Comodo has admitted a further two registration authorities tied to the digital certificates firm were hit by a high-profile forged digital certificate attack earlier this month. No forged certificates were issued as a result of the assault on victims two and three of the attack, but confirmation that multiple resellers in the …
"Alden said Comodo was in the process of rolling out two-factor authentication products to its resellers..."
Hey, they could use some of those really secure dongle things made by RSA!!
Oh, hang on though....
"Comodo should not have allowed its RAs resellers to issue digital certificates directly from the root, a practice that invalidated possible countermeasures to the attack,"
Not true. You can presumably just remove all the Comodo certificates from your system and stop trusting anything that has a Comodo root. If Comodo have chosen to set up their business in a way that precludes less drastic action, that's their problem.
Not just their problem.
If you do that in, say, a large corporate rollout image and then force the update through, your helpdesk will be swamped by confuddled angrasperated lusers complaining that a whole raft of your business partners' b2b websites suddenly will pop up complaints about the certificate being untrusted. Any and all middle managers will just say you're failing to be a teamplayer because you're impeding business. No matter the fact that the problem is with comodo, it's you that made it visible and the fact that those certificates are worth less than the bits' storage costs won't ever matter in the middle manager's mind.
That's how bad CAs can continue to exist indefinitely. Though it does mean the PKI's trustworthiness will continue to be chewed up from within, paid for by all those people paying for certificates.
Re: Not just their problem
"Any and all middle managers will just say you're failing to be a team player because you're impeding business."
Easily dealt with. Those middle managers just have to sign on the dotted line to accept personal responsibility for the security of the company's IT infrastructure. *Then* they can use their dodgy certificates.
If only it were really that simple.
""Comodo should not have allowed its RAs resellers to issue digital certificates directly from the root, a practice that invalidated possible countermeasures to the attack,"
Not true. "
Of course it's true.
You should never *ever* issue certificates from the root ca. If you allow each company, person, department or whatever an unique subortinate CA you are in a position where you can easilly control things when one of the certificate issuers is compromised or goes rogue.
Indeed it is considere best practice to take the root ca offline once you have set up the subordinates and only put it back on line when you need to make changes.
Huzzah, comodo is promising to do better
But in the meantime, they still let externals, with unknown (and for a CA therefore untrustable) networks meddle with their root key. And this has been the case for an unspecified length of time, probably since their first RA showed up, possibly since the beginning of the operation. They only now implemented IP address restrictions. And throwing two-factor auth into the deal for that buzzword-y goodness. That again means they haven't really thought about who they trust(ed).
I say, that means they cannot be trusted as an authority of "trustability", that is a root CA. It does, however, serve as a vivid illustration just what state the PKI industry is in. Who else hasn't really thought about what they were doing? What are those "stringent" requirements parties like mozilla and micros~1 demand before accepting a CA's root certificate worth, really? Those requirements again haven't protected the world at large from a corrupted CA--even if through its RAs, since it vouches for them and indeed cannot revoke its endorsements.
Comodo, even when struck out entirely, as it should be, is but the tip of the iceberg. How much of the PKI can we trust at all?
trust and all that gobbledygook
"How much of the PKI can we trust at all?" -- In an absolute sense, of course, none of it whatsoever.
The only certificate-signer that you can trust in an absolute sense is the one you know personally who signs the certificate in front of you. However, that is just slightly impractical for certificates that identify web servers on other continents.
Of course, this is the ultimate failing of the hierarchy of trust. At least with a PGP-style web of trust, you have the opportunity to meet up with an old friend who wants to send you preparatory information, so he can give you a copy of his PGP public key. You know it's John, because he is sitting right there in front of you holding a pint, and you have a floppy disk with his key on it that he just gave you, just as he has one with your key on it that you just gave him.
The key part here, of course, is "holding a pint", not all the gobble about keys. You do this key exchange in the pub, duh. (Seriously. I once did this so John could send me semi-sensitive info about the company he was working for during my notice period before I started there. He really was called John.)
Still not good enough
"The only certificate-signer that you can trust in an absolute sense is the one you know personally who signs the certificate in front of you."
Still not good enough. You also have to believe that he will subsequently, and has until now managed to retain confidentiality of his private key. Otherwise his authentication using the certificate you agreed to trust becomes worthless.
PKI can be useful as a formal specification of some sorts of assurance, but it absolutely does not do what people use it for.
They are dead in a toilet, sorry.
Good detective work on this by the guy who blogs here
who has now set up clrwatch to warn of this kind of hack
A previous el reg article mentioned that, yes:
Hey You are all wrong. just read the Hacker explanation carefully from bellow: