SSL authorities must not be trusted
Author: Делян Кръстев
Why SSL authorities must not be trusted ?
I have recently read this article:
Trustwave admits issuing man-in-the-middle digital certificate; Mozilla debates punishment
Trustware is one of the Certificate Authorities (CA) which has four certificates included in the Mozilla's trust chain. Mozilla's trust chain is used by most web browsers and most of the software using SSL verification and encryption.
What the article says is that Trustwave has issued an intermediate CA certificate to a third party company. Such certificate could be used for on the fly certificate generation, and thus sniffing SSL traffic. Furthermore Trustwave have called this common industry practice.
For the end user this means that the green bar in the browsers' address bars does not guarantee that they are actually speaking to the website which URL is written there. This also makes the used encryption useless.
147 CA certificates are included in the Mozilla trust chain. This is how they are distributed by country:
56 C=US,
7 C=HU,
6 C=ES,
6 C=DE,
5 C=TR,
5 C=JP,
5 C=GB,
4 C=SE,
4 C=FR,
4 C=EU,
4 C=CH,
3 C=TW,
3 C=IL,
3 C=BM,
2 C=ZA,
2 C=PL,
2 C=NO,
2 C=NL,
2 C=FI,
2 C=DK,
1 C=SK,
1 C=RO,
1 C=IE,
1 C=HK,
1 C=GR,
1 C=EE,
1 C=CO,
1 C=CN,
1 C=ch,
1 C=BE,
1 C=AT,Some of them do not have a country specified:
O=Cybertrust, Inc, CN=Cybertrust Global Root
O=Digital Signature Trust Co., CN=DST Root CA X3
O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
O=RSA Security Inc, OU=RSA Security 2048 V3
L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.comIf we look at the Organization tag, we will see that these certificates have been issued by 83 different organizations:
12 O=VeriSign, Inc.
7 O=GeoTrust Inc.
4 O=TC TrustCenter GmbH
4 O=NetLock Halozatbiztonsagi Kft.
4 O=AffirmTrust
4 O=AddTrust AB
3 O=ValiCert, Inc.
3 O=The USERTRUST Network
3 O=thawte, Inc.
3 O=SwissSign AG
3 O=Starfield Technologies, Inc.
3 O=QuoVadis Limited
3 O=Digital Signature Trust Co.
3 O=DigiCert Inc
3 O=Comodo CA Limited
2 O=Thawte Consulting cc
2 O=Staat der Nederlanden
2 O=Sonera
2 O=SecureTrust Corporation
2 O=SECOM Trust Systems CO.,LTD.
2 O=Microsec Ltd.
2 O=GlobalSign
2 O=Equifax Secure Inc.
2 O=Entrust.net
2 O=ComSign
2 O=COMODO CA Limited
2 O=Buypass AS-983163327
2 O=America Online Inc.
2 O=AC Camerfirma SA CIF A82743287
2 O=AC Camerfirma S.A.
1 O=XRamp Security Services Inc
1 O=WISeKey
1 O=Wells Fargo WellsSecure
1 O=Wells Fargo
1 O=VISA
1 O=Unizeto Technologies S.A.
1 O=Unizeto Sp. z o.o.
1 O=T\xC3\xBCrkiye Bilimsel ve Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK
1 O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
1 O=The Go Daddy Group, Inc.
1 O=TDC Internet
1 O=TDC
1 O=TAIWAN-CA
1 O=Swisscom
1 O=StartCom Ltd.
1 O=Sociedad Cameral de Certificaci\xC3\xB3n Digital - Certic\xC3\xA1mara S.A.
1 O=SECOM Trust.net
1 O=RSA Security Inc
1 O=PM/SGDN
1 O=Network Solutions L.L.C.
1 O=NetLock Kft.
1 O=Japanese Government
1 O=Japan Certification Services, Inc.
1 O=IZENPE S.A.
1 O=Hongkong Post
1 O=Hellenic Academic and Research Institutions Cert. Authority
1 O=GTE Corporation
1 O=Government Root Certification Authority
1 O=GoDaddy.com, Inc.
1 O=GlobalSign nv-sa
1 O=Generalitat Valenciana
1 O=Equifax Secure
1 O=Equifax
1 O=Entrust, Inc.
1 O=Elektronik Bilgi Guvenligi A.S.
1 O=EDICOM
1 O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E.
1 O=Disig a.s.
1 O=Digital Signature Trust
1 O=Dhimyotis
1 O=Deutsche Telekom AG
1 O=Deutscher Sparkassen Verlag GmbH
1 O=Cybertrust, Inc
1 O=CNNIC
1 O=Chunghwa Telecom Co., Ltd.
1 O=certSIGN
1 O=Certplus
1 O=Certinomis
1 O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
1 O=Baltimore
1 O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH
1 O=AS Sertifitseerimiskeskus
1 O=Agencia Catalana de Certificacio (NIF Q-0801176-I)By using the Mozilla trust chain we trust all these organizations. All of them have the power to sniff SSL traffic. All of them have the power to delegate the sniffing power to anyone else. This is not news to anyone who was paying attention. What is news, at least to me, is that they have admitted to actually do this bad practice.
All this shows how the most common trust model in the web is broken.
What can be done if we want to use encryption or URL verification ?
One option is to carefully choose the trust chain that we use. However this is not doable on global/Internet scale.
Another option has been provided by Dan Bernstein. He invented and proposed new encryption functions and protocols for the web:
- http://curvecp.org/
- http://dnscurve.org/
- http://www.linux-bg.org/cgi-bin/y/index.pl?page=article&id=advices&key=441401395 (CurveCP/DNSCurve description in Bulgarian)
Hopefully it will be widely accepted.
P.S. Here's an example command I've used to get certificate statistics:
cat /usr/share/ca-certificates/mozilla/* | \
perl -we 'my $F; while(<>) { m/BEGIN / and open($F, "|openssl x509 -text"); print $F $_ }' | \
egrep 'Subject:' | \
perl -wne 'my @a = m/(\w+\=.+?)(?=(?:, \w+\=|$))/g; print "$_\n" foreach grep(/^O=/, @a);' | \
sort | \
uniq -c | \
sort -rn![[Atom Feed]](/i/atom.png){kind=small}