
> > seem to be already going down that path.
> >
> > PS: opinions and statements, like the above, are my very own personal
> > take or opinion. Nothing I say should be interpreted to be my employer's
> > position, nor be supported by my employer.
> >
> > On 3/10/22, 7:38 PM, "NANOG on behalf of Sean Donelan"
> > <nanog-bounces+dciccaro=cisco.com () nanog org on behalf of sean () donelan com>
> > wrote:
> >
> > On Thu, 10 Mar 2022, Eric Kuhnke wrote:
> > > I think we'll see a lot more of this from authoritarian regimes in the
> > > future. For anyone unfamiliar with their existing distributed DPI
> > > architecture, google "Russia SORM".
> >
> > Many nation's have a government CA.
> >
> > The United States Government has its Federal Public Key Infrastructure,
> > and Federal Bridge CA.
> >
> > https://playbooks.idmanagement.gov/fpki/ca/
> >
> > If you use DOD CAC ID's or FCEB PIV cards or other federal programs, your
> > computer needs to have the FPKI CA's. You don't need the FPKI CA's for
> > other purposes.
> >
> > Some countries CA's issue for citizen and business certificates.
> >
> >
> > While X509 allows you to specify different CA's for different purposes,
> > since the days of Netscape, browsers trust hundreds of root or bridged CA
> > in its trust repository for anything.
> >
> > Neither commercial or government CA's are inherently more (or less)
> > trustworthy. There have been trouble with CA's of all types.
> >
> > A X509 certificate is a big integer number, in a fancy wrapper. Its not a
> > magical object.