Too right. The concept of trusting some company full of incompetent pricks to accurately and securely provide the ID credentials for anyone else is a bit of an oversight that's now showing the true nature of how flawed it really is.
Google has read the riot act to Symantec, scolding the security biz for its slapdash handling of highly sensitive SSL certificates. In September it emerged that Symantec's subsidiary Thawte generated a number of SSL certs for internal testing purposes. One of these certificates masqueraded as a legit cert for Google.com, …
Better system is still complex
A small step towards abolishing the whole, "trusted certificate authority", system altogether, and moving towards some better.
While I realise that Google is doing everyone a favour in this case, I hesitate to replace the current (seriously broken) "trusted certificate authority" system with a "trusted by Google" system.
Things like "Certificate Transparency" seem to be a good step forward, particularly if multiple big players (including some based in Russia and China) join in.
"...a bit of an oversight..."
Hardly. The system was designed like this. Carefully and painstakingly designed to be exactly what it is.
Do you really believe that all the little "accidents" like this are accidental?
Think about it for a moment. There's a purpose behind it. Who designed it? Who controls the CA "trust"? Who benefits from all these (and all the undisclosed) little "accidents"?
Broken by design.
...and you'll never fix it. Not ever.
I've just watched the new Killing Joke video too! It's the illuminati! And Britney and Rhianna!
The concept of trusting some company full of incompetent pricks to accurately and securely provide the ID credentials for anyone else is a bit of an oversight that's now showing the true nature of how flawed it really is.
Particularly when the economics strongly favor sloppy behavior. Actually checking identities before signing certificates, for example, is a cost with no obvious return for the CA, and the costs of not doing so are almost all externalities.
The flat-tree hierarchy we currently have for the public X.509 PKI certainly doesn't help either.
Of course, people have proposed various other PKI architectures, even using the (dreadful) X.509 certificates. RFC 4158 describes mesh and cross-certified structures, among other options. But there's been little work to try to build them, and if you want to use generally-available software with them you have your work cut out for you. (There was a discussion of using a mesh PKI on the OpenSSL-Users list some time back, and the conclusion was "roll your own verification". Now, sometimes that's necessary anyway, but it certainly doesn't help broaden adoption.)
"Which Service do you Require?"
"Oh Fuck.. Bugger. Drop The Line. Fuck! What's the command?"
Rips the cables out.
I can see that internal testing of certificate creation, validation, revocation etc. can require bogus certificates.
What I fail to understand is why test systems with bogus certificates were exposed to the Internet.
Surely the main issue is the management and firewalling of the test and development systems to prevent them leaking onto the Internet?
Re: Internal testing?
No, the real point is that you NEVER use real/production data for testing/development because you never know when it can leak.
Re: Internal testing?
It would have been a simple matter to set up dummy/fake corporations in the real world and give them certificates (and websites, etc) and then practice/play with those instead of real customer certificates. You could even give them bank accounts and play/practice with secure financial transactions and so on.
Re: Internal testing?
Indeed, that is exactly why example.com is a reserved address.
Re: NEVER use real/production data for testing/development
That way when it fucks up in production it's a lovely surprise!
Re: Internal testing?
Hire someone from the CIA - they've been chartering phony corporations in Delaware for years...
attack on the web!
It really does make one wonder. Lets hope it was just sloppy sloppy and not anti web manoeuvers.
"Be more evil"
Yesh, it sounds good in this case...
You know what Thawte did?
The version I was brought up with killed the cat. Does this mean no more cute cat images on the web?
I read through Symantec's response. It sounds like they are taking this seriously and responding appropriately. Google comes off as a bully trying to dictate the playground rules.
At the end of the day, companies in the security space are only one press release away from humility. Google should be careful how big of stones they throw, Symantec may be inclined to throw them back someday when the tables are turned.
Re: Glass houses
I think that you don't appreciate how important absolute trust in a root CA must be. The entire system starts to break down if they start using rogue certificates. A few years ago a Dutch CA was compromised because of sloppy practises. They were bored out of the browsers and then went bankrupt. It's serious...
Re: Glass houses
I think you missed the point. In this business, some company always has their head up their arse and is in the industry's hot seat. Today it is Symantec with their crank in the grinder. Tomorrow it will be someone else. Someday it may even be Google. Thus be careful how much shite is thrown for tomorrow the tables could be turned.
"Google never gave Thawte permission to generate the certificates, and was irked by Symantec's sloppiness."
so someone can generate certificates for me without me even knowing? am I missing something here?
If you're a root like Symantec then yes you can. It all relies on trust - it's amazing that this system works at all to be honest .
Certificate pining can catch this sometimes. However it can also be deliberately bypassed by getting, for example, your work desktop to trust a work owned root ca. Do your internet banking on a machine you control.
In other news, grass is green. Generating fake certificates is also used by web nanny type software and the NSA to do man-in-the-middle attacks.
"...by web nanny type software and the NSA to do man-in-the-middle attacks"
The web nany software would have to install itself as a trusted certificate authority on your browser first, in which case it doesn't really need to create fake certs. Otherwise every site you visit will show a discrepency/self-signed type warning. A corporate network can do it as every PC on the network can be given a trusted certificate authority which is usually the domain certificate management server, to allow trust of local servers and sign various items.
The NSA can only do it by installing themselves as a trusted certificate authority, compromising or coercing a trusted authority.
The real power is with the OS/Browser as they ultimately decide which authorities they are going to trust or not.
"The real power is with the OS/Browser"
"The real power is with the OS/Browser as they ultimately decide which authorities they are going to trust or not." - bingo!
And that is a weak link since the software can be dirty. I don't know how all the add-ons for Firefox, Chrome, etc. work but it wouldn't surprise me if some snooping and fiddling with message packets wouldn't be possible at that level, let alone infecting the browser itself.
so someone can generate certificates for me without me even knowing?
Anyone can create any certificates they like. And anyone can sign any certificates they like.
The trick is getting someone else to trust certificates you sign. With the (half-assed, wholly-broken) public X.509 PKI, that generally means the victim has to have the root certificate for your signing chain installed as a trusted certificate.1
If you're a member of the CA club, then you've already talked major software vendors - browser and OS manufacturers - into including your root certs in their trusted collections, because who wouldn't take, say, TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 at their word? I know I trust them implicitly, so it's no surprise that Mozilla do too.
Thawte is a member of the club, so they can create any certificates they like, and sign them with one of their trusted roots, and impersonate anyone. And tough luck, losers.
1Which means, of course, that you can just ship victims a copy of your root, and use a bit of social engineering to get them to install it. But let's all pretend that can't happen.
China drops "One Blonde Policy." Average Chinese IQ plummets.
This reads like a really weird episode of Dangerous Boys. Listen. If you want to test out how garages burn, burn down your own goddamned garage. Leave me and my reputation and my garage out of your stupid schemes.
Dang and curses!
And still no DANE support in Chrome. For whatever reason. Maybe checking SHA hashes pulled from DNS records is hard?
No. Why would it? The SHA512 hash is just **extra** information that would help mitigate this attack. Its delivery by DNS need be no more secure than the IP address delivered by DNS.
Of course if you have DNSSEC as well, then all the better!
Surprised Google hasn't become its own CA by now...
It's not profitable enough and when you screw up, as root CAs often do it seems, you spend a disproportionate time in the security spotlight. Too much pain for not enough gain at a guess.
They are sort of their own CA. The kind of certificates that they get issued allow them to generate their own SSL certificates for whatever domain they fancy. They just have to make sure that they don't abuse it themselves
Symantec is so lost
Their Biz model is failing due to financial greed and they have demonstrated they are both incompetent and unreliable. They deserve to be a boot note.
This isn't a minor screw-up. This undermines the very purpose of a Certificate Authority.
I'm astonished that Google is giving them another chance, and that this isn't headline news everywhere.
There should a zero-tolerance policy for certificate authorities. Generating unauthorized certificates is a major breech of trust, and generating hundreds of them for an important and privacy-critical service such as Google is beyond any justification.
A hundred times this. I am losing trust in Google because of this. It makes me wonder, who decides that a CA is trust worthy in the first place? Millions of people implicitly trust companies like Google and Mozilla to be the gatekeepers of SSL trust. I wonder what guarantees they offer if someone is defrauded as the result a bad CA? Whilst the CA's sometimes offer protection, I believe the companies that curate the trust list should also shoulder some financial responsibility.
RE: Who controls it?
Who controls it - we do!
[The Simpsons Stonecutters]
Ha Ha Ha !