Many sites reusing Heartbleed-compromised private keys (opens in new tab)

(zdnet.com)

50 pointseliot_sykes11y ago10 comments

10 comments

You should not be responsible for website security if you don't understand the absolute basics of SSL certificates.

It would be helpful if the CA (or reseller) confirmed (dispay a warning) that you really want to reissue with the same private key and explain the implications of doing so.

When reissuing a certificate the default behaviour should be to revoke the old one after some specified time has elapsed - that is what reissuing is for and what distinguishes it from simply buying a new certificate.

mobiplayer11y ago

This.

The problem is that many people in the industry doesn't really understand the basics. How come is there a leak of your certificate, if that's the public key you're showing to every single client that connects to your SSL enabled site?

I've even seen sysads advising on forums about reissuing certs after Heartbleed, but no word about the keys.

mikeash11y ago

I think that "no word about the keys" is simply due to a huge gulf in understanding. To the people giving out the advice, it's obvious that "reissue your certificates" implies "with a new private key", so obvious that they can't even imagine someone doing otherwise. It's easy to skip out on the basics that you're sure "everyone knows".

higherpurpose11y ago

Maybe they should just be advised to use PFS/ECDHE instead (which should be done anyway), and it would solve this problem by itself.

sdevlin11y ago

That would not solve the problem of active man-in-the-middle attacks.

mobiplayer11y ago

Yes, even renewing your keys and certs doesn't mean any previous communication is not compromised :)

pronoiac11y ago

Ugh. I think it would be better if revocation covered the public key instead of the serial number. (I'll ignore CRL bandwidth costs and the questionable usefulness of revocations.)

aastaneh11y ago

YUP! I covered that exact subject (http://aminastaneh.net/2014-04-23/misconceptions-about-mitig...), but it didn't catch on in HN.

nodata11y ago

i.e. they re-used the same CSR without realising that the CSR references the old compromised key.

unreal3711y ago

The odds of this being a real issue that will affect anyone are in the tiny fractions of a percent range.

j / k navigate · click thread line to collapse

10 comments

abritishguy11y ago

You should not be responsible for website security if you don't understand the absolute basics of SSL certificates.

It would be helpful if the CA (or reseller) confirmed (dispay a warning) that you really want to reissue with the same private key and explain the implications of doing so.

mobiplayer11y ago

This.

I've even seen sysads advising on forums about reissuing certs after Heartbleed, but no word about the keys.

mikeash11y ago

higherpurpose11y ago

Maybe they should just be advised to use PFS/ECDHE instead (which should be done anyway), and it would solve this problem by itself.

sdevlin11y ago

That would not solve the problem of active man-in-the-middle attacks.

mobiplayer11y ago

Yes, even renewing your keys and certs doesn't mean any previous communication is not compromised :)

pronoiac11y ago

Ugh. I think it would be better if revocation covered the public key instead of the serial number. (I'll ignore CRL bandwidth costs and the questionable usefulness of revocations.)

aastaneh11y ago

YUP! I covered that exact subject (http://aminastaneh.net/2014-04-23/misconceptions-about-mitig...), but it didn't catch on in HN.

nodata11y ago

i.e. they re-used the same CSR without realising that the CSR references the old compromised key.

unreal3711y ago

The odds of this being a real issue that will affect anyone are in the tiny fractions of a percent range.

j / k navigate · click thread line to collapse