User: Password:
|
|
Subscribe / Log in / New account

Fraudulent certificates in the wild — again

Fraudulent certificates in the wild — again

Posted Jan 7, 2013 0:14 UTC (Mon) by Lennie (guest, #49641)
In reply to: Fraudulent certificates in the wild — again by corbet
Parent article: Fraudulent certificates in the wild — again

In that case I think DNSSEC is probably a better route. It isn't multiple chains, I know. It is just one chain.

But we already depend on DNS, at least with DNSSEC/DANE your domain only depends on the CA(s) of your choice (yes, multiple is possible too if you want).

An other question: Why do you pay your CA ? If all you need is a simple certificate and cheap is all what you want, there is one in Israel which can deliver it from free already: StartSSL


(Log in to post comments)

Fraudulent certificates in the wild — again

Posted Jan 17, 2013 12:18 UTC (Thu) by robbe (subscriber, #16131) [Link]

> there is one in Israel which can deliver it from free already: StartSSL

Please show me a process where a business (like LWN) can obtain a cert for free from StartCOM -- without pretending that they are an individual.

Until then I will consider the cited as widely spread misinformation.

Fraudulent certificates in the wild — again

Posted Jan 17, 2013 13:18 UTC (Thu) by cortana (subscriber, #24596) [Link]

StartSSL indeed do only issue free domain-validated certificates to individuals. If you get your identity validated ($60) and then your connection to an organization validated (another $60) then you can issue as many certificates under that organization's domains as you want without paying anything extra. So it isn't free, but it is within the reach of all but the smallest organizations, and you are not punished for issuing multiple certificates for different services (as you are with a CA that charges you per certificate).

Fraudulent certificates in the wild — again

Posted Jan 17, 2013 18:02 UTC (Thu) by giraffedata (subscriber, #1954) [Link]

As I understand it, it isn't an issue of to whom a certificate is issued, but for whom. So even the hypothesized fraud of "pretending they are an individual" would not work. The certificate the business would get by doing that would be a certificate proving the identity of some person (where a person's identity apparently consists of his email address). So no browser would accept that as proof that the web server on the other end of some socket is lwn.net. Or that it is operated by the organization commonly known as LWN.

Another free certificate busted

Posted Jan 17, 2013 18:21 UTC (Thu) by man_ls (guest, #15091) [Link]

For $120 you can get many SSL certificates from other "vendors" (i.e. prime number sellers). In fact for that kind of money you get a wildcard certificate from most sellers, so you don't have to spend anything on subdomains.

Fraudulent certificates in the wild — again

Posted Jan 20, 2013 19:49 UTC (Sun) by Jonno (subscriber, #49613) [Link]

Actually, you are allowed to get free and/or individual validation (at $60) certificates from startssl.com for use by an organization, but if you don't pay the extra $60 for organizational validation the certificate will only list the individual admin's name (who they considered their customer), not the organization's name, in the certificate metadata. That metadata is not particular important, however. For example, the lwn.net certificate belongs to "GeoTrust Inc." (the issuing vendor) according to its metadata...

Also worth noting is that for those $60 (or $120 if you are particular about the metadata) you get to issue an unlimited number of certificates, including wildcard- and SAN-certificates, for an unlimited number of domains, during a 350 day period, and each certificate is valid for 2 years.

I have yet to find any other place that offer even a single 2-year wildcard- or SAN-certificate at that price. Single-host certificates can be had cheaper at other places, but those are free at StartSSL (even for organizations, if you are not particular about the metadata).

(Note that I'm in no way affiliated with StartSSL or StartCom Ltd, Iäm just a satisfied customer.)

Fraudulent certificates in the wild — again

Posted Jan 20, 2013 21:59 UTC (Sun) by giraffedata (subscriber, #1954) [Link]

Actually, you are allowed to get free and/or individual validation (at $60) certificates from startssl.com for use by an organization, but if you don't pay the extra $60 for organizational validation the certificate will only list the individual admin's name (who they considered their customer), not the organization's name, in the certificate metadata. That metadata is not particular important, however. For example, the lwn.net certificate belongs to "GeoTrust Inc." (the issuing vendor) according to its metadata...

I don't know what you're calling metadata, but what tells to whom a certificate belongs is its "subject" attribute. The subject attribute has various components, the two most important being "common name" ("CN") and "organization" ("O"). The lwn.net certificate belongs to common name "lwn.net" and unspecified organization. In contrast, the certificate offered by www.bankofamerica.com belongs to common name "www.bankofamerica.com" and organization "Bank of America Corporation."

In the lwn.net certificate, GeoTrust is the "issuer" attribute.

I couldn't tell from the startssl.com certificate just what its $60 product is, but as the description includes the phrase "organization validation," I presume that product has both the CN and O field filled in, whereas the free product has only CN (like lwn.net). I know it can't be that the $60 product's Issuer attribute indicates the Startssl customer. The Issuer attribute has to identify Startssl.

You seem to say that the free certificate includes the individual admin's name. I can't see how that can be, since Startssl has no credible way to know the admin's name. Email address, maybe.

Fraudulent certificates in the wild — again

Posted Jan 20, 2013 22:46 UTC (Sun) by cortana (subscriber, #24596) [Link]

> I couldn't tell from the startssl.com certificate just what its $60 product is, but as the description includes the phrase "organization validation," I presume that product has both the CN and O field filled in, whereas the free product has only CN (like lwn.net)

That is correct. They (in my case) also filled in E, L, ST and C.

Fraudulent certificates in the wild — again

Posted Jan 21, 2013 16:10 UTC (Mon) by Jonno (subscriber, #49613) [Link]

> I couldn't tell from the startssl.com certificate just what its $60 product is, but as the description includes the phrase "organization validation," I presume that product has both the CN and O field filled in, whereas the free product has only CN (like lwn.net)

Actually, both individual validation ($60) and organizational validation ($60+$60) will include O, L, ST, C and emailAddress, but for individual validation, O will contain the name of the individual validated, not the organization for which the individual works. I.e. for lwn.net the difference is whether it would contain "O=Jonathan Corbet" or "O=Eklektix, Inc.".

A free certificate from StartSSL will only contain CN, C and emailAddress.

Fraudulent certificates in the wild — again

Posted Jan 20, 2013 23:08 UTC (Sun) by dlang (subscriber, #313) [Link]

you are mixing up fields filled in, and information validated

Just because a field was filled in, or nor filled in, it doesn't tell you how much effort went into validating the information that's in those fields.

this is the same thing as mistaking precision (lots of numbers after the decimal) for precision (how accurate those numbers are)

The fact that you can't tell this information from a cert, is one of the major problems with the current CA concept.

Fraudulent certificates in the wild — again

Posted Jan 21, 2013 1:48 UTC (Mon) by giraffedata (subscriber, #1954) [Link]

you are mixing up fields filled in, and information validated

No, I'm not. I suspect you read something into what I wrote that I didn't intend, for you to think that. (A weird brain slip may have contributed - I wrote "I couldn't tell from Startssl's certificate" where I meant to say, "from Startssl's web site").

I meant to explore what is the difference between Startssl's free and $60 product. The customer isn't going pay more to have himself scrutinized harder and get the same certificate in the end. The difference therefore must consist, ultimately, in what fields are filled in.

Whether the information in those fields is true, or the certificate authority expended effort to be sure it's true, is a whole different conversation.

Fraudulent certificates in the wild — again

Posted Jan 21, 2013 2:13 UTC (Mon) by dlang (subscriber, #313) [Link]

what fields are filled in do not really matter.

All that matters in there is one other bit set (in what field I don't know), in the BofA cert that says "this is an extended validation cert", which means that the cabal of CA vendors promise that they actually validate who the cert belongs to, and they set the rules that prohibit anyone other than that handful of (I think 5) vendors from issuing any certs that set that "extended validation" bit

The people who buy the extended validation certs do pay a LOT more to have themselves scrutinized more, in exchange the browser puts the green bar when browsing to the site. This gives everyone involved the warm and fuzzies and makes them think that they are more secure.

Fraudulent certificates in the wild — again

Posted Jan 21, 2013 9:08 UTC (Mon) by giraffedata (subscriber, #1954) [Link]

what fields are filled in do not really matter.

Nonetheless, all the evidence is that having fields filled is in fact what people are buying with Startssl's $60 product. That product is not an EV certificate.

The people who buy the extended validation certs do pay a LOT more to have themselves scrutinized more, in exchange the browser puts the green bar when browsing to the site.

I would say they're paying to have the browser put the green bar up (more specifically, they're paying for an EV certificate). If they failed to be scrutinized more in the process, they wouldn't exactly demand a refund.

I think there probably is value, by the way, in having the Organization field filled in in a non-EV certificate. To the extent that a browser user pays any attention to the certified identity at all, many probably realize that even a non-EV certificate has some verification of the information and give the web site correspondingly higher respect if the name of the organization is vouched for than if only the domain name is.

Fraudulent certificates in the wild — again

Posted Jan 21, 2013 9:19 UTC (Mon) by dlang (subscriber, #313) [Link]

> many probably realize that even a non-EV certificate has some verification of the information and give the web site correspondingly higher respect if the name of the organization is vouched for than if only the domain name is.

umm, the CA organizations don't fill out any of these fields, they are filled out by the org that submits the signing request.

The fact that LWN.net's cert doesn't list an organization doesn't tell you anything other than the fact that the LWN cert request didn't have that information in it when it was submitted to the CA

Fraudulent certificates in the wild — again

Posted Jan 21, 2013 16:10 UTC (Mon) by Jonno (subscriber, #49613) [Link]

Not quite, while openssl will by default copy those fields from the certificate request to the certificate, there is no such requirement by the specification.

For example, StartSSL will ignore the metadata in the certificate request, (only using its public key) and instead use the CN (common name) and subjectAlternateName from the web form used to make the request, and O, L, ST, C, emailAddress (organization, location, state, country, email) from the validation they did of you.

For EV certificates, all certificate vendors promise (to the browser vendor) to do this, and additionally to do a slightly more thorough validation than what StartSSL does for normal certificates, but the principle is the same.

Fraudulent certificates in the wild — again

Posted Jan 21, 2013 9:51 UTC (Mon) by anselm (subscriber, #2796) [Link]

All that matters in there is one other bit set (in what field I don't know), in the BofA cert that says "this is an extended validation cert", which means that the cabal of CA vendors promise that they actually validate who the cert belongs to, and they set the rules that prohibit anyone other than that handful of (I think 5) vendors from issuing any certs that set that "extended validation" bit

Actually, there is no »extended validation cert« bit. The way a browser recognises an EV certificate is that it has a list of all the vendors (there's about 25 of them now, not 5) that issue EV certificates, together with a special OID – different for each vendor – that that particular vendor will reference in an EV certificate's Certificate Policies extension field. When a certificate from one of the EV certificate vendors comes in, the browser checks that certificate's CP extension field against the list entry for that vendor, and if there is a match, then the certificate is considered an EV certificate.

This tricky method makes it nearly impossible for vendors outside the cabal – or indeed entities who operate their own internal CAs – to offer certificates that look like EV certificates and are treated by browsers as such. If you want to join the cabal, you essentially need to convince the browser makers (by filing large amounts of expensive paperwork) that you're crossing every t and dotting every i, and they will include your magic OID in their list of EV certificate issuers.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds