| |||||||||||||
Fraudulent certificates in the wild — againFraudulent certificates in the wild — againPosted Jan 20, 2013 21:59 UTC (Sun) by giraffedata (subscriber, #1954)In reply to: Fraudulent certificates in the wild — again by Jonno Parent article: Fraudulent certificates in the wild — again
Actually, you are allowed to get free and/or individual validation (at $60) certificates from startssl.com for use by an organization, but if you don't pay the extra $60 for organizational validation the certificate will only list the individual admin's name (who they considered their customer), not the organization's name, in the certificate metadata. That metadata is not particular important, however. For example, the lwn.net certificate belongs to "GeoTrust Inc." (the issuing vendor) according to its metadata... I don't know what you're calling metadata, but what tells to whom a certificate belongs is its "subject" attribute. The subject attribute has various components, the two most important being "common name" ("CN") and "organization" ("O"). The lwn.net certificate belongs to common name "lwn.net" and unspecified organization. In contrast, the certificate offered by www.bankofamerica.com belongs to common name "www.bankofamerica.com" and organization "Bank of America Corporation." In the lwn.net certificate, GeoTrust is the "issuer" attribute. I couldn't tell from the startssl.com certificate just what its $60 product is, but as the description includes the phrase "organization validation," I presume that product has both the CN and O field filled in, whereas the free product has only CN (like lwn.net). I know it can't be that the $60 product's Issuer attribute indicates the Startssl customer. The Issuer attribute has to identify Startssl. You seem to say that the free certificate includes the individual admin's name. I can't see how that can be, since Startssl has no credible way to know the admin's name. Email address, maybe.
(Log in to post comments)
Fraudulent certificates in the wild — again Posted Jan 20, 2013 22:46 UTC (Sun) by cortana (subscriber, #24596) [Link]
> I couldn't tell from the startssl.com certificate just what its $60 product is, but as the description includes the phrase "organization validation," I presume that product has both the CN and O field filled in, whereas the free product has only CN (like lwn.net)
That is correct. They (in my case) also filled in E, L, ST and C.
Fraudulent certificates in the wild — again Posted Jan 21, 2013 16:10 UTC (Mon) by Jonno (subscriber, #49613) [Link]
> I couldn't tell from the startssl.com certificate just what its $60 product is, but as the description includes the phrase "organization validation," I presume that product has both the CN and O field filled in, whereas the free product has only CN (like lwn.net)
Actually, both individual validation ($60) and organizational validation ($60+$60) will include O, L, ST, C and emailAddress, but for individual validation, O will contain the name of the individual validated, not the organization for which the individual works. I.e. for lwn.net the difference is whether it would contain "O=Jonathan Corbet" or "O=Eklektix, Inc.".
A free certificate from StartSSL will only contain CN, C and emailAddress.
Fraudulent certificates in the wild — again Posted Jan 20, 2013 23:08 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link]
you are mixing up fields filled in, and information validated
Just because a field was filled in, or nor filled in, it doesn't tell you how much effort went into validating the information that's in those fields.
this is the same thing as mistaking precision (lots of numbers after the decimal) for precision (how accurate those numbers are)
The fact that you can't tell this information from a cert, is one of the major problems with the current CA concept.
Fraudulent certificates in the wild — again Posted Jan 21, 2013 1:48 UTC (Mon) by giraffedata (subscriber, #1954) [Link] you are mixing up fields filled in, and information validated No, I'm not. I suspect you read something into what I wrote that I didn't intend, for you to think that. (A weird brain slip may have contributed - I wrote "I couldn't tell from Startssl's certificate" where I meant to say, "from Startssl's web site"). I meant to explore what is the difference between Startssl's free and $60 product. The customer isn't going pay more to have himself scrutinized harder and get the same certificate in the end. The difference therefore must consist, ultimately, in what fields are filled in. Whether the information in those fields is true, or the certificate authority expended effort to be sure it's true, is a whole different conversation.
Fraudulent certificates in the wild — again Posted Jan 21, 2013 2:13 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]
what fields are filled in do not really matter.
All that matters in there is one other bit set (in what field I don't know), in the BofA cert that says "this is an extended validation cert", which means that the cabal of CA vendors promise that they actually validate who the cert belongs to, and they set the rules that prohibit anyone other than that handful of (I think 5) vendors from issuing any certs that set that "extended validation" bit
The people who buy the extended validation certs do pay a LOT more to have themselves scrutinized more, in exchange the browser puts the green bar when browsing to the site. This gives everyone involved the warm and fuzzies and makes them think that they are more secure.
Fraudulent certificates in the wild — again Posted Jan 21, 2013 9:08 UTC (Mon) by giraffedata (subscriber, #1954) [Link] what fields are filled in do not really matter. Nonetheless, all the evidence is that having fields filled is in fact what people are buying with Startssl's $60 product. That product is not an EV certificate.
The people who buy the extended validation certs do pay a LOT more to have themselves scrutinized more, in exchange the browser puts the green bar when browsing to the site. I would say they're paying to have the browser put the green bar up (more specifically, they're paying for an EV certificate). If they failed to be scrutinized more in the process, they wouldn't exactly demand a refund. I think there probably is value, by the way, in having the Organization field filled in in a non-EV certificate. To the extent that a browser user pays any attention to the certified identity at all, many probably realize that even a non-EV certificate has some verification of the information and give the web site correspondingly higher respect if the name of the organization is vouched for than if only the domain name is.
Fraudulent certificates in the wild — again Posted Jan 21, 2013 9:19 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]
> many probably realize that even a non-EV certificate has some verification of the information and give the web site correspondingly higher respect if the name of the organization is vouched for than if only the domain name is.
umm, the CA organizations don't fill out any of these fields, they are filled out by the org that submits the signing request.
The fact that LWN.net's cert doesn't list an organization doesn't tell you anything other than the fact that the LWN cert request didn't have that information in it when it was submitted to the CA
Fraudulent certificates in the wild — again Posted Jan 21, 2013 16:10 UTC (Mon) by Jonno (subscriber, #49613) [Link]
Not quite, while openssl will by default copy those fields from the certificate request to the certificate, there is no such requirement by the specification.
For example, StartSSL will ignore the metadata in the certificate request, (only using its public key) and instead use the CN (common name) and subjectAlternateName from the web form used to make the request, and O, L, ST, C, emailAddress (organization, location, state, country, email) from the validation they did of you.
For EV certificates, all certificate vendors promise (to the browser vendor) to do this, and additionally to do a slightly more thorough validation than what StartSSL does for normal certificates, but the principle is the same.
Fraudulent certificates in the wild — again Posted Jan 21, 2013 9:51 UTC (Mon) by anselm (subscriber, #2796) [Link] All that matters in there is one other bit set (in what field I don't know), in the BofA cert that says "this is an extended validation cert", which means that the cabal of CA vendors promise that they actually validate who the cert belongs to, and they set the rules that prohibit anyone other than that handful of (I think 5) vendors from issuing any certs that set that "extended validation" bit Actually, there is no »extended validation cert« bit. The way a browser recognises an EV certificate is that it has a list of all the vendors (there's about 25 of them now, not 5) that issue EV certificates, together with a special OID – different for each vendor – that that particular vendor will reference in an EV certificate's Certificate Policies extension field. When a certificate from one of the EV certificate vendors comes in, the browser checks that certificate's CP extension field against the list entry for that vendor, and if there is a match, then the certificate is considered an EV certificate. This tricky method makes it nearly impossible for vendors outside the cabal – or indeed entities who operate their own internal CAs – to offer certificates that look like EV certificates and are treated by browsers as such. If you want to join the cabal, you essentially need to convince the browser makers (by filing large amounts of expensive paperwork) that you're crossing every t and dotting every i, and they will include your magic OID in their list of EV certificate issuers.
|
|||||||||||||