There have been quite a few more news stories about the attack on the Dutch Certificate Authority [CA] DigiNotar, which I wrote about in the previous post. I’ll try to summarize some of the new information here.
The Dutch Government, which had used DigiNotar to implement some certificates for government use, has issued a fact sheet (in English) on the incident. It summarizes the facts in the incident and the government’s response.
- The Dutch government denounces trust in certificates issued by DigiNotar.
- After an intrusion in DigiNotar systems, probably several hundred fraudulent certificates were issued.
- A fraudulent certificate for google.com is actually used by attackers.
- There are no Dutch government certificates among the known fraudulent certificates.
- Visitors of websites might get warning messages that websites can no longer be trusted.
- Server-to-Server communication that is based on DigiNotar certificates can be disrupted.
- The Dutch government has taken over operational management from DigiNotar
The fact sheet also has links to a list of the Common Names (domain names) for which fraudulent certificates were issued. There is also a downloadable, more comprehensive version of the fact sheet [PDF].
The Freedom to Tinker blog, hosted by the Center for Information Technology Policy [CITP] at Princeton University, has a post on the DigiNotar incident by Steve Schultze, Associate Director of the CITP. As he notes, the evidence strongly suggests that DigiNotar was not a satisfactory CA.
It appears that DigiNotar did not deserve to be trusted with the responsibility to to issue certifying SSL certificates, because their systems allowed an outside hacker to break in and issue himself certificates for any web site domain he wished.
One of the things about this incident that is very troubling is that the successful attack was not detected for a month, during which time the attacker issued a large number of bogus certificates; after DigiNotar became aware of the problem, it waited almost two more months before disclosing the incident publicly. Arguably, the disclosure was only made when DigiNotar was forced to do so.
Indeed, DigiNotar seems to have intended never to disclose the problem, and was only forced to do so after a perceptive Iranian Google user noticed that their connections were being hijacked.
Perhaps the most disturbing aspect of this incident is that it makes clear, once again, that the current security model used to support SSL./TLS security on the Web has fundamental flaws, which fall, as Schultze points out, into four broad areas. [The italicized category descriptions are his; the summary explanations are mine.]
- Too many entities have Certificate Authority powers. There are, literally, thousands of entities in the world that can issue certificates. Some of these are “top-level” authorities, like DigiNotar, but others have authority delegated to them by a top-level CA. As far as I know, there is no comprehensive list of certificate issuers.
- The current system does not limit damage. Under the existing system, a CA or its delegates can issue certificates for any domain. Thus DigiNotar can issue certificates for Google, or for the CIA.
- Governments are a threat. Many government agencies are implicitly trusted to issue certificates. It is not clear that the governments of all countries deserve this level of trust.
- We need to step up efforts on a fix. I think it is extremely unlikely that DigiNotar is the only CA that is currently compromised. We just don’t know about the others yet.
Finally, a new diary entry at the SANS Internet Storm Center reports that a Belgian CA, GlobalSign, has temporarily stopped issuing certificates in order to investigate a potential security breach. The action was prompted by an anonymous post on an Internet forum; the poster claimed to be responsible for the DigiNotar attack, and to have also gained access to GlobalSign. The company’s press release says:
GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete.
As the SANS diary says, there is no evidence at this point, other than the forum post, that GlobalSign has actually been compromised.