from www.thewhir.com – In a report issued this week, online watchdog group the Electronic Frontier Foundation said that certificate authorities are issuing SSL certificates for unqualified domains in large numbers, a practice that the report’s author Chris Palmer says could impact the integrity of the whole SSL system, and puts Internet users at increased risk of attack.
Certificate authorities, says Palmer, are only supposed to issue certificates for public names – that is, for fully-qualified domains that reference a specific machine. Palmer’s research into data in the EFF’s “SSL Observatory” uncovered large numbers of certificates signed by CAs for domains typically used as internal-network shorthand, such as “mail,” “wiki,” or “intranet.”
“In the Observatory we have discovered many examples of CA-signed certificates unqualified domain names,” he writes. “In fact, the most common unqualified name is ‘localhost,’ which always refers to your own computer! It simply makes no sense for a public CA to sign a certificate for this private name. Some CAs have signed many, many certificates for this name, which indicates that they do not even keep track of which names they have signed. Some other CAs do make sure to sign ‘localhost’ only once. Cold comfort!”
The actual threat, however, is posed by the occasions when a CA would sign a name like “webmail” or “mail.” If an attacker were to acquire a SSL certificate for a name like that, he would be able to easily acquire email and password information from unsuspecting users. He says names including references to Microsoft Exchange are the most common unqualified names that CAs seem willing to sign.
“What if an attacker were able to receive a CA-signed certificate for names like ‘mail’ or ‘webmail?’ Such an attacker would be able to perfectly forge the identity of your organization’s webmail server in a ‘man-in-the-middle’ attack,” says Palmer.
In a follow-up post this week, Palmer said CAs are also issuing SSL certificates for non-existent domains, which isn’t such a problem right now, but could become one as the new TLD process currently underway sees many new TLDs introduced in the next year or so.
“It might happen that someday ICANN will create some of these TLDs,” he says. “There is even talk that they might allow people to register (at a high cost) arbitrary TLDs like .milk or .cookies. In that case, these currently-invalid certificates will become valid because they will suddenly refer to usable internet names. For example, imagine if Microsoft were able to, in the future, register the .microsoft TLD so that they could have www.microsoft for their web site address. As the Observatory shows, an attacker can probably get a CA to sign that name today. Such an attacker would be able to hijack Microsoft’s web site on the very minute the new name goes live.”
The original post links out to some other investigation into CAs issuing unqualified domains by George Macon of Georgia Tech, who isolates how many times individual CAs sign those domains. Macon says Go Daddy is the most common offender. The analysis also identifies 28 EV SSL certificates issued to unqualified domains as of January 2011, when the study was conducted.
According to reports, 18 of those EV certificates have since been accounted for, leaving 10 unaccounted for.
A report from the Tech Herald includes a comment from certificate authority Verisign, which is now a part of Symantec, and has since revoked the EV SSL certificates it had issued to non fully qualified domain names, and ensured that further EV certificates cannot be issued that way.
It has been a difficult few weeks for certificate authorities. With Comodo resellers issuing rogue SSL certificates to a hacker in late March, the entire SSL certificate system has come under fairly intense scrutiny.
At last week’s IETF security forum, several organizations, including Comodo and Google floated some new SSL certificate security ideas.
In the EFF report, Palmer recommends that end users stop using unqualified links to access resources, instead setting browser bookmarks to the full URLs for those services. He also suggests that browsers stop treating SSL certificates issued to unqualified domains as valid.