4月 172013
 

浏览器默认信任的Root CA证书曾引起过许多次争论,如2010年Mozilla接受CNNIC Root CA证书就因为CNNIC的政府身份引发了安全方面的担忧:如果CNNIC滥用其CA信任,它可以帮助政府发动中间人攻击,解密加密流量。在Mozilla的安全邮件列表上,开发者开始讨论另一个Root CA供应商,争议是否将TeliaSonera移除出Root CA供应商列表,原因是TeliaSonera与公认的独裁或严重侵犯人权的国家和政府交往密切,开发者担心阿塞拜疆、哈萨克斯坦、格鲁吉亚、乌兹别克斯坦和塔吉克斯坦政府会利用TeliaSonera的CA监视国民,发行伪造的证书展开中间人攻击。

3月 242011
 

内容很长,大家慢慢看.

Detecting Certificate Authority compromises and web browser collusion

Posted March 22nd, 2011 by ioerror

Thanks to Ian Gallagher, Seth Schoen, Jesse Burns, Chris Palmer, and other anonymous birds for their invaluable feedback on this writeup.

The Tor Project has long understood that the certification authority (CA) model of trust on the internet is susceptible to various methods of compromise. Without strong anonymity, the ability to perform targeted attacks with the blessing of a CA key is serious. In the past, I’ve worked on attacks relating to SSL/TLS trust models and for quite some time, I’ve hunted for evidence of non-academic CA compromise in the wild.

I’ve also looked for special kinds of cooperation between CAs and browsers. Proof of collusion will give us facts. It will also give us a real understanding of the faith placed in the strength of the underlying systems.

Does certificate revocation really work? No, it does not. How much faith does a vendor actually put into revocation, when verifiable evidence of malice is detected or known? Not much, and that’s the subject of this writing.

Last week, a smoking gun came into sight: A Certification Authority appeared to be compromised in some capacity, and the attacker issued themselves valid HTTPS certificates for high-value web sites. With these certificates, the attacker could impersonate the identities of the victim web sites or other related systems, probably undetectably for the majority of users on the internet.

I watch the Chromium and Mozilla Firefox projects carefully, because they are so important to the internet infrastructure. On the evening of 16 March, I noticed a very interesting code change to Chromium: revision 78478, Thu Mar 17 00:48:21 2011 UTC.

In this revision, the developers added X509Certificate::IsBlacklisted, which returns true if a HTTPS certificate has one of these particular serial numbers:

047ecbe9fca55f7bd09eae36e10cae1e
d8f35f4eb7872b2dab0692e315382fb0
b0b7133ed096f9b56fae91c874bd3ac0
9239d5348f40d1695a745470e1f23f43
d7558fdaf5f1105bb213282b707729a3
f5c86af36162f13a64f54f6dc9587c06

A comment marks the first as “Not a real certificate. For testing only.” but we don’t know if this means the other certificates are or are not also for testing. Continue reading »