2011 in Review: Ever-Clearer Vulnerabilities in Certificate Authority System
As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2011 and discussing where we are in the fight for a free expression, innovation, fair use, and privacy.
At EFF we are big fans of HTTPS, the secure version of HTTP that allows for private conversations between websites and the users who are browsing those websites. But a chain is only as strong as its weakest link, and in the case of the security of HTTPS, the weakest link is the hodgepodge of organizations (hundreds!) that make up our Certificate Authority (CA) system. Each "trusted" organization has the power to authenticate any website whatsoever to the end user; if any of these organizations lies or gets compromised, users are at risk. Though we've known that this system has been flawed for a while now, this year there were two attacks that acutely demonstrated just how brittle it has become.
First, in March, an affiliate of the very large Certificate Authority Comodo was tricked into issuing fraudulent certificates for popular domains like mail.google.com, login.yahoo.com, and addons.mozilla.org. Though this was detected within days and the scope of the compromise was luckily not too large, the attack put the spotlight on one major problem of the CA system: some CAs, like Comodo, are too big to fail. If the organization were to be compromised in a serious way, browsers would be faced with the extraordinary task of figuring out what certificates they could trust. Distrusting all of Comodo's certificates would mean that a significant portion of the internet would be inaccessible to users of the browser, but trusting Comodo too broadly might mean trusting some fraudulent certificates. Rock. Browser vendors. Hard place.
Second, sometime before July 10th, the CA DigiNotar was compromised, and for several months, hundreds of thousands of users—most of whom appear to be from Iran—were subject to a man-in-the-middle attack using the fraudulent certificates from DigiNotar. This is the largest known successful attack on the existing CA system to date, and a wake-up call that staying the course is totally unacceptable for the security of internet users. As our postmortem indicates, a large number of users were affected and their communications on popular sites like Gmail could be read. This time, browser vendors were able to remove DigiNotar from their respective lists of trusted CAs due to DigiNotar's relatively small size, but the attack went unnoticed for months. This was in part because of DigiNotar's lack of disclosure, highlighting the perverse incentives of Certificate Authorities in the existing scheme—another big reason the status quo is broken.
The events of 2011 demonstrate that the problems with the existing CA system are no longer academic, and we hope that there is enough momentum building to finally upgrade everyone to a more secure public key infrastructure. Our SSL Observatory project aims to collect certificates from around the web to study the problem and continues to provide some transparency as well as interesting data, but it is at best a band-aid. We hope that our Sovereign Key project will pave the way towards an effective long term solution, in 2012 and beyond.