[Dshield] Self-signed certificates (was: Re: ISP's That Ignore Abuse Reports)

Stephane Grobety security at admin.fulgan.com
Thu Jun 16 08:45:26 GMT 2005


Hello jayjwa,

I didn't write that private CAs where less well maintained than "public"
CAs. I didn't write it and I don't believe it. In fact, I know that
some of the public CAs are so lousily maintained it's an outrage their
root isn't revoked on all browsers, mail client and anything that uses
X509.

But the point is not how well you manage your CA or even how well
you've protected your self-signed certificate. The problem is that, by
using a private CA, you're simply giving up on the main purpose of
these certificates: to have someone else testify that you are indeed
who you say you are.

The theory is that a public CA follows some rules as to verify who is
the person that is handed the signed certificate. This should, in
theory, guarantee that you're neither talking to a man-in-the-middle
nor to someone that doesn't have the right to the identity claimed
(wether in an email or through a domain name). When you install a new
root, what you're doing is agreeing on someone else to do that
verification for you.

Now, there is really two big problem in installing a private root CA
from someone you don't know or directly from the browser. First, you
don't really have any idea what the real certificate is supposed to
look like. Indeed, I can easily crate a root CA that poses as Microsft
corporation and would be exactly identical to MS's own root
certificate in all point except the thumbprint. You all see where this
leads...

The other problem is that you don't know that you can trust the new
root. And since you're delegating a large part of your security to the
people controlling the CA you're handling (namely, you're handling
them the right to authenticate people and company for you), you better
be sure of what you're doing. And the fact is, users simply do not
know what they are doing: it's simply too complex.

Now, that isn't to say private CAs aren't a good thing. For instance,
using such a CA for your internal communication is pretty sound. After
all, if someone gets to crack your private CA, there isn't much left
to be protected in your network, is it ? And besides the obvious cost
advantage (which isn't that obvious once you start thinking at how
much it will cost you to properly protect and operate that CA root),
there is also the fact that it allows you to be in perfect control of
to who you deliver a certificate, for what purpose and for how long.

Just a side note: I've been giving this all thing an awfully lot of
thinking lately as I am in the middle of implementing a semi-privately
held CA root in order to secure the internal payment order flow of a
large customer. In that process, I discovered more loopholes in the
whole PKI infrastructure that currently exists (based on X509
certificates) that I though where possible. And I'm not even a
cryptographer... This means that, part of the argument I made could be
refuted quite easily with examples of what's happening in reality.
Please, don't let that stop you from mentioning any of these examples
if you happen to find them.

Good luck,
Stephane

Wednesday, June 15, 2005, 1:19:27 PM, you wrote:


j> On Mon, 13 Jun 2005, Stephane Grobety wrote:

->> I would like to remember you that using self-signed certificate and
->> private CAs for anything but internal use is bad(tm).

j> My CA is better maintained that most. I've seen "server at example.com" on 
j> production sites and other such nonsense. Microsoft's own on one of their 
j> sites (can you find it?) lacks an issuer entirely. Very few know the 
j> purpose of a CRL. I issue my own certs, signed by that one, and all of my 
j> daemons, including my MTA, present one. Myself and those that visit my 
j> site or connect to my daemons have alot more trust and faith in myself 
j> than some company they've never meant, see, nor spoke with. I'm not 
j> against it, but simply because a big-name company changes $200+ for their 
j> signature does not a more secure server make. Certainly your browser 
j> alerted you to this, I've not seen one that did not. You then can make the 
j> choice yourself. Oddly enough, if it had been a plain old http connection, 
j> I doubt anyone would have said a word. The only pieces I had left out of 
j> that certificate where my state and city, which I thought was a bit 
j> personal to post in a very public place, but as my friend in the other 
j> thread has felt the need to announce this anyway, prehaps now I will 
j> include it.

j> I do not mind to connect to a site and see a self-signed cert, as long as 
j> it's done correctly. I've seen universities do it, commercial sites do it, 
j> special-interest groups do it, and so on down the line. Collect the root 
j> CA, verify it, and if it satisfies you put it with your others. It's not a 
j> Bad Idea, it's a matter of trust.




-- 
Best regards,
 Stephane                            mailto:security at admin.fulgan.com




More information about the list mailing list