Re: A mighty fortress is our PKI, Part III
On 2010-09-16 6:12 AM, Andy Steingruebl wrote: The malware could just as easily fake the whole UI. Is it really PKI's fault that it doesn't defend against malware? Did even the grandest supporters ever claim it could/did? That is rather like having a fortress with one wall rather than four walls, and when attackers go around the back, you quite correctly point out that the wall is only designed to stop attackers from coming in front. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
RE: A mighty fortress is our PKI, Part III
I, too, would love to get the details, but Peter is right here. The flaw he reported was in the PKI itself, not in the UI. If there were a bulletproof OS with perfect non-confusing UI, once the malware has a valid signature that traces to a valid certificate, it's the PKI that failed. As for EV being as meaningless as ordinary certificates, that's the point Peter is making. Of course, neither of them certifies the qualities of the publisher that the end user cares about. That would be too expensive and open to liability (therefore, more expensive still). But, in a verbal shell game, the CAs make it sound like someone with an expensive certificate is trustworthy (in the end-user's value system). -Original Message- From: owner-cryptogra...@metzdowd.com [mailto:owner-cryptogra...@metzdowd.com] On Behalf Of Andy Steingruebl Sent: Wednesday, September 15, 2010 4:12 PM To: Peter Gutmann Cc: cryptography@metzdowd.com Subject: Re: A mighty fortress is our PKI, Part III On Wed, Sep 15, 2010 at 8:39 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Some more amusing anecdotes from the world of PKI: Peter, Not to be too contrary (though at least a little) - not all of these are really PKI failures are they? - There's malware out there that pokes fake Verisign certificates into the Windows trusted cert store, allowing the malware authors to be their own Verisign. The malware could just as easily fake the whole UI. Is it really PKI's fault that it doesn't defend against malware? Did even the grandest supporters ever claim it could/did? - CAs have issued certs to cybercrime web sites like https://www.pay-per-install.com (an affiliate program for malware installers), because hey, the Russian mafia's money is as good as anyone else's. Similarly here - non-EV CAs bind DNS names to a field in a certificate. No more. They don't vouch for the business being run, and in any case any such audit would be point in time anyway. I suppose way back when people promised that certs would do this, but does anyone believe that anymore and have it as an expectation? Perhaps you're setting the bar a bit high? BTW - do you have pointers to most of the things you've reported? I'd love to get the full sordid details :) - Andy - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
A mighty fortress is our PKI, Part III
Some more amusing anecdotes from the world of PKI:
- A standard type of fraud that's been around for awhile is for scammers to
set up an online presence for a legit offline business, which appears to
check out when someone tries to verify it. A more recent variation on this
is to buy certs for legit businesses. One of these certs was traced back by
a security researcher who found that the scammers had obtained it through
the incredibly devious trick of shopping round commercial CAs until they
found one that was prepared to sell them a certificate.
- In a repeat of the original race to the bottom with non-EV certs, CA's have
issued EV certs for RFC 1918 addresses (!!!). What makes this particularly
entertaining is that in combination with a router warkitting attack and
Moxie Marlinspike's OCSP faking it allows an attacker to spoof any EV-cert
site.
- The list of people who have bought certificates for Apple from commercial
CAs keeps on growing (I guess Microsoft is just so five minutes ago :-).
For example one SMTP admin needed a cert for his server and wondered what
would happen if he asked for one for *.apple.com instead of his actual
domain name. $100 and a cursory check later he had a wildcard cert for
Apple. At least two more users have reported buying certificates for Apple,
and there are probably even more lurking out there - if you too have a
certificate from a certificate vending machine saying that you're Apple, do
get in touch
- There's malware out there that pokes fake Verisign certificates into the
Windows trusted cert store, allowing the malware authors to be their own
Verisign.
- CAs have issued certs to cybercrime web sites like
https://www.pay-per-install.com (an affiliate program for malware
installers), because hey, the Russian mafia's money is as good as anyone
else's.
- One of the most important things a CA needs to manage is certificate serial
numbers, because the combination { CA name, cert serial number } is a unique
identifier used in lots of security protocols to identify certs. Without
this uniqueness, you can't tell who signed something, you can't revoke a
cert, you can't... well, you get the idea. Not only have commercial CAs
issued certs with duplicate serial numbers, they've issued *CA certs* with
duplicate serial numbers. Ouch!
(When this was pointed out to the CA who did this - oops, my bad, we'll get
those re-issued for you - someone else pointed out that their OCSP
responder certs had expired, which none of the CA's clients appeared to have
noticed until then. Yeah, we'll look into fixing those too. Anything else
while we're at it?).
If anyone has any further amusing PKI stories, please get in touch, I'd love
to add a Part IV to this series.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: A mighty fortress is our PKI, Part III
On Wed, Sep 15, 2010 at 8:39 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Some more amusing anecdotes from the world of PKI: Peter, Not to be too contrary (though at least a little) - not all of these are really PKI failures are they? - There's malware out there that pokes fake Verisign certificates into the Windows trusted cert store, allowing the malware authors to be their own Verisign. The malware could just as easily fake the whole UI. Is it really PKI's fault that it doesn't defend against malware? Did even the grandest supporters ever claim it could/did? - CAs have issued certs to cybercrime web sites like https://www.pay-per-install.com (an affiliate program for malware installers), because hey, the Russian mafia's money is as good as anyone else's. Similarly here - non-EV CAs bind DNS names to a field in a certificate. No more. They don't vouch for the business being run, and in any case any such audit would be point in time anyway. I suppose way back when people promised that certs would do this, but does anyone believe that anymore and have it as an expectation? Perhaps you're setting the bar a bit high? BTW - do you have pointers to most of the things you've reported? I'd love to get the full sordid details :) - Andy - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
