Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mozilla changes policy to limit risk of subordinate CA certificate abuse

Lucian Constantin | Feb. 20, 2013
Sub-CA certificates will need to have technical constraints or be publicly disclosed and audited, Mozilla's new CA Certificate Policy says

This type of sub-CA certificate usage is frowned upon in the security community, because it subverts the trust of the entire SSL ecosystem. If it falls into the wrong hands, a sub-CA certificate can be used by attackers who control a network's gateway to snoop on the SSL connections of that network's users. This can even be done at the ISP level, or at national level, in countries where the government controls all Internet gateways.

Mozilla said at the time that the use of sub-CA certificates for man-in-the-middle SSL traffic monitoring, even if performed on closed corporate networks, is unacceptable. The browser maker sent an official email to all certificate authorities asking them to immediately revoke all sub-CA certificates used for such purposes and destroy the hardware security modules -- special hardware devices for storing encryption keys -- that contained them.

The generally accepted method of performing SSL traffic inspection on private corporate networks is to generate self-signed CA certificates that then deploy them on all systems and browsers within those networks, in order for them to be trusted only in those environments. This method, however, can be costly and time consuming, especially on very large networks.

The Trustwave incident was not the only case of sub-CA certificate misuse. Back in January, Google, Mozilla and Microsoft blacklisted two sub-CA certificates issued by Turkish Certificate Authority Turktrust, after one of them was used to issue a wildcard certificate for * without authorization from Google.

Turktrust said at the time that the blacklisted certificates had been issued with sub-CA status by mistake in August 2011 and were actually supposed to be regular certificates. One of them was issued to an agency of the Municipality of Ankara, which later installed it in a firewall appliance with SSL traffic monitoring capabilities.

The new version of Mozilla's CA Certificate Policy formalizes the browser maker's position on the issuing and use of sub-CA certificates and might indirectly improve security in enterprise environments, said Ivan Ristic, director of application security research at security firm Qualys, which runs the SSL Labs and SSL Pulse projects.

The technical constraints for sub-CA certificates that Mozilla refers to include the name constraints extension. This is a special extension that can be used to restrict a sub-CA certificate's usage to a particular domain name. For example, a CA can issue a sub-CA certificate with a name constraints extension that allows it to only be used to sign digital certificates for a single domain name.

This type of sub-CA certificates can be useful in corporate environments that use domain names internally and have internal SSL-enabled websites.

"In my experience many companies have lots of internal certificates and more often than not they are self-signed, they're invalid and there's no central control over who's issuing them," Ristic said. "As a result, if you visit some of these internal websites, it's often that security is not very good, the encryption keys are small and so on. If you have to use self-signed certificates every day it sort of limits the advantage of using SSL in the first place."


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.