Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Trusted CA issuing SSL server certs with unvetted FQDNs!

13 views
Skip to first unread message

Nelson Bolyard

unread,
Aug 19, 2008, 8:40:23 PM8/19/08
to
In a Network World column,
http://www.networkworld.com/community/node/31124
the author writes:

> At Black Hat ‘08 there was a great demonstration of how valid “internal
> testing only” FQDN certificates for URLs that you don’t control can be
> obtained by anyone asking. The one obtained by the researcher at Black Hat
> was for MSFT’s https://login.live.com site, he didn’t disclose the CA that
> issued it to him but it was one that was trusted in IE by default.

This is, of course, very serious, as it casts doubts on the value of SSL
and PKI for all products that use SSL.

If we can determine what CA is doing this, I propose we pull them from
the trusted CA list immediately.


Wan-Teh Chang

unread,
Aug 19, 2008, 9:02:27 PM8/19/08
to mozilla's crypto code discussion list
On Tue, Aug 19, 2008 at 5:40 PM, Nelson Bolyard
<NOnels...@nobolyardspam.com> wrote:
> In a Network World column,
> http://www.networkworld.com/community/node/31124
> the author writes:
>
>> At Black Hat '08 there was a great demonstration of how valid "internal
>> testing only" FQDN certificates for URLs that you don't control can be
>> obtained by anyone asking.

This means that CA doesn't even do "domain validation", right?

Wan-Teh

Eddy Nigg

unread,
Aug 19, 2008, 9:15:46 PM8/19/08
to
Nelson Bolyard:

> This is, of course, very serious, as it casts doubts on the value of SSL
> and PKI for all products that use SSL.
>
> If we can determine what CA is doing this, I propose we pull them from
> the trusted CA list immediately.
>
>

Ask them!


--
Regards

Signer: Eddy Nigg, StartCom Ltd.
Jabber: star...@startcom.org
Blog: https://blog.startcom.org

Nelson Bolyard

unread,
Aug 19, 2008, 10:20:29 PM8/19/08
to

I believe so. I seriously doubt that the presenter of this demo
(whoever it was) really controlled the domain for live.com.

On the other hand, it is possible that the domain validation was performed
but that it was deceived through the use of DNS attacks. In his slides
on the subject of DNS attacks, Dan Kaminsky did say that it was possible
to deceive domain validation through DNS attacks.

See http://www.doxpara.com/DMK_BO2K8.ppt slides 76-79, especially slide 77

Eddy Nigg wrote:

> Ask them!

Who?

I have no information about this beyond what I already posted in this thread.

Thorsten Becker

unread,
Aug 20, 2008, 4:38:15 PM8/20/08
to
Nelson Bolyard wrote:
> On the other hand, it is possible that the domain validation was performed
> but that it was deceived through the use of DNS attacks. In his slides
> on the subject of DNS attacks, Dan Kaminsky did say that it was possible
> to deceive domain validation through DNS attacks.

I think domain validation could be deceived using DNS attacks, but in this
case this was apparently not necessary:

http://www.networkworld.com/community/node/30822

"Michael started his talk by detailing how he was able to purchase a
certificate from a major CA with a FQDN of an existing fortune 500
company’s website! How you ask is this possible, well when filling out the
request form he simply checked the box that stated that the certificate was
not going to be used on the internet and was for internal testing only."

Nelson B Bolyard

unread,
Aug 20, 2008, 5:58:06 PM8/20/08
to mozilla's crypto code discussion list

I'll be convinced when I see the cert and/or see the web site's enrollment
page with that feature. There's one CA that can kiss it's place in the root
list good-bye.

Eddy Nigg

unread,
Aug 20, 2008, 7:39:54 PM8/20/08
to
Nelson B Bolyard:

>
> I'll be convinced when I see the cert and/or see the web site's enrollment
> page with that feature. There's one CA that can kiss it's place in the root
> list good-bye.
>

Quoting from the article:

"The one obtained by the researcher at Black Hat was for MSFT’s
https://login.live.com site, he didn't disclose the CA that issued it to
him but it was one that was trusted in IE by default."

First of all, this CA doesn't have to be in NSS, but is in IE. Luckily
not every CA which is trusted by MSIE is also in Mozilla. Some of you
might be surprised about which aren't in NSS and most likely rightly so.
MS doesn't have the same requirements as Mozilla. Not sure now if they
require domain validation, but maybe not...

Second, Mozilla and/or Microsoft might be able to force the disclosure
of that CA. Most likely they removed the evidence at the web site and
revoked the certificate by now, but the certificate itself might be
prove enough.

Kyle Hamilton

unread,
Aug 20, 2008, 7:43:19 PM8/20/08
to mozilla's crypto code discussion list
2008/8/20 Robert Relyea <rre...@redhat.com>:
>
> Luckily, Michael also stated that most CA's rejected his requests. But it
> only takes one CA to spoil the party.
>

It only takes one CA to spoil the party, because there's no
presentation to the user of who's responsible for the muckup.

Of course, if he doesn't provide the certificate and proof that he has
the private key to it, I'm going to believe this as an unfounded
attack against the credibility of the PKI system in general.

It's called "put up or shut up". Unfortunately, since there's no
single "owner" of the PKI, there's no place/person who can directly
claim slander or libel and thus damages, which essentially makes these
types of attacks damaging without recourse.

-Kyle H

Nelson B Bolyard

unread,
Aug 20, 2008, 7:55:27 PM8/20/08
to mozilla's crypto code discussion list
Kyle Hamilton wrote:
> 2008/8/20 Robert Relyea <rre...@redhat.com>:
>> Luckily, Michael also stated that most CA's rejected his requests. But it
>> only takes one CA to spoil the party.

> Of course, if he doesn't provide the certificate and proof that he has


> the private key to it, I'm going to believe this as an unfounded
> attack against the credibility of the PKI system in general.
>
> It's called "put up or shut up". Unfortunately, since there's no
> single "owner" of the PKI, there's no place/person who can directly
> claim slander or libel and thus damages, which essentially makes these
> types of attacks damaging without recourse.

I agree with you completely on the above quoted points.

Someone from Mozilla is trying to get info about the CA from the presenter.

0 new messages