The recent attack on Comodo and several of its associated registration authorities has spurred quite a bit of re-examination of the way that the Web’s certificate authority infrastructure works–or doesn’t. One interesting result of this work is that the folks at the Electronic Frontier Foundation have discovered that there are tens of thousands of legitimate certificates issued by CAs for unqualified names such as “localhost” or “Exchange,” a practice that could simplify some forms of man-in-the-middle attacks.
The data that the EFF analyzed came from the group’s SSL Observatory database, which compiles information on all of the certificates used on the Web. After looking through the database, Chris Palmer of the EFF discovered that CAs have issued more than 37,000 legitimate, signed certificates for names that are commonly used to identify machines on local corporate networks. In some environments users will often just type the name of an internal resource into their browsers in order to access it.
“In the Observatory we have discovered many examples of CA-signed
certificates unqualified domain names. In fact, the most common unqualified
name is ‘localhost’, which always refers to your own computer! It
simply makes no sense for a public CA to sign a certificate for this private
name. Some CAs have signed many, many certificates for this name, which
indicates that they do not even keep track of which names they have signed.
Some other CAs do make sure to sign ‘localhost’ only once. Cold comfort!” Palmer, the technology director of the EFF, wrote in an analysis of the certificate data.
“Although signing ‘localhost’ is humorous, CAs create real risk when they
sign other unqualified names. What if an attacker were able to receive a
CA-signed certificate for names like ‘mail’ or ‘webmail’? Such an attacker
would be able to perfectly forge the identity of your organization’s webmail
server in a ‘man-in-the-middle’
attack! Everything would look normal: your browser would use HTTPS, it
would show a the lock icon that indicates HTTPS is working properly, it
would show that a real CA validated the HTTPS certificate, and it would
raise no security warnings. And yet, you would be giving your password and
your email contents to the attacker.”
What the EFF found is that the data in their SSL Observatory showed a total of 2,201 certificates signed for the name “localhost”, and more than 8,000 certificates for some variation of “exchange” or “exch.” This isn’t a problem anywhere close to the level of the Comodo RAs being compromised, but as Palmer said, it’s something that needs to be addressed, especially now that there is a renewed focus on the workings of the CA infrastructure.
“Certificate authorities should stop signing unqualified names, and should
revoke existing certificates for unqualified names. They should also stop
signing IP addresses — especially private, non-routable addresses — and
should revoke existing IP address certificates, too,” Palmer wrote.