Information security has become a vital part of people's life, especially for those people who spend much time online. Tons of data are being transmitted over the internet every second. These data include user ids, passwords, credit card information etc and some of them are sensitive information which needs secure way to transmit. Hence different protocols have been developed including SSL/TLS to encrypt data transmitted over the internet.
The core of these security protocols is the certificate used to prove the identity of the server and client, and keys in the certificate will be used to encrypt/decrypt messages for exchanging shared secret which is to be used to encrypt the real application data. In a HTTPS connection, the certificate will be used when the handshake is in progress and the flowchart of a SSL handshake is as follow.
Given the importance of certificate, it is extremely important to ensure the integrity of the certificate. Hence a certificate usually needs to be issued by a Certificate Authority(CA) to prove the ownership of some service. Basically a CA is a trusted entity by public which can use its root certificate to sign the certificate requests from different requester and generate corresponding certificates for them. In a secure application, a certificate will be trusted if one of the issuers in its certificate chain is trusted by CA or itself is a CA.
In modern web browsers, there is a trusted certificate store which stores a collection of the trusted CA root certificates which can be used to verify a certificate. For example, in Chrome, you can go to Settings -> HTTPS/SSL -> Manage certificates....
From above description, CA is the foundation for the whole certificate trusty process. If a CA is compromised, chaos may occur. The bad guys may issue certificate for some service which is not the actual service provider but pretend to be. This may lead people to believe that they are accessing the trusted service but they actually don't. For example, if VeriSign, one of the largest CAs in the world, is compromised and a bad guy uses it to issue certificate for github.com. Then this certificate can be used in a site which is not github.com but pretends to be github.com, then he can do whatever he wants.
Recently, there is incident involving in a CA named WoSign, a Chinese Free SSL certificate issuer, which can be compromised to issue certificate for some service which the certificate requester doesn't own indeed. Here is an incident report published by WoSign after the incident.
On or around April 23rd, 2015, WoSign's certificate issuance system for their free certificates allowed the applicant to choose any port for validation. Once validation had been completed, WoSign would issue certificates for that domain. A researcher was able to obtain a certificate for a university by opening a high-numbered port (>50,000) and getting WoSign to use that port for validation of control.
Also, Stephen Schrauger, a computer programmer and system administrator for the Michigan State University Libraries, showed how he managed to obtain a certificate for Github.com through WoSign in his blog.
These incidents will have huge impact for all the future data transmission through the internet using WoSign issued certificates. Hence browser vendors are starting to consider to remove the trust root certificate of WoSign from their trust certificate store.
Apple has responded to this incident and decides to drop off trust for WoSign certificate.
Blocking Trust for WoSign CA Free SSL Certificate G2
Certificate Authority WoSign experienced multiple control failures in their certificate issuance processes for the WoSign CA Free SSL Certificate G2 intermediate CA. Although no WoSign root is in the list of Apple trusted roots, this intermediate CA used cross-signed certificate relationships with StartCom and Comodo to establish trust on Apple products.
In light of these findings, we are taking action to protect users in an upcoming security update. Apple products will no longer trust the WoSign CA Free SSL Certificate G2 intermediate CA.
To avoid disruption to existing WoSign certificate holders and to allow their transition to trusted roots, Apple products will trust individual existing certificates issued from this intermediate CA and published to public Certificate Transparency log servers by 2016-09-19. They will continue to be trusted until they expire, are revoked, or are untrusted at Apple’s discretion.
As the investigation progresses, we will take further action on WoSign/StartCom trust anchors in Apple products as needed to protect users.
Regards,
Apple Root Certificate Program
Mozilla is now considering to drop WoSign as a trusted certificate authority,
We plan to distrust only newly-issued certificates to try and reduce the impact on web users, as both of these CA brands have substantial outstanding certificate corpuses. Our proposal is that we determine “newly issued” by examining the notBefore date in the certificates. It is true that this date is chosen by the CA and therefore WoSign/StartCom could back-date certificates to get around this restriction. And there is, as we have explained, evidence that they have done this in the past. However, many eyes are on the Web PKI and if such additional back-dating is discovered (by any means), Mozilla will immediately and permanently revoke trust in all WoSign and StartCom roots.
Google is also about to take action of this incident and publish a certificate transparency report.
Google, and other browser teams, have recently been pushing for more CAs to publish a certificate transparency report. This would be a list of all certificates generated by that CA for every single person. Domain owners could review these lists and keep an eye out for certificates generated for their domain that were unapproved.
From the responses, it's clear that how big the impact is.
In conclusion, if a CA is compromised, the consequences include
- Potential Man-In-The-Middle attacks which steal sensitive information which is supposed to be protected with SSL
- All current certificates issued by the compromised CA will be in an untrusted state and the services using these certificates may get disrupted
- All services using the compromised CA service need to find new CA service and may need to broadcast to all users for the updated certificate
- The compromised CA will get into a game over state for what they have done
- In a broader view, more new mechanisms will be proposed and designed to ensure data security over internet.