Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Like, for instance, calling by phone or sending e-mail to the company allegedly requesting a certificate, and checking that indeed it's them asking for it.
As well as requiring a DNS entry to be added to prove that the domain is indeed owned by who is requesting the certificate.
Fraudulent *.google.com certificate issued
Posted Aug 30, 2011 13:22 UTC (Tue) by kpfleming (subscriber, #23250)
Posted Aug 30, 2011 14:35 UTC (Tue) by tialaramex (subscriber, #21167)
I see people are already saying maybe just this one CA did a bad job. That shouldn't be reassuring. Vendors like Google, Red Hat, Microsoft ship these CA roots in their product. They have taken on the responsibility of determining which CAs are trustworthy, but their procedures for doing so are completely inadequate.
I don't think reform is realistic at this point, we must search for ways to replace the CA function, and I believe DNSSEC has great potential there.
Posted Aug 30, 2011 19:03 UTC (Tue) by slashdot (guest, #22014)
Just make the certificate pricy enough to cover the costs.
If that's not competitive, then browsers should just ban all CAs that don't do that.
And obviously, before an issue occurs, by actively trying to game the CA and seeing if it works.
Posted Aug 30, 2011 19:09 UTC (Tue) by dlang (✭ supporter ✭, #313)
besides, you need to define what 'enough' checking is.
if someone presents a legal document that says they own a business in some obscure country, should they be allowed to get a cert for the name? how can you tell for sure that the people you are talking to are the ones who you really should be talking to? in this day of outsourceing IT projects, it's very likely that the people running the webservers are not part of the company that actually owns the name.
do you want a fax of a letterhead? I can make up a letterhead for any company pretty quickly (if I don't just get the legitimate company to send me some sort of document on letterhead and just scan it to fax it to you)
the big problem right now is that some of the CAs are charging huge amounts of money (up to $1500/cert) and still not doing real checking.
and none of this will do any good if the CA gets broken into (like this CA is claiming) and has the hackers use their infrastructure to sign certs without the approval of the CA.
Posted Sep 1, 2011 8:11 UTC (Thu) by Comet (subscriber, #11646)
So if you can't recognise papers from some obscure country, you shouldn't be issuing certs for businesses in that country, and some more local CA should be getting that business, or a CA which has researched how to recognise "legitimate" papers for that country.
There's no right to be able to take money from anyone in any country.
Also, British CAs shouldn't be able to issue certs for Argentinian banks and Argentinian CAs shouldn't be able to issue certs for British banks. But ~nobody uses nameConstraints in certs, and no client software has a framework for imposing nameConstraints not found within the cert itself. The X.509 PKI as used right now is not designed to prevent internal fraud within and by the CAs.
Nor is TLS designed to support being able to revoke CA certs, since that would threaten profits from the big providers who pay the salaries of the attendees of the relevant standards bodies. (Yes yes, IETF attendees are in a personal capacity. Always. Uh-huh.) Otherwise, there would be a TLS extension for the server to declare "I have a certs from N CAs, here are those hashes, you can ask for any of those instead" and be able to fail over across CAs; at that point, bad actors could have their CA certs revoked more readily and there would be market forces acting to push CAs to actually verify identities. (And yes, I know there's a whole bunch of specialist nomenclature for identity verification not being strictly part of CA, but for our purposes, that's all part of the CA umbrella).
Instead, the only relevant proposed TLS extension involves the client declaring in the handshake all the CAs it supports, which is (a) a fingerprint technique for client tracking; and (b) massive bloat in the startup, since most clients support hundreds of CAs, and you should only need to know about the 3-5 CAs which the server has certs from.
There is little about the CA business that comes across, to me, as ethical, because the protocols are designed to support market forces that pressure them to not be ethical and to pressure towards a monopoly (get your certs from the CAs accepted by everyone, instead of 3-5 CAs who between them cover everyone, and be resilient to CA revocation by your site visitors).
Posted Sep 1, 2011 8:23 UTC (Thu) by Comet (subscriber, #11646)
There is the appearance here of jingoism and a more readily dismissive attitude towards CAs in markets outside the USA.
To repeat: I'm not defending DigiNotar; given the scale of their breach, they absolutely should have been blacklisted, since they should have been revoking the subsidiary CA which we can presume is the only one online, since the master CA cert is _of_ _course_ (*cough*) kept offline and only loaded, in computers without a network connection, to sign the subordinate CAs; they could then issue replacement certs for all the legitimately issued ones, which would be expensive and embarrassing -- but that's as it should be! Expense and embarrassment are countervailing forces to pressure CAs into running a clean shop.
I just think that some other, larger, CAs should have been given the same treatment, instead of the more pragmatic "oh, it would do too much damage to revoke those CAs" approach, which led to "too big to fail" CAs.
Which leads into my point about the TLS protocol being flawed in only permitting one CA; strong security, as long as you trust the CA, but providing for bad market forces which lead to less trustworthy CAs.
Posted Sep 1, 2011 10:49 UTC (Thu) by nix (subscriber, #2304)
Posted Sep 1, 2011 20:35 UTC (Thu) by Comet (subscriber, #11646)
Stupid, but the screenshots were also showing plain text, so there's also a slim chance that there wasn't even a cookie-stealing attack made possible by this. Just bragging rights in getting plaintext up under an available name of your choice.
Stupid CMS for some web content is a long way from breach of the signing systems. If your news source is a company which sells security services, then hyperbolic claims on their part in talking up the implications of what they found is to be expected.
I'd hope that technical decisions about trust are based on more than panicked responses by non-technical decision makers to hyperbole they take at face value because they don't understand the issues.
So I'm assuming that there's yet more to this story that hasn't come out yet.
Posted Sep 6, 2011 19:52 UTC (Tue) by Comet (subscriber, #11646)
Excuse me while I cry into a drink.
Posted Sep 6, 2011 20:38 UTC (Tue) by nix (subscriber, #2304)
Posted Aug 31, 2011 5:16 UTC (Wed) by niner (subscriber, #26151)
Posted Aug 31, 2011 22:24 UTC (Wed) by ondrej (subscriber, #27872)
Posted Sep 1, 2011 7:19 UTC (Thu) by niner (subscriber, #26151)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds