[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail

Rob Stradling rob.stradling at comodo.com
Tue Sep 20 01:56:30 PDT 2011 

This year, we've seen 2 types of approach to revocation:

1. "Normal" revocation (CRLs and OCSP Responses published by the CAs).
2. "Emergency" revocation (Certificate Blacklists published by the Browsers).

Comodo-gate: All 9 of the mis-issued certificates were promptly marked as 
"revoked" in CRLs and in OCSP Responses within a few hours of being issued.  
All of the attacker's movements were sufficiently logged, resulting in the CA 
being confident that no other certificates were mis-issued to the attacker.  The 
compromised application-level account was quickly suspended.  The incident was 
disclosed to the major Browser Vendors promptly.
In short: The CA regained control, the CA didn't lose the trust of the Browser 
Vendors, and "Normal" revocation should have been enough to ensure that end-
users were not left vulnerable to MITM attacks.
But instead, the Browser Vendors had to resort to "Emergency" revocation 
because the "Normal" revocation mechanisms could have been subverted by the 
attacker in various different ways.

DigiNotar-gate: Numerous certificates were mis-issued, not promptly detected 
and not promptly marked as "revoked" in CRLs and in OCSP Responses.  The CA 
failed to log what happened, failed to disclose the incident for many weeks, 
and couldn't be sure that they'd identified every cert that the attacker had 
mis-issued.
In short: The CA completely lost control, lost the trust of the Browser 
Vendors, and relying on "Normal" revocation would've been like rearranging 
deckchairs on the Titanic.  "Emergency" revocation was absolutely necessary.

So I think we need both types of revocation, but they both need to work better 
than they currently do.
"Normal" revocation needs to be improved so that it is sufficient in cases where 
the CA regains control.
"Emergency" revocation needs a more coordinated, scalable approach.  (See [1] 
for some thoughts from PHB and me).

On Friday 16 Sep 2011 09:28:56 Peter Gutmann wrote:
<snip>
> For example given that an attacker who compromises a CA can add their own
> AIA to the fraudulent certs it mints that point to an attacker-controlled
> responder with another fraudulent cert that "authenticates" any response (or
> simply leave out the AIA, so there's no responder to check), it doesn't
> matter what the rest of the infrastructure does.

Perhaps this would be classed as a scenario from which the CA cannot regain 
control.  And if so, it wouldn't be a problem that "Normal" revocation would 
need to consider.

<snip>
> I would really like to see a proper threat model for this.

I realize I probably haven't achieved that with this post.

> What are we defending against?

State-level attackers.  And we should expect them to persist in their efforts.


[1] https://bugzilla.mozilla.org/show_bug.cgi?id=685286 (the "Proposal for 
establishing an emergency response format based on OCSP and DNS/CAA" 
attachment)


Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Observatory mailing list