EN CAcert Inc, the association that runs the infrastructure on behalf of the international CAcert community moves from New South Wales to Europe. This was a project and a dream for many years. On the annual general meeting 2020 the members of CAcert Inc vote with a large majority to adapt the statutes.
DE An der Generalversammlung von CAcert Inc, dem Trägerverein, haben die Mitglieder mit grosser Mehrheit der Statutenrevision zugestimmt, mit welcher der Hauptsitz, wie seit langem geplant, nach Europa verlegt wird.
FR Depuis que la grande majorité des membres de la communauté CAcert habitent en Europe, il a été souhaité de transférer l’association CAcert Inc qui gère l’infrastructure dans ce continent. Lors de l’assemblée générale 2020, les dernières décisions nécessaires ont été prises.
You are on the Internet with Firefox. So far, this was actually not a bad decision. However, when connecting to cacert.org an error now occurs. The OCSP response contains outdated information.
Error code: SEC_ERROR_OCSP_OLD_RESPONSE
This surprises you, because you have previously expressed your trust in the CAcert (CA Cert Signing Authority) root certificate. Today, however, you are still not getting access. This has to do with an update from Firefox, which changes a default setting.
The solution: Go to Settings -> Certificates: The option “Confirm current validity of certificates by request to OCSP server” must be deactivated (see picture: there must not be a tick at the red marked position), then it works again. (Dear Mozilla developers, this would not have been absolutely necessary).
Sie sind mit Firefox im Internet unterwegs. Das war bisher eigentlich kein schlechte Entscheidung. Beim Verbinden mit cacert.org tritt nun jedoch ein Fehler auf. Die OCSP-Antwort enthalte veraltete Informationen.
Das verwundert Sie, denn Sie haben früher schon dem Stammzertifikat von CAcert (CA Cert Signing Authority) das Vertrauen ausgesprochen. Heute kommen Sie aber trotzdem nicht mehr weiter. Das hat mit einer Aktualisierung seitens Firefox zu tun, welche eine Voreinstellung verändert.
Die Lösung: Gehen Sie unter Einstellungen -> Zertifikate: Die Möglichkeit “Aktuelle Gültigkeit von Zertifikaten durch Anfrage bei OCSP-Server bestätigen lassen” muss man deaktivieren (siehe Bild: an der rot markierten Stelle darf kein Kreuz mehr sein), danach geht es wieder. (Liebe Mozilla-Entwickler, das wäre nicht unbedingt nötig gewesen.)
It is not only the computers of the future that pose a threat to security, it is also the legacy of the past. Over the past two or three decades, it has become clear time and again that the majority of Internet users are struggling to replace insecure protection mechanisms. It usually takes more than ten years to introduce an improved security protocol on a large scale. If the fear of quantum computers helps to overcome this inertia, i.e. if the efforts of post-quantum cryptography are conducive to “crypto-agility”, then these novel computers have proven to be useful – even if they will never exist.
The grid-based cryptographic methods are considered to be very secure. This assessment is based on theoretical considerations and mathematical calculations. At the Institute for Microelectronics and Embedded Systems at the University of Applied Sciences of Eastern Switzerland, the focus is less on mathematical theories than on the way in which these theories are technically implemented. On the one hand, the researchers in Rapperswil (on the Lake Zurich, Switzerland) want to advance the development of fast computer chips for post-quantum cryptography. On the other hand, they also want to analyse the security of such systems. “Some algorithms that look good on paper,” explains Dorian Amiet, “prove vulnerable in practice to so-called side-channel attacks. Amiet has been working as a project member in Rapperswil for about two years on programming aspects of post-quantum cryptography.
For side-channel attacks, the Rapperswil researchers like to use an oscilloscope, a measuring device that makes electrical voltage fluctuations visible. This is because every algorithm, when used on computer hardware, is dependent on electricity. Sometimes an analysis of voltage fluctuations allows conclusions to be drawn about the inner workings of a computer program and the data it processes.
In a new paper, Amiet and other colleagues deal with “Newhope”. This grid-based method had been developed by major European companies and universities and was considered a favourite in the nesting selection process until recently. But in the Rapperswil laboratory this software did not cut a good figure. Under certain circumstances, the secrets that had been entrusted to this software could be read with the naked eye on the oscilloscope.
“Newhope” did not make it to the third and final round of nest evaluation. And the attack that brought “Newhope” to its knees in Rapperswil also works against “Crystals-Kyber” from IBM. Amiet plans to present this new finding at an international conference on post-quantum cryptography in September.
When will quantum computers be ready for use? Employees of the American consulting firm Rand Corp. have undertaken to confront 15 experts with this question as part of the aforementioned study. On average, the commissioning of a cryptographically relevant quantum computer is set for the year 2033. But the answers vary widely. There are experts who see this technology coming as early as 2022 or 2023, others believe that quantum computers will remain a chimera forever.
Andreas Curiger is also one of the doubters. The electrical engineer – co-founder and head of technology at the young Zurich security company Securosys SA – compares these computers to nuclear fusion reactors: In both cases, he says, despite decades of research, they are still far from being used in practice. Curiger does not believe that he will be dealing with a functional quantum computer in his professional life. Nevertheless, he is committed to the development of post-quantum cryptography. His company cooperates in research with the Rapperswil Institute for Microelectronics and Embedded Systems.
Securosys sells devices for the protection of data transmission, which are used by banks for the authentication and verification of financial transactions, for example. These customers appreciate the fact that these devices have been developed and manufactured entirely in Switzerland. Together with researchers from Rapperswil, Curiger wanted to find out what effort is required to adapt the Securosys devices to post-quantum cryptography. “It looks good,” says Curiger, “we were able to develop the prototype of a quantum-safe hardware module.”
Grid-based methods are currently raising great expectations in the development of cryptography that is secure from quantum computers. Mathematicians associate grids with a number of difficult tasks involving the measurement of vector spaces. The difficulty of these problems increases exponentially with the complexity of the grid. For cryptographic applications, grids with hundreds of dimensions are used.
One of the first to make mathematical grids usable for cryptography was the Hungarian-American computer scientist Miklós Ajtai, who worked at the IBM research centre in Almaden. In the mid-1990s, he opened the door to a new field of cryptography. Shortly after the turn of the millennium, grid cryptography was still the work of a small group of researchers, reports the Italian-American computer scientist Daniele Micciancio in a YouTube lecture. In the meantime, one has to read more than 100 essays a year to keep track of this rapidly expanding field of research.
Vadim Lyubashevsky is one of the researchers who have excelled here. He worked with Micciancio at the University of California in San Diego as a doctoral student. Today, he conducts research at the IBM research laboratory in Rüschlikon on the Lake Zurich, Switzerland.
The IBM researcher has done much to transform the lattice theory, which has been developed over the past 25 years, into computer software that is relevant to practice. According to Lyubashevsky, a so-called Cryptographic Suite for Algebraic Lattices (Crystals) is already being used internally by IBM, but also by Google and Cisco for testing purposes. It has been shown that these programs work very efficiently, they are faster than conventional cryptographic methods. Only the memory requirements are slightly higher because the keys are longer.
IBM has not only developed software, but also hardware: the prototype of a tape drive can store encrypted data on 20-TByte tape cartridges in a way that cannot be converted into plain text even by quantum computers.
However, such products cannot be commercialised as long as there are no binding standards for post-quantum cryptography that ensure the interaction of hardware and software components from different manufacturers. The computer world is therefore waiting for the American National Institute of Standards (Nist) to complete a long-term evaluation of quantum-safe cryptographic procedures. An important milestone has just been reached in this process: at the end of July, the American authority announced the end of the second round of evaluation.
When the Nist began to deal with quantum-secure cryptography in 2015, 82 proposals were available for selection. After two evaluation rounds, 7 algorithms remained, including several proposals from IBM. According to the latest Nist evaluation report, the grid-based proposals are considered the most promising. After a third round, which is expected to take 12 to 18 months, binding standards should finally be in place by the end of 2021.
In 1994, the American mathematician Peter Shor was able to show that quantum computers, which were still hypothetical at the time, could greatly accelerate the decomposition of prime factors. Thus, the security of asymmetric encryption is no longer guaranteed. New encryption methods have to be developed that can withstand the quantum computers: Post-quantum cryptography is needed.
It is not possible to wait until the new computers are ready for use and then solve the security problems they raise. For one thing, the development of cryptographic procedures takes time. On the other hand, data sometimes have a long life span. If their confidentiality has to be guaranteed for decades, it is essential to develop an idea today of what tools will be available to an attacker in ten or twenty years’ time. Moreover, it cannot be ruled out that malicious actors are already hoarding encrypted data today in order to read them in plain text later, when quantum computers become available.
The fact that the dangers that quantum computers pose to cryptography have been discussed for a long time, and that it may take a long time before these dangers become real, weakens the awareness of the problem in some places; this “long time and not for a long time” lends many people a false sense of security. But the task of dealing with post-quantum cryptography can no longer be put off any longer.
“The danger is acute,” says the introduction to a report published in April by the American consulting firm Rand Corp. “Quantum computers pose a threat to every government agency, all critical infrastructures and all branches of industry.” This is a new type of threat that is not comparable to conventional security problems. It is directed against the very foundations of the Internet. It threatens to be a “quantum disaster”, an author of the study told journalists. The German Federal Office for Information Security (BSI) also sees an “acute need for action” with regard to post-quantum cryptography.
A revolution is imminent: With the help of quantum mechanical effects, new types of computers could one day quickly solve computing tasks that today’s machines cannot cope with. That is good news. On the one hand. On the other hand, it is bad news. Because commercial computer science as we know it today depends on the existence of computing tasks that computers can cope with. The high computational effort forms a protective wall that secures communication channels. Quantum computers could tear down this protective wall.
Around Lake Zurich, researchers are involved in various teams for the development of post-quantum cryptography. The new encryption methods should protect secrets entrusted to the Internet for decades to come.
For centuries, and even in the late 1970s, it seemed inevitable that the sender and recipient of secret messages would use the same key. This form of protected message exchange is called symmetrical. Since then, asymmetric encryption methods have become generally accepted. They enable the secure exchange of information between two communication partners who are facing each other for the first time and have not had the opportunity to agree on a common key beforehand.
The asymmetric encryption methods use mathematical functions that can only be inverted with great effort. These are one-way or trapdoor functions: In one direction, the passage is easy to pass through, but the way back is blocked. A widely used encryption method is based on the multiplication of two large prime numbers. It does not demand much from a calculating machine, but the opposite way, the prime factorization, is too much for common computers.
deutsch: Ab sofort können Zahlungen aus dem SEPA-Raum* auf das europäische Bankkonto von CAcert überwiesen werden. Für Spenden können Sie weiterhin das Bankkonto von Secure-U in Deutschland verwenden (so vermeiden wir, dass Geld sinnlos hin- und her geschoben wird, da Secure-U für uns die Server mietet); für Mitgliederbeiträge sollte jedoch das untenstehende Bankkonto in der Schweiz verwendet werden, da nur dann der Mitgliederbeitrag dem Mitglied zugeordnet werden kann. Sie finden untenstehend Name, Postleitzahl/Ort, IBAN-Kontonummer und Bank:
italiano: A partire da ora, i pagamenti dall’area SEPA* possono essere trasferiti sul conto bancario europeo di CAcert. Per le donazioni prego di utilizzare il conto bancario Secure-U in Germania; tuttavia, per le quote associative, si deve utilizzare il conto bancario in Svizzera sotto indicato, poiché solo in tal caso la quota associativa può essere assegnata al socio. Qui di seguito trovate nome, numero postale/località, numero di conto IBAN e banca:
English: As of now, payments from the SEPA area* can be transferred to CAcert’s European bank account. For donations, the Secure-U bank account in Germany can still be used (to avoid that money is transfered twice on the same account); however, for membership fees, the bank account in Switzerland listed below should be used, as only then the membership fee can be assigned to the member. Below you will find name, postcode/town, IBAN account number and bank:
The bank is rated AA/stable by Standard&Poor. It also has a state guarantee from the state (canton) of Grisons (one of Switzerland’s 26 provinces).
Français: Dès à présent, les paiements provenant de l’espace SEPA* peuvent être transférés sur le compte bancaire européen de CAcert. Pour les dons, continuez d’utliser le compte bancaire Secure-U en Allemagne; en revanche, pour les cotisations, il convient d’utiliser le compte bancaire en Suisse indiqué ci-dessous, car ce n’est qu’alors que la cotisation peut être attribuée au membre. Vous trouverez ci-dessous le nom, le code postal/le lieu, le numéro de compte IBAN et la banque :
* SEPA Area: all 27 countries of the European Union, furthermore: Guadeloupe, French Guyana, Martinique, Réunion, Mayotte, Saint-Pierre, Miquelon, Canary Islands, Azores, Madeira, Ceuta, Melilla, United Kingdom, Gibraltar, Isle of Man, Jersey, Guernsey, Switzerland, Liechtenstein, Norway, Iceland, Monaco, San Marino, Holy Seed, Croatia, Andorra.
From September onwards, HTTPS certificates may only be issued for a maximum of one year.
Reading time: 1 min.
The maximum validity of certificates for proof of identity on the web will be further reduced – in the next step to one year. Although a vote on this issue in the CA/Browser Forum failed in September due to resistance from the certification authorities, it is still being discussed. But in March Apple came forward and declared that Safari will only accept certificates issued after September 1, 2020 if they are not valid for more than one year.
Now Mozilla and Google are following suit and creating facts. In the past, terms of 5 years were not unusual. Currently, certificates may still be issued for 2 years (more precisely: 825 days — i.e. plus some grace period). With the renewed tightening, Chrome, for example, delivers an ERR_CERT_VALIDITY_TOO_LONG if a certificate was issued after September 1, 2020 and is valid for more than 398 days.
The main reason for the constant shortening of the certificate lifetime is the fact that there is no generally functioning revocation mechanism by which a certificate could be revoked. Revocation lists (CRLs) and the Online Certificate Status Protocol (OCSP) have proven to be unsuitable and are now switched off by default.
The browser manufacturers still maintain their own internal revocation lists, which they can use to react to acute incidents. But this is a quasi manual procedure that can only cover significant problem cases. Ultimately, the browser manufacturers are now focusing on damage limitation: if, for example, the secret key of a certificate is stolen, an expiration date that is approaching as soon as possible should solve the problem.
No need for action for users
Lets Encrypt, which meanwhile dominates the market, is the pioneer and only issues certificates for 3 months anyway. Renewal is then automated via ACME. According to Mozilla, however, the other certification authorities have also agreed to only issue certificates for 398 days from September 1. In view of the demonstration of power of the browser manufacturers, they probably don’t have much choice.
As a web site operator, you don’t have to do anything else – even if you still have a certificate with a longer validity in operation. The new rule only applies to certificates issued after September 1, 2020.