Slashdot Mirror
Four CAs Have Been Compromised Since June
Trailrunner7 writes "The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months. The only widely known CA compromise since June is the attack on DigiNotar this summer that completely compromised that company's CA infrastructure and eventually led to it being shut down. All of the major browser vendors were forced to revoke their trust in the DigiNotar root certificates and the attacker who claimed credit for the attack said that he also had compromised several other CAs. There are apparently three other CAs that have discovered compromises since June, but have not made them public."
That certainly strengthens my trust in the SSL certificate system.
Short of the companies wanting to the good/legal thing, how do you get them to make it public if it quickly puts them out of business? This is the same problem as with any security breach, except aggravated because the CAs basically have just five "customers" (the five major browsers), all of which compete in the realm of being the "safest" and so all five have to pull the root certificate for anyone who announces a problem.
It doesn't hurt to be nice.
For the paranoid/cautious: there exist extensions to FF which monitor suspicious changes to certificates (i.e., possible MITM attacks). I use Certificate Patrol.
This post is useless without naming them
Your hair look like poop, Bob! - Wanker.
Another CA system is broken article?
Consider an alternative model based on notaries:
Other resources of note: Moxie Marlinspike's article on "trust agility", his Black Hat Conference talk on this topic.
If you've got nothing to hide why use encryption?
2. those that remain, put them under very heavy regulation, that they fund
3. anyone who wants to open a new CA must jump through a ridiculous number of hoops
the CAs are just too important to leave to the "hey man, the market takes care of itself" stupidity
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I actually agree. Same with DNS.
However, there is a problem with reputation. How do you know that the name, or cert you have from someone is actually from the real person and not counterfeit?
We've tried central authorities. You have all seen the results. It mostly works, as long as you trust the central authority. How do you make a completely distributed system work? It requires some sort of reputation about people and companies you have never been in contact with.
Note, we haven't solved this problem in real life either.
We have brands, certifications, social networks, tests but we don't have a way to say that Xs reputation in terms of Y is Z when you don't know X.
Deleted
There are apparently three other CAs that have discovered compromises since June, but have not made them public.
I don't know how CRL's work, but if you have a list of certs that were revoked, can't you tell who revoked them? Doesn't the revoking CA have to sign the revocation request? Or do the researchers know who they are, but they chose to not make them public?
Delete ALL certificates in your browsers.
Then only add them, if you PERSONALLY trust them because you have checked them. Or at least have a more trustworthy third party that trusts them than "$browserMaker.randomResponsiblePerson".
The concept is rotten at its core, as there is no such thing as a global "authority". It's the opposite of natural human webs of trust.
This is why I don't trust Certificates I haven't generated myself. In fact my prof for one of my security classes (I'm in Computer Security and Investigations at Fleming College) actually told us that untrusted certificate situations are more trustworthy, as the majority of attackers will go about getting a certificate through fraudulent means to avoid the scary pop-up window.
Put them all out of business and lets work on the actual issues. Browsers should be fixed to treat self signed certificates like normal encrypted channels and not viruses and there is a need for a new form of distributed authentication procedure that doesn't depend on a signing authority.
You can't handle the truth.
I actually agree. Same with DNS.
However, there is a problem with reputation. How do you know that the name, or cert you have from someone is actually from the real person and not counterfeit?
Decentralize it! Open it! Fixes everything!
We've tried central authorities. You have all seen the results. It mostly works, as long as you trust the central authority. How do you make a completely distributed system work? It requires some sort of reputation about people and companies you have never been in contact with.
You don't MAKE it do anything! What part of "decentralize it" don't you understand? It's magical! Wave a magic decentralize wand around and crowdsourcing will solve everything! They're all reliable! There's no risk of some anonymous trolls coming by to piss everyone off and spoil the trust of the system!
You're saying regulations are necessary?! That's not possible!
We need some sort of wiki for exposing flaws and hidden information that should be public. It'd be handy to see what secrets governments held. Also banking institutes. And it should be run in such a way that it doesn't make a rock star of the person running it while only actually leaking a few things. Maybe someone should get around to that someday...
Seriously, fuckedcompany had more corporate leaks than wikileaks ever has. Too bad pud sold out (Can't blame him for making money but it's a shame it's gone)
This is something that has deteriorated over time. I won't say the original cert system was perfect (there were flaws you could drive a 40 tonne truck through) but Grade I certification required significant documentation proving identity plus some form of actual (ie: non-written) contact. That was not a bad idea, the problem was they also offered Grade III certification (a note saying "it woz me" on a napkin) or even grade IV (the request sufficed as proof it woz you) and corporations naturally gravitated towards the cheaper options which you can fly an Airbus 400 through with enough space for 40 tonne trucks on either side.
The problem was that you still had to trust the CA and this is a major frailty in the CA system. Being assured that the applicant is who they say they are is a major thing - Verisign issued hackers with a signed Microsoft key at one point, because they were asked to in a fax, and DNS registrars are notorious for complying with bogus transfer requests - but it isn't everything. If the CA is compromised, then you have major problems even if all the officially distributed keys are legit.
Obviously, a Grade I cert system helps to some extent as requiring a thorough screening of applications means you aren't doing live cert distribution which in turn means the master key need not be on any online computer whatsoever. If the master key is behind a sneakernetwall, then hackers will have a harder time signing anything with it. (A sneakernetwall differs from an airwall in the level of competence of those moving stuff from one machine to another.) Obviously, given that eCommerce security holes repeatedly demonstrate corporations can't even put sensitive data behind a meager firewall and the VA is forever losing unencrypted laptops, there's a big difference between "need not" and "is not".
A way to side-step the issue - to a degree only - would be to require that keys be counter-signed by at least one other CA. It is less likely that two CAs have been cracked by the same person, after all. Or, well, it would be if it weren't for the fact that it probably WAS the same person who broke into all four CAs and there's been an alleged confession that the person did break into two. That person would have been able to counter-sign a key with another CA's master key and since these were the cheapo kind of CAs that probably would indeed keep the master key on an online computer even if they needn't or legally shouldn't, a "Web of CA Trust" is not enough to be 0.45 bullet-proof but is probably 0.22 bullet-proof. The current system apparently falls over if you show it a picture of a bullet.
IPv6 may help, since violations of strict hierarchical addressing are not only commonplace in IPv4 but actually a necessity due to the limitations of the addressing scheme. In IPv6, routing relies heavily on sub-domains having IP addresses with a prefix equal to the prefix of the domain plus two byte identifier unique within that domain. This means you can identify where things are. Yes, there are privacy issues for personal machines and that's been a major complaint against IPv6, but it means that you've a lot more confidence that a server is in roughly the right place. If you then add DNSSEC or any of the other DNS locking schemes out there, OR mandate an IPSec mode using certificates in a way that would offer equal guarantees that the server is who it says it is, it would help but you're starting to get into the diminishing returns then.
Of course, this might be the wrong approach entirely. This is trying to find a technical solution to what is ultimately a social problem. Social solutions are usually far better for such things. One social solution would be to regulate cross-border traffic such that eCommerce vendors (CAs included) that wish to conduct cross-border traffic (whether into the country or between boundaries within it) have to publicly declare all actual security breaches and may be held 100% liable for any loss due to unreported breaches. That's definitely not going to sit well with those
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
While we do it almost daily in our lives, what use do we really have for CA's? They're simply not trustworthy - not by technical skills, and sure as hell not by trustworthiness; CA's willingly co-operate with intelligence agencies, for example.
Wouldn't it be much better that we re-establish trust as a two party concept? For example, in order to make money transactions via bank, I would first go to a bank's website, my browser would tell me I'm being offered the bank's public key or similar, and I would then have to confirm via another channel to the bank - by going to the branch office, or by a phonecall - that it is the key my bank uses and that I trust it. This way, the trust would be between me and my bank only, and if something goes wrong, my bank will be responsible instead of some certificate "authority" that has no responsibility whatsoever.
You're downmodded's why, lmao. Means you told a truth Penguins can't handle's all. Hahaha, makes them look stupider than ever, like they're trying to hide something you hit upon.
You say this as if there is a significant number of people who fall into the category. Or as if it's a bad thing. Most people do have things to hide. Like a credit card number, for example.
The CA architecture as it is used in web browsers is only as strong as its weakest link. It only takes one compromised CA to make the whole system worthless. Having thousands of CAs would make the problem significantly worse.
One social solution would be to regulate cross-border traffic such that eCommerce vendors (CAs included) that wish to conduct cross-border traffic (whether into the country or between boundaries within it)...
A much better social solution would be to tear down the borders. They're only there to perpetuate the slave trade anyway. Making them more restrictive is exactly the opposite of what is needed.
For justice, we must go to Don Corleone
It's shit like this which makes me wish I'd picked another career. Plumbers aren't held liable or responsible if a specific fitting they installed is found to be defective or prone to corrosion; electricians aren't considered idiots for installing something which, at the fault of others, causes power failure to their TV.
Hell, even the dipshit developers are regarded with higher esteem than IT.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Ah yes. I can just see the US assigning full sovereign authority to the UN, which is what tearing down all the borders would ultimately imply. One world government, a new world order and all that. Half the country would be in flames and the other half would claim it should be entitled to be.
I don't dispute that borders are a problem, I certainly don't dispute that insular pockets take themselves far too seriously, but that's never going to work as a solution. Even if you didn't take it to the logical limits (Europe eliminated certain borders but not others, causing as many problems as it prevented), you're going to have all kinds of groups screaming blue murder over whatever borders you scrap claiming that you're usurping their rights and other groups whose borders aren't scrapped screaming blue murder claiming that they're being constrained unfairly. The only thing that's certain is that nobody will like it.
Getting back to the issue of SSL, border controls would be the only way that you could impose any kind of enforceable standards. In a global economy, the company doesn't need to care where its HQ is so it can always pick the area with the standards that make it the most money. The only way to circumvent offshoring is to say that companies that want to do business in your area have to meet your minimum standards no matter where they are. However, jurisdiction limits how you can do this.
So what happens if you have a voluntary system? Well, you get the current mess and no reporting of compromised root keys, which is definitely worse than what we have right now. (It's easy to say you have choice, but you can't exactly choose to buy books at Borders any more, Paypal is still about the only generic solution to eCommerce payments and I don't see a whole lot of book retailers that offer their own Kindle or Nook versions of their merchandise. In short, lock-in has become the norm and whilst it's the norm "choice" is nothing more than a prettily-painted illusion.)
But won't people steer clear of defective stuff? Well, Citibank didn't declare bankruptcy after it was revealed that you only needed to log into your own account in order to be able to have total access to absolutely everybody else's. Veterans still sign up to the VA, despite those laptop losses. Windows still exists, despite the notoriously fragile security. So, no. People knowingly buy lemons because defects only happen to other people.
The free market? Only works if you assume rational customers. See point above. Customers aren't rational. I'm not even sure I'd rate them as highly as irrational. The free market is correct as a starting point, but you need to add something to ensure integrity as nobody else is going to.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Why the hell would people pay for a CA from a signer like VeriSign or Comodo when both of those corporations retain the rights to the security certificates issued to you in the first place. It is far easier to employ your very own CA and remove both of these signing authorities from the picture entirely. After all lets face it if your not sharing your SSL keys with the entire world, then it really is a lot harder for people who should not have a copy of them gaining one.
Uh, there is a trivial way to decentralize SSL now that we've got signed DNSSEC working. Simply put the SSL fingerprint (Or even the entire public key) in a DNS record, which is then, along with the rest of the DNS records, signed by the DNS server.
Look, it is magic, and just as secure as before. (Because, frankly, if you have access enough to their DNS registrar to alter records, you can secretly point their mail at you long enough to grab a signed SSL key.)
This puts 'I can prove I own this domain name' back into the system that actually exists to keep track of who owns what name, DNS. What a strange and odd idea.
Oh, and as an added bonus, it lets people who have purchased domain names from others remove all previously authorized SSL keys, which there is currently no way to do. (Unless you can somehow telepathically deduce every single cert they might have issued and make them revoke them.)
Likewise, it allows for actual working certificate revocation, which right now works in theory but is utterly broken.
If corporations are people, aren't stockholders guilty of slavery?
It's discussed here.
Basically, with DNSSEC, DNS cannot be tampered with. All you have to is have the DNS then itself provide the cert, which the registrar then signs.
Basically, instead of having to send a CA our public key, and having them sign it and email it back, we just use the existing fact that, under DNSSEC, DNS records are signed, and stick so we just our public key in there. And unsigned keys can be checked there. Actually, it might be smart to have a specific mark on those keys, saying 'Check against DNS'.
This requires DNSSEC to actually roll out everywhere, of course, and requires client support. (And it requires DNS server support if we're actually going to use CERT records, but instead it could be something like SPF does...just use specially marked TXT records, and maybe just use the key fingerprint instead of the entire key.)
This actually has advantages over the current system. For example, it's trivial to revoke keys, whereas now, not so much. Domain owners can even 'revoke' keys they don't know about, like when they buy a name from someone else who still has SSL keys for it. The rules is: Whatever key is in the DNS work, if there's a security issue, just take that key out, put a different one in.
Of course, for a while, both DNS keys and CA keys would need to both work, but I actually think that, at some point, we should stop letting random frickin third parties in Belgium or Korea or wherever decide who is authorized to run an encrypted version of our domain name. The only person who is authorized to talk about what my domains are doing is my registrar and anyone they've delegated to! But certs could still be signed on top of that, to certify stuff like mailing addresses and company names and stuff. (Aka, the 'domain verification' signing would still be useful.)
If corporations are people, aren't stockholders guilty of slavery?
Comodo's running Linux http://uptime.netcraft.com/up/graph?site=comodo.com
DigiNotar.nl runs Windows Server 2003 + IIS6 (they should upgrade to Windows Server 2008 & IIS7) http://uptime.netcraft.com/up/graph?site=diginotar.nl
What were the others that were compromised??
(That way, we can "settle the bet", because so far, it's a 50/50 split, nobody "wins", yet at least).
http://uptime.netcraft.com/up/graph?site=StartCom.com
&
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
So far, you're winning the bet!
You're MOSTLY correct that 3/4 known compromised CA's use Linux (along with Comodo.com http://uptime.netcraft.com/up/graph?site=Comodo.com ).
Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/
(The only one that doesn't was diginotar.nl, & they either didn't update properly, and ought to use Windows Server 2008 + IIS7 (vs. Windows Server 2003 + IIS6)).
Parent post hits nail squarely on head. Just because Random Hopeless CA X is still in a browser's trusted root CA list, should not mean that they can issue certs against my domain that anyone should trust. Placing signed cert public key fingerprints (or even the public key fingerprint of the root CA that actually issues your cert, if you really trust that CA) would make it much harder for an attacker to compromise a well-run, high-value web site (such as gmail.com or a banking web site).
Google did this unilaterally in their own browser, by only trusting the small set of CAs that Google uses when accessing its own web sites. Neat, but not at all scalable, even if Google were motivated to extend that feature to high-value web sites run by other companies.
Grid computing had a similar idea - if you wanted to get your CA's certificate into the bundle of trusted CAs distributed with common Grid software bundles like Globus or VDT, your CA had to have a "signing authority" that limited what certificate subjects it could sign for, which was part of the CA certificate. This meant that even if I compromised Random Trusted Grid CA X, I could not issue a cert that claimed I was from, say, Fermilab, because that cert would not match against the signing authority for that other Grid CA. Commercial CAs would never agree to similar provisions, because that would restrict who they could sell certs to, but the parent post's idea devolves that signing authority down to the people who actually pay for the certificate, which is naturally where that authority should reside.
Best of all, to implement this scheme, you just need to create an appropriate DNS record, add the check to your preferred open source web browser, and start selling the idea to the browser users and web site operators. With luck, the public support for the idea gets it adopted by web site operators (it costs them almost nothing), CAs have nothing to object to because they can still sell certs to whoever they were already selling certs to, and browser users put pressure on the developers to support the scheme. You don't have to persuade everyone to swallow a barrel of crypto-anarchist-libertarian "decentralise everything, storm the Winter Palace, power to the people, right on!" Kool-Aid and destroy the existing PKI CA architecture in order to save it.
Remember, politics is the art of the possible.
-Snorbert, somewhere in the antipodes
No wonder they went down (inferior Linux security) http://tech.slashdot.org/comments.pl?sid=2499020&cid=37879884
I find the way it works now completely absurd.
It's like if someone wanted to be able to prove they owned a car, they had to print up a piece of paper that said they owned it, and then go to a random 'Car Authorities' and have them stamp it.. The CA would then call up the DNS, I mean the DMV, ask for that car owner's mailing address, and mail the paper to them.
Occasionally, someone forges a stamp, or slips an extra stamp into the 'list of acceptable stamps' that people check again, or sneaks into a CA at night and use their stamp, or exploits a security issue at the DMV's address checking, or steal the mail, or a government takes over the CA, etc, etc. And everyone gasps in horror, because no one has actually looked at the system and said 'Hey, wait, if the DMV knows who owns what cars, why the fuck aren't they stamping those pieces of paper?'
It is, frankly, a little astonishing how utterly stupid and nonsensical the entire idea of SSL signing as a business is. I'm sorry, when it was being invented, someone should have looked around and said 'Wait, what are we trying to do again? We already have a system for the actual domain owner to be looked up...it's called DNS. It already exists. Granted it's insecure, but wouldn't it make more sense to come up with a secure way of getting the cert info to people, instead of all this other nonsense?'
If people still want to operate signing agencies to confirm who the owner of the domain is, whatever. Although such a thing does not, and has never, required SSL at all. (Although obviously SSL is required to assure that you're talking to whoever the owner is.) It just requires a database somewhere. And I'm not sure letting random third parties put such things in that database makes sense.
It might make more sense to have, for example, a 'United States Bank' database that the Federal Reserve Board runs or something, keeping track of a domain name for every banks, which it gives out to browser manufacturers. And customers could be taught that their bank should say 'BANK' next to the URL.
The way it is now is utter nonsense. We have a system that's piss-poor at verifying that you are talking to the legit owner of a domain (Because the security of the system depends on utterly random third parties.) and has been extended to cover who the owner is, which it isn't very good at either.
If corporations are people, aren't stockholders guilty of slavery?
Yes, let's please use DNSSEC so that our domain registrar becomes our effective CA. I'm not kidding. It would simplify things enormously, and greatly improve security, especially for high-risk domains.
After all, I can go to any corrupt or government-operated CA and get a certificate for Google.com. But in order to to spoof DNSSEC I need to compromise Google's specific registrar, who has a very strong business incentive to not sign my fake google.com zone. The bigger the domain, the bigger the incentive to protect it.
You might not like the ICANN bureaucracy or the mechanics of DNSSEC, but compared to the existing CA/Certificate mess we have now, domain registration is a well-oiled machine.
And while the registrar would 'sign' the keys, it wouldn't be a process like currently works. No one needs to send anything in and get it emailed back. DNSSEC is supposed to be completely automatic. And the internet is implementing DNSSEC anyway, because of other security issues.
So once that's in place, you would just log into your registrar and paste in a copy of your public key into the host management area, or you'd point BIND at a copy of your public key, or whatever. That's it. The key actually used by the web server is not signed by anyone, it's just confirmed to be correct via that secured DNS record.
And, hell, letting people secure sites without CA signing would be a great way to force registrars to get off their ass and implement DNSSEC, or risk customers moving elsewhere.
And, oh, hey, fun fact. This would have taken care of the stupid one IP per SSL site problem without worrying about that non-implemented new thing. How? Easy. People running web server could just make a single SSL cert that covers *, and then put it as the key to every domain they have. In fact, I don't see why that wouldn't be the standard anyway.
Instead? A completely nonsensical system, where J. Random Company is randomly allowed to issue certs for everyone in existence.
If corporations are people, aren't stockholders guilty of slavery?
4 WERE BREACHED RECENTLY & THEY RUN LINUX:
http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com
http://uptime.netcraft.com/up/graph?site=DigiCert.com
4 WERE BREACHED RECENTLY & THEY RUN LINUX:
http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com
http://uptime.netcraft.com/up/graph?site=DigiCert.com