User: Password:
|
|
Subscribe / Log in / New account

The case of the fraudulent SSL certificates

The case of the fraudulent SSL certificates

Posted Mar 24, 2011 21:58 UTC (Thu) by Simetrical (guest, #53439)
In reply to: The case of the fraudulent SSL certificates by Da_Blitz
Parent article: The case of the fraudulent SSL certificates

It doesn't eliminate fraudulent certificates, but it reduces a gazillion points of failure to one point of failure. Currently, compromising one CA allows you to forge any certificate you like -- and there are what, thousands of CAs? If we used DNSSEC instead, the only way to inject a forged certificate would be to compromise the DNS servers of the site itself, or the DNS servers of a higher-level domain. For a high-profile site, that reduces the attack surface to almost nothing. Instead of being able to forge google.com certificates by exploiting any CA on the planet, you suddenly have to exploit either .com TLD nameservers, or google.com nameservers . . . which is going to be close to impossible in either case.

A shorter-term and less complete solution would be to extend HTTP Strict Transport Security to say "ignore any certificates that aren't signed by this specific CA". That would also drastically reduce attack surface, and although in the long run it's probably inferior to DNSSEC, it would be much easier to deploy.


(Log in to post comments)

The case of the fraudulent SSL certificates

Posted Mar 25, 2011 8:48 UTC (Fri) by pbonzini (subscriber, #60935) [Link]

> Instead of being able to forge google.com certificates by exploiting any CA on the planet, you suddenly have to exploit either .com TLD nameservers, or google.com nameservers . . . which is going to be close to impossible in either case.

What about country TLDs? If a government wants to do a MITM attack, it can surely control the country-level nameserver.

The case of the fraudulent SSL certificates

Posted Mar 25, 2011 13:59 UTC (Fri) by foom (subscriber, #14868) [Link]

But at least then it's *only* that government for that TLD that can MITM the sites under their TLD, instead of the governments of every single country in the world...

The case of the fraudulent SSL certificates

Posted Mar 31, 2011 21:56 UTC (Thu) by job (guest, #670) [Link]

If you follow best practice compromise of a DNS server does not lead to compromise of DNSSEC for that zone, as the zones should be signed on a separate server. There should be no keys on the public DNS server.

The case of the fraudulent SSL certificates

Posted Mar 31, 2011 22:40 UTC (Thu) by Simetrical (guest, #53439) [Link]

Okay, granted. I should have said that you have to compromise Google's servers, not specifically its nameservers. The point is the same, that you have to target specific servers and don't get to pick the weakest out of a very large group, so your attack surface drops drastically. Of course, the signing servers aren't going to be Internet-accessible, so will probably be even harder to exploit than the nameservers. But exploiting the nameservers of a huge and well-run shop like Google would already be a pretty difficult feat for even a well-funded criminal hacker group (although maybe not for some governments).


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds