The use of sub-CA certificates issued by trusted CAs for SSL traffic inspection is considered dangerous because if such a certificate gets stolen it can be used in man-in-the-middle (MITM) attacks to intercept traffic outside of private networks on the Internet.
In 2012, Mozilla said that issuing sub-CA certificates to third parties for traffic inspection is unacceptable and asked CAs to revoke certificates issued for this purpose. In February 2013, the software developer updated its CA Certificate Policy to improve the accountability for the intermediate CA certificates.
The policy change requires CAs to implement technical constraints for sub-CA certificates issued after May 15, 2013, or to publicly disclose such certificates and subject them to the same audits as their root CA certificates. The technical constraints the policy refers to include the name constraints extension that can be used to restrict a sub-CA certificate's usage to a particular domain name.
CAs received a grace period until May 15, 2014, to update their sub-CA certificates issued before May 15, 2013.
"The intermediate CA was not yet constrained, but there is a plan to implement such limitations," Picart said. "We are currently under the process to review all the intermediate CA issued by IGC/A in order to make sure this incident cannot happen again."
It's not clear whether the misused intermediate CA certificate was issued before or after May 15, 2013, and ANSSI did not share this information. The date could indicate whether the agency violated Mozilla's new policy or not.
"I think that's what everyone is now waiting to see," Ivan Ristic, director of application security research at security firm Qualys, which runs the SSL Labs and SSL Pulse projects, said via email. Assuming the certificate was only used internally, no one externally could have seen it, he said.
Mozilla did not immediate respond to a request for comment.
Ristic believes that preventing sub-CA certificate abuse going forward will require a combination of technical and policy-based measures.
"First, we need to get Public Key Pinning widely supported and have the violations reported," he said. "That, in combination, with clear rules that the use of public CAs is not allowed for MITM, will hopefully do it."
Public key pinning is a browser feature that caches information about legitimate SSL certificates used on visited websites, so that if traffic interception is attempted in the future using rogue certificates, the browser would be able to detect and block those attempts. A version of this feature is already implemented for some high-profile websites in Google Chrome, but is being considered as an Internet standard.
Policy-based restrictions need to be backed by enforcement, Ristic said. They won't work unless browser and operating system developers are prepared to temporarily or permanently revoke their trust in root CA certificates for violations, he said.
Sign up for CIO Asia eNewsletters.