The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

Apr/13

26

Blacklisting SSL Certificate Authorities

The Register has an article on Firefox black listing an SSL Certificate authority.

Certificates and certificate authorities are the underpinnings of our secure web infrastructure.

When you see the lock on your browser, it means that the session is encrypted and the site has presented a valid site certificate (so it is who it claims to be).

That site certificate is signed by one of many certificate authorities.

I see 86 certificate issuing authorities in my Firefox now.

Many of those certificate authorities have multiple signing certificates.

Additionally the certificate authorities can delegate to subordinate certificate authorities to sign site certificates.

Any certificate signed by any of these authorities or subordinate authorities is recognized as valid.

These entities are located all over the world, many under the control of oppressive governments (however you define that).

Certificate authorities can create certificates to enable man in the middle attacks, by signing keys purporting to be for a given website, but actually created and held by some other entity.

There are plugins like certificate patrol for Firefox that will tell you when a site you have visited before changes certificates or certificate authorities. Unfortunately this happens fairly frequently for legitimate reasons, such as when renewing certificates every year or few years.

Some certificate authorities are known or suspected to be working with various law enforcement entities to create false certificate for surveillance.

Here is how it works:

The government has certificate authority create a new certificate for a website.

The government then intercepts all sessions to that site with a server (at national level routers for example).

The server uses real site certificate to communicate with the real website securely.

The server uses the new fake certificate to communicate with user securely.

The server then has access to everything in the clear as it shuttles data between the two secure connections..

It can read and/or modify anything in the data stream.

 

Firefox is removing TeliaSonera’s certificate authority from the list in Firefox for this reason. Going forward no certificate issued by them will be recognized as valid. This will impact a large number of legitimate websites that have contracted with TeliaSonera, as well as preventing the fake certificates.

There is a lot of controversy about this. What is appropriate cooperation with law enforcement vs. supporting and enabling dictators.

In any case, this is a failure of the protocol. If the browser shows a certificate as valid when it has not come from the real website, then there has been a security failure.

The SSL key infrastructure is showing its age. It was “good enough” when there were only one or two certificate authorities and the certificates were not actually protecting anything of great importance. Now everyone relies heavily on the security of the web. Unfortunately, while it is broken, it is very hard to replace.

In the short term, installing a certificate checker like certificate patrol is probably a good idea, despite the number of false positives you will see.

In the longer term, there is a really hard problem to solve.


· · · · ·

2 comments

  • Ron · April 15, 2015 at 11:55 am

    Interesting that you said a gubmint type MiTM could be actually executed at the level of backbone or main routers. I’d usually assumed there would be some kind of closer intercept, probably with local ISP help. But – that’s something to think about!

    I don’t know if you’re still looking at this blog, and this is a resurrection of a seriously dated blog entry. But – things have changed since you made it. The problem is getting much more air time, and there have been some serious attempts to fix it. See https://programmingmiscellany.wordpress.com/the-certificate-problem for the inside scoop there. Especially the last couple pages are relevant. But – yes – the CA PKI infrastructure is not only dated, it’s dangerous!

    – Ron

    Reply

    • Author comment by Lance Cottrell · April 15, 2015 at 1:15 pm

      Thanks, I have written a number of articles on this issue since then, some quite recently. Thanks for the pointer to that article. Looks interesting.
      I think it will take a situation where are large number of wealthy first world folks get impacted to really make things change. As long as it is dissidents and poor folks change will be difficult.

      Reply

Leave a Reply

<<

>>