User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0

Steps to reproduce:

Analogous to https://bugzilla.mozilla.org/show_bug.cgi?id=1680927 bug.
Russia started trying to force people to install government root CA certificate https://www.gosuslugi.ru/tls (also attached).
There are emails that are sent from gosuslugi site (it's the goverment site that provides various government services like taxes/marriage registration/international passport ordering/you name it) where half of the russian citizens are registered. Email says

Problems accessing some sites

Dear friends
Some sites may not open now. This is due to problems in the work of certificate authorities that check the security and reliability of Internet resources. In order to have access to all sites and the necessary online services, including the State Services, we recommend installing browsers that support the Russian certificate. Now there is such functionality, for example, Yandex.Browser or Atom
Hope for understanding
Mintsifra team

I can't attach the email itself due to info in the headers and mild fear for repercussions, but screenshot in the attached file.
Hopefully it could be solved like it was solved for our KZ mates.

The Bugbug bot thinks this bug should belong to the 'Core::Security: PSM' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Are you required to trust the root to visit sites not run by the Russian government (e.g. google)?

Nope, but probably [yet].
It's possibly an attempt to prevent service interruption in case GlobalSign (current cbr.ru CA) decides to revoke the certificates, but mass email with advise to use it makes me suspicious, especially considering errant RU actions lately.

I also got this email and my ISP redirected me to https://www.gosuslugi.ru/tls as captive portal the first time I visited any HTTP website. I contacted support and they said that I must install this certificate.

Ofc, it will be used for doing MITM attacks if a valuable number of users install it.

I think Mozilla, Google and Microsoft should protect privacy of users in Russia.

The certificate information has been added to crt.sh:
https://crt.sh/?id=6316640888

I think you should open a new topic at https://groups.google.com/a/mozilla.org/g/dev-security-policy or comment below at https://groups.google.com/g/mozilla.dev.security.policy/c/wnuKAhACo3E/m/cpsvHgcuDwAJ

Started thread at https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/QaKxfr5hOXg

I won't rule out the possibility of this CA to be used for MiTM some day, but you should be aware that Thawte has revoked the certificates issued for the sanctioned banks, that Gosuslugi email text is correct.

For example, VTB:
https://crt.sh/?id=5828347935
https://crt.sh/?id=6218871547
https://crt.sh/?identity=vtb.ru&iCAID=62131 (all of them)

Promsvyazbank:
https://crt.sh/?id=4582341817
https://crt.sh/?id=2713661323
https://crt.sh/?q=psbank.ru&iCAID=62131 (all of them)

The Central Bank of Russia (Centrobank):
https://crt.sh/?id=2355590937

More likely it's just a second option/last resort PKI chain for a "doomsday". Such development is understandable in the current situation when many foreign services and even transit ISPs don't want to continue the service, but I doubt they will try to break the internet with MiTM such blatantly: the blocks of "offending" websites are more likely, as we've seen for years.

Gosuslugi email screenshot says:

Issues accessing selected websites

Dear friends,
Some websites may not open right now. This is due to the issues with certification centers which check security and reliability of internet resources.

To be able to access all the websites and online services, including Gosuslugi, it's recommended to install browsers which support Russian certificate.

As for now, such functionality is included in Yandex.Browser and Atom.

Hope for understanding,
The team of Ministry of Digital Development, Communications and Mass Media.

(In reply to u702758 from comment #5)

I also got this email and my ISP redirected me to https://www.gosuslugi.ru/tls as captive portal the first time I visited any HTTP website. I contacted support and they said that I must install this certificate.

I haven't heard about that elsewhere. If you see this message (your account is disabled), please contact me privately.

but you should be aware that Thawte has revoked the certificates issued for the sanctioned banks, that Gosuslugi email text is correct.

I understand, that's why in the thread https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/QaKxfr5hOXg I suggested allowing this certificate for all .ru domains and for them only. If I wouldn't sound crazy, I would even suggest shipping the browser with the certificate preinstalled. There's no point in losing marketshare and not addressing the issue requiring them to generate their root CA.

(In reply to mcccs from comment #14)

I understand, that's why in the thread https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/QaKxfr5hOXg I suggested allowing this certificate for all .ru domains and for them only. If I wouldn't sound crazy, I would even suggest shipping the browser with the certificate preinstalled. There's no point in losing marketshare and not addressing the issue requiring them to generate their root CA.

See https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/QaKxfr5hOXg/m/61dGGdpAAwAJ

It is unlikely that Russia will force everyone to put this certificate, because it will turn off the entire Russian Internet. The introduction of white lists is also unlikely, because most of the population uses foreign services.

DigiCert and Sectigo have also stopped issuing certificates for .ru, .su and .rf domains. I think such CAs can no longer be trusted and should be removed from the Firefox Trusted CAs package.

They divided the entire Web-of-Trust goal by zero by blocking all Russians.

(In reply to Vitaly from comment #17)

DigiCert and Sectigo have also stopped issuing certificates for .ru, .su and .rf domains. I think such CAs can no longer be trusted and should be removed from the Firefox Trusted CAs package.

The revocation of certificates of a certain class of subscribers is possible through the requirements stated in the CA/B Forum Baseline Requirements [0] section 4.9.1.1 (2)(10) in combination with the provisions that a CA lists in the sections 9.14 (Governing law), 9.15 (Compliance with applicable law) and/or 9.16 (Miscellaneous provisions) of their CP/CPS.

Additionally; the CA/B Forum Baseline Requirements [0] do not put requirements on the subjects that a CA must sign; indeed they only put requirements on what the subject must conform to when it is included in a certificate. These are two different things, and I do not think that compliance to local law (that does not limit compliance to requirements in the BR) is a reason to untrust a CA.

They divided the entire Web-of-Trust goal by zero by blocking all Russians.

I think you misunderstand the term "Web-of-Trust". Web-of-Trust is generally used with GPG, and is an interconnected graph of trusted and indirectly trusted keys; whereas WebPKI is more a hub-and-spoke model; a delegated trust model where you delegate the creation of the trust root to the browser; and few interconnected trust relationships between the CAs. To the best of my knowledge, the Mozilla Root Store was never intended as a Web-of-Trust, because it operates on different principles.

[0] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.8.1.pdf

(In reply to Matthias from comment #18)

(In reply to Vitaly from comment #17)

DigiCert and Sectigo have also stopped issuing certificates for .ru, .su and .rf domains. I think such CAs can no longer be trusted and should be removed from the Firefox Trusted CAs package.

The revocation of certificates of a certain class of subscribers is possible through the requirements stated in the CA/B Forum Baseline Requirements [0] section 4.9.1.1 (2)(10) in combination with the provisions that a CA lists in the sections 9.14 (Governing law), 9.15 (Compliance with applicable law) and/or 9.16 (Miscellaneous provisions) of their CP/CPS.

I think that you refer to "2. The CA obtains evidence that the Certificate was misused;" clause. Can you explain, why certificate was misused?

No, 4.9.1.1 (2)(10) refers to the 10th entry in the second list of reasons in that section:

The CA SHOULD revoke a certificate within 24 hours and MUST revoke a Certificate within 5 days if one or more of the following occurs: [...]
10. Revocation is required by the CA’s Certificate Policy and/or Certification Practice Statement;

The severity field is not set for this bug.
:keeler, could you have a look please?

For more information, please visit auto_nag documentation.

Another one to watch, https://www.gosuslugi.ru/crt -> Сертификаты для MacOS contains two certs, one initially attached and one new.