The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months.
The data that the EFF looked at was a summary of the reasons that specific certificates were revoked by CAs, as reported by the CAs themselves in CRLs. When a certificate is revoked, the CA specifies a reason for the action, and the EFF looked through the data collected in its SSL Observatory database and found that a scan of CRLs in June showed that 10 individual CAs reported that they were revoking 55 total certificates because of a CA compromise. Another scan in mid-October showed that 14 separate CAs had revoked 248 certificates because of a compromise.
“Those “CA Compromise” CRL entries as of June were published by 10 distinct CAs. So, from this data, we can observe that at least 4 CAs have experienced or discovered compromise incidents in the past four months. Again, each of these incidents could have broken the security of any HTTPS website,” Peter Eckersley of the EFF wrote in an analysis of the data.
The only widely known CA compromise since June is the attack on DigiNotar this summer that completely compromised that company’s CA infrastructure and eventually led to it being shut down. All of the major browser vendors were forced to revoke their trust in the DigiNotar root certificates and the attacker who claimed credit for the attack said that he also had compromised several other CAs.
Earlier this year, the same attacker said he was responsible for the attack on Comodo that compromised a registration authority in Europe and enabled him to issue rogue certificates for a variety of valuable sites, including Skype, Yahoo and Google. He did the same thing after compromising DigiNotar. Those two incidents spurred a broad discussion in the industry about the inherent problems with the CA system and the dangers of relying on it. No clear solution to the problem has emerged, although the Convergence system designed by Moxie Marlinspike has garnered some attention.
Eckersley of the EFF said in his post on the SSL Observatory data that the organization is planning to propose its own plan for solidifying the CA infrastructure soon.
“In short: there are a lot of ways to break HTTPS/TLS/SSL today, even when websites do everything right. As currently implemented, the Web’s security protocols may be good enough to protect against attackers with limited time and motivation, but they are inadequate for a world in which geopolitical and businesses contests are increasingly being played out through attacks against the security of computer systems,” Eckersley wrote. “We will set out an EFF proposal for reinforcing the CA system, which would allow security-critical websites and email systems to protect themselves from being compromised via an attack on any CA in the world.”
This story was updated on Oct. 28 to reflect new information from the EFF showing that the number of CAs compromised since June is four.