Smoke, Fire and SSL
Where there’s smoke, there’s fire, goes the adage.
And in the case of an allegedly-theoretical exploit outlined in a new paper by Chris Soghoian and Sid Stamm (the compelled certificate creation attack), the presence of a product whose only use it to exploit it probably indicates that there’s more going on than one would like there, too. As Wired’s Threat Level notes:
Normally when a user visits a secure website, such as Bank of America, Gmail, PayPal or eBay, the browser examines the website’s certificate to verify its authenticity.
At a recent wiretapping convention, however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds. The boxes were designed to intercept those communications — without breaking the encryption — by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities.
The attack is a classic man-in-the-middle attack, where Alice thinks she is talking directly to Bob, but instead Mallory found a way to get in the middle and pass the messages back and forth without Alice or Bob knowing she was there.
The existence of a marketed product indicates the vulnerability is likely being exploited by more than just information-hungry governments, according to leading encryption expert Matt Blaze, a computer science professor at University of Pennsylvania.
While not known to most users, the CAs are one of the weakest links in the SSL public key infrastructure, a problem amplified by the fact that the major web browsers trust hundreds of different firms to issue certificates. Each of these firms can be compelled by their national government to issue a certificate for any particular website that all web browsers will trust without warning. Thus, users around the world are put in a position where their browser entrusts their private data, indirectly, to a large number of governments (both foreign and domestic) whom these individuals would never ordinarily trust.
(Who’s that first quote?)
I’ve always wondered who came up with the design of the SSL Infrastructure. I know it’s far from perfect, but why wasn’t the DNS Infrastructure either extended or simply copied? It wouldn’t solve the problem of NSA oversight, but it would make the terrain a bit less chaotic.
Entertainingly, I’d forgotten all about the fact that Ian Grigg and I wrote to ICANN on an issue closely related to this.
See http://forum.icann.org/lists/net-rfp-verisign/msg00008.html and thanks to Ian (for driving the original letter) and Chris (for reminding me about it.)