Certification Authorities Behaving Badly

edited September 2 with an update on Apple/Safari.

Another case of a certification authority (CA) issuing a certificate they never should have has surfaced. You may remember when we discussed the Comodo incident earlier this year. Now, a certificate issued by DigiNotar has surfaced in the wild, being valid for *.google.com – meaning it could be used to secure any transaction with any Google web property, including GMail. According to this pastebin post, this certificate “is being used in the wild against real people in Iran *right* now.” DigiNotar has issued a statement. Here is some information about why this is bad, and what steps you should take to remove this issuer from your trust lists.

What does this mean?

SSL, or TLS, is used to perform two things. First, it provides authentication of the web server to the web browser. (It can optionally provide authentication of the browser to the server, too, but that’s less common.) This means that the web browser knows that it is talking to a trusted web server and can share sensitive information with it. Second, it provides transport-layer encryption, so that the communications between the web browser and the web server are encrypted. This means that other parties cannot read what is being sent between the server and browser. This is widely used for most logins, because you don’t want your username and password being sent to the server “in the clear”. Anything sent “in the clear” can be read by anyone else on your network (or within range of your wireless network), or by anyone on any network that your traffic is routed through between you and the server.

In this case, a fraudulent certificate has been issued for *.google.com by a certification authority which is completely trusted by most modern web browsers. This means that the web browser will see this certificate, consider it valid for all traffic with Google (and GMail), and go ahead and create that little lock icon everyone has been trained to look for, which indicates your communication is secure.

Except, it’s not.

Google does not own this certificate. Google did not pay for this certificate. Therefore, when you communicate using this certificate, it’s not with Google. It’s with whoever managed to get that certificate issued, which according to the pastebin, is by groups wishing to do harm to individuals in Iran.

Personally, I don’t want to take a chance on whether it might be used against me, as well.

What should I do about it?

It is my opinion that issuance of a certificate such as this is an unforgivable sin.  Certification authorities must have the appropriate technical controls, and checks and balances, to prevent this from ever happening. There are plenty of certification authorities out there, and it is time to remove this one from my system and all systems I manage.

The good news is that the browser manufacturers also think this is a bad thing and are rushing to put together information on how to ensure you won’t trust this certificate.

• Mozilla is updating Firefox, Seamonkey, Thunderbird, and others to remove this; they also provide a link for manual removal.
• Apple hasn’t stepped up with information about it yet that I can find. If you’re running a Mac OSX machine, you should set your system to never trust the Diginotar certificate. Run Keychain Access, and on the left choose your “login” keychain. Down below, choose “All Items”. Then in the search box, search for DigiNotar. You should see one or two results for DigiNotar Root CA. Double-click it. Expand the Trust arrow, and where it says “When using this certificate:” choose Never Trust. Close the window and you will likely be prompted to enter your password to update the login keychain. Repeat for all occurrences of DigiNotar certificates. Update: It’s worse than I thought. This method does not work for EVSSL certificates in Safari. See this link for more information. Stay tuned for any updates Apple might make about this, a patch to Safari is probably necessary.
• Microsoft tells you you’re protected if you’re running Vista or later. If you’re not and still running XP or Windows 2000/2003, you should remove the certificate manually. The easiest way to do this is to launch Internet Explorer, and choose Tools->Internet Options. (Or just launch “Internet Options” from your control panel.) Go to the Content tab and click the Certificates button. Click the Trusted Root Certification Authorities tab. Find the DigiNotar Root CA and double-click it. (If it’s not there, you’re safe!) Click the Details tab and click the Edit Properties… button. Choose Disable all purposes for this certificate and click OK.
• Google Chrome users, you will benefit from the rapid updates to Chrome which will mark DigiNotar as untrusted. You can (should?) also take the Apple or Microsoft manual removal steps above to be sure you’re safe.

Additional good commentary (as always) from Moxie Marlinspike and Jacob Appelbaum.