There are a lot of things in the security world that are broken and there isn’t room to list them all, even on the Internet. But if the events of the last few days have shown us anything, it’s that the certificate authority infrastructure is beyond broken and there’s no quick fix looming on the horizon. In fact, the way things look now, there may not be any practical solution to the problem at all.
The details of the attack on DigiNotar that began to leak out on Monday have gotten uglier by the day as more and more researchers have looked into the compromise and the depth of the problem became clear. At the beginning, the attack looked to be quite similar to the March compromise of Comodo. In both cases, attackers were able to find a way into the CA’s infrastructure and issue themselves valid SSL certificates for a series of high-value domains that they didn’t control. Many of the targeted domains–Google, Yahoo, Mozilla–are the same in both cases and the ultimate goal likely was the same, as well: impersonating trusted sites in order to capture sensitive user data.
But, as bad as the Comodo attack was, it is beginning to pale in comparison to the mess that’s emerging from DigiNotar’s servers right now. Not only did the company issue SSL certificates for Google, Tor, Yahoo and others to some unknown third parties who may have been using them to intercept traffic from users in Iran, but DigiNotar may have been completely compromised for some time. The company revoked some still-unknown number of fraudulent certificates several weeks ago when it discovered signs of the attack, but it somehow missed the Google wildcard certificate, which is the one that brought all of this to light. What’s even more worrisome is that the company not only issues commercial SSL certs, but also is the provider for the Dutch government’s PKI program.
Those are the problems that we know about. Raise your hand if you think there aren’t six or eight or a dozen other CAs that are similarly compromised and just don’t know it yet. Right. Any CA that isn’t doing a complete security audit of its infrastructure right now is either totally overconfident or delusional.
In some ways, the attackers who have owned Comodo, DigiNotar and other CAs have done us all a favor. They’ve exposed the cracked footings and crumbling foundation that underpins the entire SSL and CA infrastructure. Matt Blaze, a cryptographer and associate professor at Penn, put as succinctly as anyone when he said years ago: “Certificate authorities protect you from anyone from whom they’re unwilling to take money.”
It’s a system that’s long overdue for a major overhaul, but is so intertwined in the inner workings of the Internet that there’s almost no practical way to get it done at this point. Jacob Appelbaum of The Tor Project, who was the first one to publicly detail the Comodo attack and has been researching the DigiNotar attack as well, said as much in his analysis of the DigiNotar situation.
“The Certificate Authority system as it stands today is a house of cards
and we’re witnessing in public what many have known for years in
private. The entire system is soaked in petrol and waiting for a light,” Appelbaum wrote.
That spark needed to burn the whole system down started with the Comodo compromise and may have caught for good now with the DigiNotar attack. But even if everyone spontaneously abandoned the CA system tomorrow, the underlying problem that it was designed to solve will still be there. In order for security and privacy to exist online, users need to be able to trust someone or something. Right now that thing is the browser, which in turn places its trust in the certificates that sites present to it. And those certificates are issued by…CAs such as Comodo and DigiNotar.
Which part of that seems like it’s working well?
There’s fairly broad agreement in the security industry that something needs to be done about this state of affairs, but there’s not much in the way of consensus on what to do. Trust is a difficult concept to implement in real life and it’s turned out to be far harder to implement online.
There’s an old axiom in the security community that says you should always operate with the assumption that your network has been owned. But how are we supposed to operate when it’s the CAs that are owned?