Controlling a mine fire: The CA industry in 2016 and beyond

Transcript

1. Controlling the mine fire The CA industry in 2016 and

   beyond Fraser Tweedale @hackuador February 25 2017
2. None

3. This talk Overview of CA industry Explain some mishaps of

   last couple years Overview of some efforts to make things less bad Recommendations; what you can do right now

4. Certificate Authorities and TLS CAs issue certificates that bind public

   keys to domains Usually for $$$ A server presents its certificate during TLS handshake Client (browser) validates certificate against trusted CAs
5. None

6. What’s wrong with the CA industry? Literally hundreds of trusted

   CAs We can’t possibly audit them all properly Business model does not encourage disclosure of problems Basically it’s a shakedown
7. None

8. 2016: WoSign / StartCom Background: SHA-1 certs prohibited from 1

   Jan 20161 WoSign got caught "backdating" certs to get around this2 Several other issues failed to disclose purchase of StartCom unverified info in subject name 1https://cabforum.org/2014/10/16/ballot-118-sha-1-sunset/ 2https://wiki.mozilla.org/CA:WoSign_Issues

9. 2015: Symantec Sept 14: Symantec Thawte CA issued certs for

   google.com3 Further investigation turned up 1000s of misissued certs4 3https://security.googleblog.com/2015/09/improved-digital-certificate-security.html 4https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html

10. 2017: Symantec January 19: 108 more misissued certs discovered5 After

    2015 incidents, Symantic claimed to have implemented controls to prevent future misissuance...6 5https://www.mail-archive.com/[email protected]/msg05455.html 6https://www.symantec.com/page.jsp?id=test-certs-update
11. None

12. Let’s Encrypt - overview free, automated, publicly trusted CA domain

    validation only (this is fine) ACME protocol went live in November 2015

13. Let’s Encrypt - impact https://letsencrypt.org/stats/

14. Let’s Encrypt - impact 3rd biggest CA by certs issued7

    93% of domains never previously had a cert 47% LE certs issued to 3 hosting providers WordPress, Shopify, OVH 7https://arxiv.org/pdf/1612.03005.pdf

15. Let’s Encrypt - impact https://letsencrypt.org/stats/

16. None

17. Comodo vs Let’s Encrypt Comodo filed 3 trademark applications, Oct

    2015 ISRG had been using Let’s Encrypt since Nov 2014 Engaged Comodo privately from March 2016 ISRG went public June 23...8 8https://letsencrypt.org/2016/06/23/defending-our-brand.html

18. Comodo vs Let’s Encrypt Comodo filed 3 trademark applications, Oct

    2015 ISRG had been using Let’s Encrypt since Nov 2014 Engaged Comodo privately from March 2016 ISRG went public June 23...8 June 24: Comodo abandons applications 8https://letsencrypt.org/2016/06/23/defending-our-brand.html

19. Comodo vs Let’s Encrypt Trying to piggy back on our

    business model and copying our model of giving certificates for 90 days for free is not ethical. They clearly wanted to leverage the market of Free SSL users we had helped create and establish and that’s why they created exactly same 90 day free ssl offering. —Melih Abdulhayoglu, Comodo CEO https://forums.comodo.com/general-discussion-off-topic-anything-and-everything/shame-on-you-comodo-t115958.0.html

20. StartCom/WoSign vs Let’s Encrypt StartEncrypt announced 6 June 2016 full

    of security holes9 attacker-controlled path for DV check duplicate signature key selection attack private key mode 0666 abandoned 4 July; moving to ACME 9https://www.computest.nl/blog/startencrypt-considered-harmful-today/

21. CC BY-SA 3.0 https://commons.wikimedia.org/wiki/File:FF_Loeschuebung_mit_Mittelschaum.jpg

22. Certificate Transparency Append-only, immutable log of observed certificates Can be

    monitored by CAs themselves, domain owners, etc. Enables early detection of misissued certs, infra hijack

23. CC BY-SA 3.0 https://commons.wikimedia.org/wiki/File:Canary.jpg

24. CC BY-SA 3.0 https://commons.wikimedia.org/wiki/File:Canary.jpg

25. DANE DNS-Based Authentication of Named Entities (RFC 6698) end-run around

    the CA industry certs, CA certs or fingerprints in DNS(SEC) key endorsement rests with domain owner tradeoff: absolute trust in a DNSSEC root key

26. Browser/OS vendors flex their muscle WoSign/StartCom distrusted10 Chrome to require

    CT for certs issued after Oct 201711 Pushing to limit cert lifetimes to 13 months12 10https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ 11https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/78N3SMcqUGw/ykIwHXuqAQAJ 12https://cabforum.org/pipermail/public/2017-February/009530.html

27. What can you do about it? use, implement, support Let’s

    Encrypt use Strict Transport Security (HSTS); consider preload use key pinning (HPKP, minimal trust stores, etc) monitor CT logs for your domains deploy DNSSEC; prepare for DANE

28. Fin © 2017 Fraser Tweedale Except where otherwise noted this

    work is licensed under http://creativecommons.org/licenses/by/4.0/ @hackuador