[SSL Observatory] SSL CA compromise in the wild

[Jacob Appelbaum]

On 03/22/2011 11:01 PM, Peter Gutmann wrote:
> Jacob Appelbaum <jacob at appelbaum.net> writes:
> 
>> I wanted to start a thread about this blog post I just finished writing:
>> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
> 
> Interesting bit of detective work!  

Thank you.

> The discussion shows up (yet again) one of
> the killer problems of CRL/OCSP-style blacklisting, since you can only
> blacklist certs that you know the CA has issued, there could be arbitrary
> numbers of further certs out there that can't be revoked because the CA
> doesn't know that it issued them.

Right - in this case, I think it may be appropriate to call for an
Internet Death Sentence for the signing certificates involved. It really
does depend on the details but it's clear that the details already show
a specific motivated attacker.


> 
>> "A Certification Authority appeared to be compromised in some capacity"
> 
> It would be good to include a forward reference to the discussion further on
> to justify this, otherwise there's a potential tl;dr problem, it's hard to
> tell from the initial text that this isn't just based on a rumour somewhere.
> 

I probably should but I'm exhausted. I'll gladly take suggestions on a
paragraph. :-)

>> It seems timely to discuss a new metric for trust that is not a simple
>> boolean.
> 
> There have been endless [0] papers published on trust metrics.  In my book I
> give all of them as one mass of references specifically in order to point out
> just how much has been written, and how little it's helped.
> 

Sure. I think SSH has a good model and SSHFP records improve things.
It's not perfect but it's certainly a step up from having to trust a CA
in a few cases.

> Peter.
> 
> [0] Well, not endless, but the list of references, in the format [1][2]
>     [3]...[n], wraps around several lines.
> 
> 

Right.

All the best,
Jacob