[LINK] RFC: Could CAs Be Eavesdropping on Their Clients?
kim at holburn.net
Sat Aug 14 22:54:33 AEST 2010
I was thinking about this reading the article and realised that every
time or so a certificate is used there is a call to the CA for the CRL
or ocsp. This in itself could be used for traffic analysis. The data
probably is logged.
It's a wonder that the browser makers are effectively setting
themselves up as an evaluation authority for CAs. Perhaps we could
have separate CA evaluation authorities to evaluate the CAs! Then you
would only need to point your browser at one or more CAEA. Perhaps I
jest. Here is where the web of trust is a more secure model but it
simply wouldn't work with most people who just aren't interested enough.
On 2010/Aug/14, at 10:02 AM, Roger Clarke wrote:
> The NYT story below says that Certificate Authorities (CAs) have
> proliferated to c. 650, and, worse than that, are out of control.
> Here follows a quick analysis (off the top of the head, without
> research) on two key aspects of the points made in the article. I'd
> be delighted if linkers can show me that my analysis is awry.
> The fundamental function of a CA is to attest to the association
> between a public key and an entity.
> 1. Re the Value of a Certificate
> (a) few organisations that could be expected to act as CAs actually
> do so. Possibilities in Australia, for example, include ASIC
> for companies and Medical Registration Board(s) for health care
> (b) few organisations that act as CAs are trustworthy
> (Verizon, for heaven's sake??)
> (c) quite limited investment is made by CAs in authenticating the
> by the applicant that it really, truly is the entity that it
> represents itself to be. (There's been talk about enhanced
> authentication processes, including in the article below, but
> I remain sceptical about how much progress has been made)
> (d) the level of assurance provided by CAs to people who rely on the
> certificates that they issue is almost zero
> Ergo: certificates are worth very little, nomatter who issues them.
> Ergo: whether a browser-supplier uses certificates issued by a
> 'brandname' organisation like Verizon, or by a twice-removed
> sub-licensee called Dodgy Bros. Ltd, doesn't make much difference to
> the assurance level.
> 2. Re Eavesdropping by CAs
> "Mr. Eckersley noted that [Dodgy Bros. Ltd] could misuse its position
> to eavesdrop on the activities of Internet users".
> I don't get it. The analysis below explains why.
> In order to "eavesdrop" on a channel protected using SSL/TLS, a third
> party needs two things:
> (1) copies of the messages that flow between the two parties
> (2) the key needed to decrypt the messages. (That's exchanged
> the parties using a public key-pair owned by one of the parties.
> So the third party needs that particular private key, in order to
> decrypt the key-exchange message and extract the encryption key)
> As regards (1), an organisation that provides a CA service would not
> normally be on a traffic-route between its customers. So the CA
> would have to either contrive to be there, or intrude spyware into
> its client's device in order to get copies of messages. In either
> case, it would be in serious breach of its role, and quite probably
> of local laws.
> As regards (2), an organisation that asks for a certificate from a CA
> provides its public key, but must under no circumstances expose its
> private key - to anyone, least of all the CA. So the CA would have
> to either trick its client into providing its private key (e.g. by
> offering a key-generation service), or intrude spyware into its
> client's device in order to get a copy of the private key. In either
> case, it would be in serious breach of its role, and quite probably
> of local laws.
> I have no respect for Dodgy Bros Ltd, and little respect for Verizon.
> But is corporate criminality so mainstream that behaviour of this
> kind is actually going on?
> A Warning About a Weak Link in Secure Web Sites
> By MIGUEL HELFT
> Published: August 13, 2010
> SAN FRANCISCO - Computer security researchers are raising alarms
> about vulnerabilities in some of the Web's most secure corners: the
> banking, e-commerce and other sites that use encryption to
> communicate with their users.
> Those sites, which are typically identified by a closed lock
> displayed somewhere in the Web browser, rely on a third-party
> organization to issue a certificate that guarantees to a user's Web
> browser that the sites are authentic. But as the number of such
> third-party "certificate authorities" has proliferated into hundreds
> spread across the world, it has become increasingly difficult to
> trust that those who issue the certificates are not misusing them to
> eavesdrop on the activities of Internet users, the security experts
> "It is becoming one of the weaker links that we have to worry about,"
> said Peter Eckersley, a senior staff technologist at the Electronic
> Frontier Foundation, an online civil liberties group.
> The power to appoint certificate authorities has been delegated by
> browser makers like Microsoft, Mozilla, Google and Apple ... to
> various companies, including Verizon.
> [The expression 'delegation of power' isn't appropriate. Less loaded
> would be 'Browser-makers use certificates issued by various
> Those entities, in turn, have certified others, creating a
> proliferation of trusted "certificate authorities," according to
> Internet security researchers.
> According to the Electronic Frontier Foundation, more than 650
> organizations can issue certificates that will be accepted by
> Microsoft's Internet Explorer and Mozilla's Firefox, the two most
> popular Web browsers. Some of these organizations are in countries
> like Russia and China, which are suspected to engage in widespread
> surveillance of their citizens.
> Mr. Eckersley said Exhibit No. 1 of the weak links in the chain is
> Etisalat, a wireless carrier in the United Arab Emirates that he said
> was involved in the dispute between the BlackBerry maker, Research in
> Motion, and that country over encryption. The U.A.E. threatened to
> discontinue some BlackBerry services because of R.I.M.'s refusal to
> offer a surveillance back door to its customers' encrypted
> communications. Mr. Eckersley also said that Etisalat was found to
> have installed spyware on the handsets of some 100,000 BlackBerry
> subscribers last year. Research in Motion later issued patches to
> remove the malicious code.
> Yet Mr. Eckersley noted that Etisalat was one of the "certificate
> authorities" and could misuse its position to eavesdrop on the
> activities of Internet users.
> In an open letter signed by Mr. Eckersley, the Electronic Frontier
> Foundation is asking Verizon, which issued Etisalat's power to
> certify Web sites, to consider revoking that authority.
> Verizon declined to comment. Etisalat did not respond to an e-mail
> requesting comment.
> Mr. Eckersley wrote that Etisalat could issue fake certificates to
> itself for scores of Web sites, including google.com, Microsoft.com
> and Verizon.com, and "use those certificates to conduct virtually
> undetectable surveillance and attacks against those sites." Etisalat
> could also eavesdrop on virtual private networks used by corporations
> to communicate securely around the world, he wrote.
> "We believe this situation constitutes an unacceptable security risk
> to the Internet in general and especially to foreigners who use
> Etisalat's data services when they travel," he wrote, adding that the
> foundation did not know whether Etisalat had misused its authority
> Concerns about certificates have been raised before. When Firefox
> considered granting certificate authority to a Chinese company
> earlier this year, members of the Firefox community worried that the
> company might be pressured by the government to eavesdrop, for
> example, on the Gmail accounts of Chinese dissidents. Eventually,
> Firefox decided to go ahead with the process.
> Other security experts said that they were concerned about the
> proliferation of certificate authorities.
> "I think it is a really big deal," said Stephen Schultze, associate
> director of the Center for Information Technology Policy at Princeton
> University. Mr. Schultze said that the problem "is not a reason to
> panic and stop doing online banking or e-commerce. But it is bad
> enough problem that it should be receiving a lot more attention and
> we should be trying to fix it."
> Some browser makers, however, suggested that while attacks were
> possible in theory, the system had worked reasonably well for more
> than a decade.
> "It has proven itself historically to be relatively secure," said
> Johnathan Nightingale, Mozilla's director of Firefox development. Mr.
> Nightingale said that many e-commerce sites were using a new type of
> certificate that required extensive verification. If a certificate
> authority was misusing its power to eavesdrop, he said, a user with
> technical skills could detect the attack, and the organization's
> power to issue certificates would be revoked.
> Roger Clarke http://www.rogerclarke.com/
> Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611
> Tel: +61 2 6288 1472, and 6288 6916
> mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
> Visiting Professor in the Cyberspace Law & Policy Centre Uni of
> Visiting Professor in Computer Science Australian National
> Link mailing list
> Link at mailman.anu.edu.au
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link