[LINK] RFC: Could CAs Be Eavesdropping on Their Clients?

Roger Clarke Roger.Clarke at xamax.com.au
Sat Aug 14 10:02:09 AEST 2010

The NYT story below says that Certificate Authorities (CAs) have 
proliferated to c. 650, and, worse than that, are out of control.

Here follows a quick analysis (off the top of the head, without 
research) on two key aspects of the points made in the article.  I'd 
be delighted if linkers can show me that my analysis is awry.


The fundamental function of a CA is to attest to the association 
between a public key and an entity.

1.  Re the Value of a Certificate


(a)  few organisations that could be expected to act as CAs actually
      do so.  Possibilities in Australia, for example, include ASIC
      for companies and Medical Registration Board(s) for health care
(b)  few organisations that act as CAs are trustworthy
      (Verizon, for heaven's sake??)
(c)  quite limited investment is made by CAs in authenticating the claim
      by the applicant that it really, truly is the entity that it
      represents itself to be.  (There's been talk about enhanced
      authentication processes, including in the article below, but
      I remain sceptical about how much progress has been made)
(d)  the level of assurance provided by CAs to people who rely on the
      certificates that they issue is almost zero

Ergo:  certificates are worth very little, nomatter who issues them.

Ergo:  whether a browser-supplier uses certificates issued by a 
'brandname' organisation like Verizon, or by a twice-removed 
sub-licensee called Dodgy Bros. Ltd, doesn't make much difference to 
the assurance level.

2.  Re Eavesdropping by CAs

"Mr. Eckersley noted that [Dodgy Bros. Ltd] could misuse its position 
to eavesdrop on the activities of Internet users".

I don't get it.  The analysis below explains why.

In order to "eavesdrop" on a channel protected using SSL/TLS, a third 
party needs two things:
(1)  copies of the messages that flow between the two parties
(2)  the key needed to decrypt the messages.  (That's exchanged between
      the parties using a public key-pair owned by one of the parties.
      So the third party needs that particular private key, in order to
      decrypt the key-exchange message and extract the encryption key)

As regards (1), an organisation that provides a CA service would not 
normally be on a traffic-route between its customers.  So the CA 
would have to either contrive to be there, or intrude spyware into 
its client's device in order to get copies of messages.  In either 
case, it would be in serious breach of its role, and quite probably 
of local laws.

As regards (2), an organisation that asks for a certificate from a CA 
provides its public key, but must under no circumstances expose its 
private key - to anyone, least of all the CA.  So the CA would have 
to either trick its client into providing its private key (e.g. by 
offering a key-generation service), or intrude spyware into its 
client's device in order to get a copy of the private key.  In either 
case, it would be in serious breach of its role, and quite probably 
of local laws.

I have no respect for Dodgy Bros Ltd, and little respect for Verizon. 
But is corporate criminality so mainstream that behaviour of this 
kind is actually going on?


A Warning About a Weak Link in Secure Web Sites
Published: August 13, 2010

SAN FRANCISCO - Computer security researchers are raising alarms 
about vulnerabilities in some of the Web's most secure corners: the 
banking, e-commerce and other sites that use encryption to 
communicate with their users.

Those sites, which are typically identified by a closed lock 
displayed somewhere in the Web browser, rely on a third-party 
organization to issue a certificate that guarantees to a user's Web 
browser that the sites are authentic. But as the number of such 
third-party "certificate authorities" has proliferated into hundreds 
spread across the world, it has become increasingly difficult to 
trust that those who issue the certificates are not misusing them to 
eavesdrop on the activities of Internet users, the security experts 

"It is becoming one of the weaker links that we have to worry about," 
said Peter Eckersley, a senior staff technologist at the Electronic 
Frontier Foundation, an online civil liberties group.

The power to appoint certificate authorities has been delegated by 
browser makers like Microsoft, Mozilla, Google and Apple ... to 
various companies, including Verizon.

[The expression 'delegation of power' isn't appropriate.  Less loaded 
would be 'Browser-makers use certificates issued by various 

Those entities, in turn, have certified others, creating a 
proliferation of trusted "certificate authorities," according to 
Internet security researchers.

According to the Electronic Frontier Foundation, more than 650 
organizations can issue certificates that will be accepted by 
Microsoft's Internet Explorer and Mozilla's Firefox, the two most 
popular Web browsers. Some of these organizations are in countries 
like Russia and China, which are suspected to engage in widespread 
surveillance of their citizens.

Mr. Eckersley said Exhibit No. 1 of the weak links in the chain is 
Etisalat, a wireless carrier in the United Arab Emirates that he said 
was involved in the dispute between the BlackBerry maker, Research in 
Motion, and that country over encryption. The U.A.E. threatened to 
discontinue some BlackBerry services because of R.I.M.'s refusal to 
offer a surveillance back door to its customers' encrypted 
communications. Mr. Eckersley also said that Etisalat was found to 
have installed spyware on the handsets of some 100,000 BlackBerry 
subscribers last year. Research in Motion later issued patches to 
remove the malicious code.

Yet Mr. Eckersley noted that Etisalat was one of the "certificate 
authorities" and could misuse its position to eavesdrop on the 
activities of Internet users.

In an open letter signed by Mr. Eckersley, the Electronic Frontier 
Foundation is asking Verizon, which issued Etisalat's power to 
certify Web sites, to consider revoking that authority.

Verizon declined to comment. Etisalat did not respond to an e-mail 
requesting comment.
Mr. Eckersley wrote that Etisalat could issue fake certificates to 
itself for scores of Web sites, including google.com, Microsoft.com 
and Verizon.com, and "use those certificates to conduct virtually 
undetectable surveillance and attacks against those sites." Etisalat 
could also eavesdrop on virtual private networks used by corporations 
to communicate securely around the world, he wrote.

"We believe this situation constitutes an unacceptable security risk 
to the Internet in general and especially to foreigners who use 
Etisalat's data services when they travel," he wrote, adding that the 
foundation did not know whether Etisalat had misused its authority 

Concerns about certificates have been raised before. When Firefox 
considered granting certificate authority to a Chinese company 
earlier this year, members of the Firefox community worried that the 
company might be pressured by the government to eavesdrop, for 
example, on the Gmail accounts of Chinese dissidents. Eventually, 
Firefox decided to go ahead with the process.

Other security experts said that they were concerned about the 
proliferation of certificate authorities.

"I think it is a really big deal," said Stephen Schultze, associate 
director of the Center for Information Technology Policy at Princeton 
University. Mr. Schultze said that the problem "is not a reason to 
panic and stop doing online banking or e-commerce. But it is bad 
enough problem that it should be receiving a lot more attention and 
we should be trying to fix it."

Some browser makers, however, suggested that while attacks were 
possible in theory, the system had worked reasonably well for more 
than a decade.

"It has proven itself historically to be relatively secure," said 
Johnathan Nightingale, Mozilla's director of Firefox development. Mr. 
Nightingale said that many e-commerce sites were using a new type of 
certificate that required extensive verification. If a certificate 
authority was misusing its power to eavesdrop, he said, a user with 
technical skills could detect the attack, and the organization's 
power to issue certificates would be revoked.

Roger Clarke                                 http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list