Stories with Tag SSL

• Ssl.com: DCV bypass and issue fake certificates for any MX hostname

  permalink

  Posted: 2025-04-19 18:44:17

  Verbose tl;dr

  A vulnerability was reported against SSL.com, a Certificate Authority (CA), allowing fraudulent issuance of SSL certificates for arbitrary MX hostnames. Their domain control validation (DCV) process was flawed: by setting specific TXT records, an attacker could bypass verification checks and obtain certificates for domains they didn't own, potentially enabling man-in-the-middle attacks. SSL.com confirmed and addressed the issue, revoking the fraudulently issued certificates. Mozilla subsequently added SSL.com to their CA incident database.

  This Mozilla bug report details a critical vulnerability discovered within the SSL.com certificate issuance process, potentially enabling malicious actors to fraudulently obtain SSL/TLS certificates for arbitrary mail exchange (MX) hostnames. The core issue stems from SSL.com's flawed domain control validation (DCV) procedures, specifically related to their handling of DNS-based DCV for email domains. Legitimate certificate issuance requires applicants to prove they control the domain for which they are requesting a certificate. One common method involves adding specific DNS records to the domain's DNS zone file. SSL.com purportedly offered a DCV method allowing applicants to create a specific DNS record within the _smtp._tcp service record of their MX domain.

  However, the report reveals that SSL.com's system apparently failed to properly validate the actual MX record resolution. This oversight allowed an attacker, without any control over a target domain, to create the necessary DCV DNS record on a domain they controlled, point an MX record at that domain, and successfully complete the DCV process. This effectively bypassed the intended domain ownership verification, allowing the attacker to obtain a valid certificate for the target's MX hostname, even though they held no legitimate authority over it. Such a fraudulent certificate could then be used to intercept and decrypt email traffic destined for the target domain, posing a significant security risk.

  The reporter demonstrated this vulnerability by successfully obtaining a certificate for mx.mozilla.com without having any legitimate control over the mozilla.com domain. They highlighted that this issue could affect any domain utilizing SSL.com's specific MX-based DCV method. The severity of the vulnerability was underscored by the potential for widespread email interception and the undermining of trust in digital certificates issued by SSL.com. The reporter strongly urged prompt action to address this flaw and revoke any potentially fraudulently issued certificates.

  • SSL
  • TLS
  • Certificate Authority
  • CA
  • SSL.com
  • Domain Control Validation
  • DCV
  • MX Record
  • Hostname
  • Fake Certificate
  • Security Vulnerability
  • Bugzilla
  • Mozilla
  • Phishing
  • Spoofing

  Summary of Comments ( 58 )
  https://news.ycombinator.com/item?id=43738485

  Verbose tl;dr

  Hacker News commenters discuss the severity and implications of the SSL.com vulnerability, with some downplaying its impact due to the requirement of compromising an email account first. Several highlight the unusual nature of DCV through email, questioning its security compared to other methods like DNS or HTTP. The discussion also touches on the complexities of certificate issuance and the potential for abuse, with one commenter suggesting the core issue lies in the CA's trust and the difficulty of verifying domain ownership reliably. Others point out that this vulnerability isn't new and express frustration with the slow response from CAs. The conversation also drifts towards the broader issue of CA trust and the need for better systems, with some suggesting decentralized solutions. Finally, a few comments mention the irony of a security company like SSL.com having such a vulnerability.

  The Hacker News post titled "Ssl.com: DCV bypass and issue fake certificates for any MX hostname" (https://news.ycombinator.com/item?id=43738485) has several comments discussing the implications of the vulnerability described in the linked Bugzilla report.

  Several commenters express surprise and concern over the severity of the vulnerability, allowing the issuance of fake certificates for arbitrary MX hostnames. One commenter highlights the potential for significant damage, noting that email servers could be impersonated, leading to interception of sensitive information. The ease with which the vulnerability could be exploited is also mentioned, emphasizing the risk it posed.

  The discussion delves into the technical details of the vulnerability, with commenters explaining how the Domain Control Validation (DCV) process was bypassed. Specifically, the comments mention how ssl.com's system misinterpreted specific responses, allowing an attacker to claim control over a domain they didn't own. The conversation also touches upon the complexities of properly implementing and securing the various DCV methods.

  Some commenters question the responsibility of Certificate Authorities (CAs) in preventing such vulnerabilities, suggesting more rigorous checks and validation procedures. The impact on trust in the certificate ecosystem is also a point of discussion, with concerns raised about the potential erosion of user confidence in online security.

  One commenter questions the response time and transparency of ssl.com in addressing the issue. Others speculate on the potential motivations and technical capabilities of actors who might exploit such a vulnerability.

  The comments also explore the broader implications for email security and the challenges of maintaining a secure online environment in the face of constantly evolving threats. The vulnerability is framed within the context of larger systemic issues surrounding digital certificate issuance and validation.

• TLS Certificate Lifetimes Will Officially Reduce to 47 Days

  permalink

  Posted: 2025-04-15 15:09:22

  Verbose tl;dr

  Starting September 13, 2024, the maximum lifetime for publicly trusted TLS certificates will be reduced to 398 days (effectively 47 days due to calculation specifics). This change, driven by the CA/Browser Forum, aims to improve security by limiting the impact of compromised certificates and encouraging more frequent certificate renewals, promoting better certificate hygiene and faster adoption of security improvements. While automation is key to managing this shorter lifespan, the industry shift will require organizations to adapt their certificate lifecycle processes.

  The digital security landscape is undergoing a significant shift with the upcoming reduction in the maximum lifespan of TLS (Transport Layer Security) certificates. As detailed in a blog post by DigiCert, a leading Certificate Authority (CA), the industry is moving towards a drastically shortened certificate validity period of 398 days, effectively capping it at a mere 47 days less than a year. This change, spearheaded by Apple, along with supporting browser vendors Google and Mozilla, will be enforced beginning September 1, 2024. Any TLS certificate issued after this date with a validity period exceeding 398 days will be rejected by these major browsers.

  This substantial decrease from the previous maximum lifespan of 398 days (previously reduced from 825 days in 2020) is a deliberate effort to bolster online security. Shorter certificate lifespans bring several key benefits to the digital ecosystem. Primarily, they limit the potential damage caused by compromised certificates. If a certificate is stolen or fraudulently issued, its shorter validity period reduces the window of opportunity for malicious actors to exploit it. This mitigates the risk of extended periods of eavesdropping, data breaches, or impersonation attacks.

  Furthermore, reduced lifespans encourage more frequent certificate renewals, which, in turn, promotes the adoption of automation in certificate management. Automated certificate lifecycle management streamlines the renewal process, minimizing manual intervention and the risk of human error that could lead to expired certificates and service disruptions. This shift towards automation strengthens overall security posture and ensures websites and online services maintain continuous, uninterrupted protection.

  While the transition may present initial challenges for organizations accustomed to longer validity periods, the long-term security benefits are undeniable. The move necessitates adjustments to certificate management practices, encouraging the implementation of robust automated systems. DigiCert emphasizes the importance of proactive preparation and offers guidance to organizations in navigating this change. The industry-wide adoption of shorter certificate lifespans ultimately signifies a significant stride towards a more secure and resilient internet, minimizing the impact of potential certificate compromises and promoting a more automated and efficient approach to certificate management.

  • TLS
  • SSL
  • certificates
  • Security
  • Cryptography
  • PKI
  • X.509
  • CAB Forum
  • Browser Security
  • Website Security
  • HTTPS
  • Certificate Lifetime
  • Short-lived Certificates
  • 47 Days
  • DigiCert

  Summary of Comments ( 85 )
  https://news.ycombinator.com/item?id=43693900

  Verbose tl;dr

  Hacker News users generally express frustration and skepticism towards the reduced TLS certificate lifespan. Many commenters believe this change primarily benefits certificate authorities (CAs) financially, forcing more frequent purchases. Some argue the security benefits are minimal and outweighed by the increased operational burden on system administrators, particularly those managing numerous servers or complex infrastructures. Several users suggest automation is crucial to cope with shorter lifespans and highlight existing tools like certbot. Concerns are also raised about the potential for increased outages due to expired certificates and the impact on smaller organizations or individual users. A few commenters point out potential benefits like faster revocation of compromised certificates and quicker adoption of new cryptographic standards, but these are largely overshadowed by the negative sentiment surrounding the increased administrative overhead.

  The Hacker News post titled "TLS Certificate Lifetimes Will Officially Reduce to 47 Days" generated a significant discussion with various perspectives on the implications of shorter certificate lifetimes.

  Several commenters expressed concerns about the increased operational burden associated with more frequent certificate renewals. One commenter highlighted the potential for increased outages due to expired certificates, especially for smaller organizations or those with less automated systems. They argued that while automation is possible, it's not always straightforward and can introduce new points of failure. Another commenter echoed this sentiment, pointing out the difficulty in maintaining certificates for a large number of internal services. This commenter specifically noted the challenge of convincing management to invest in automation tools.

  The discussion also touched upon the security benefits and trade-offs of shorter certificate lifetimes. Some commenters acknowledged the improved security posture resulting from reduced exposure window for compromised certificates. However, they also questioned whether the added complexity and potential for outages outweigh these benefits. One commenter suggested that Let's Encrypt's 90-day lifetime had already struck a reasonable balance between security and manageability. Another commenter questioned the actual impact on security, arguing that most certificate-related incidents are not due to long-lived certificates, but rather misconfigurations or other vulnerabilities.

  The topic of automation and tooling was central to the discussion. Several commenters advocated for robust automation as a necessary solution to manage shorter certificate lifetimes. They mentioned specific tools and services, such as certbot and ACME clients, that can facilitate automated renewals. One commenter suggested that organizations struggling with certificate management should consider managed solutions or cloud providers that handle certificate lifecycle automatically. There was also a discussion about the importance of proper monitoring and alerting systems to prevent outages due to expired certificates.

  Some commenters expressed skepticism about the motivations behind the push for shorter lifetimes. They speculated that certificate authorities (CAs) might be financially incentivized to promote more frequent renewals. One commenter jokingly remarked that CAs are "creating job security for themselves" by increasing the administrative burden on their customers.

  Finally, a few commenters offered practical advice and tips for managing certificates, such as using a centralized certificate management system and leveraging monitoring tools to track certificate expiry dates. One commenter also highlighted the importance of planning for certificate renewals well in advance to avoid last-minute scrambling and potential outages.

• How to distrust a CA without any certificate errors

  permalink

  Posted: 2025-03-06 22:28:01

  Verbose tl;dr

  This blog post explores how a Certificate Authority (CA) could maliciously issue a certificate with a valid signature but an impossibly distant expiration date, far beyond the CA's own validity period. This "fake future" certificate wouldn't trigger typical browser warnings because the signature checks out. However, by comparing the certificate's notAfter date with Signed Certificate Timestamps (SCTs) from publicly auditable logs, inconsistencies can be detected. These SCTs provide proof of inclusion in a log at a specific time, effectively acting as a timestamp for when the certificate was issued. If the SCT is newer than the CA's validity period but the certificate claims an older issuance date within that validity period, it indicates potential foul play. The post further demonstrates how this discrepancy can be checked programmatically using open-source tools.

  This blog post by Dadrian, titled "How to distrust a Certificate Authority without any certificate errors," explores a nuanced vulnerability related to Signed Certificate Timestamps (SCTs), which are crucial for ensuring the transparency and integrity of certificate issuance. The core issue revolves around the "notAfter" field within these SCTs. While a certificate itself has a validity period defined by its own "notAfter" date, the SCTs that vouch for its inclusion in a Certificate Transparency (CT) log also possess their own "notAfter" dates. The post highlights a potential scenario where a malicious or compromised Certificate Authority (CA) could issue a perfectly valid certificate – meaning the certificate's own "notAfter" date is in the future – yet manipulate the SCTs associated with that certificate. Specifically, the CA could backdate the SCTs, setting their "notAfter" dates to a point in the past.

  This manipulation wouldn't immediately trigger certificate errors in browsers or other relying parties because the certificate itself remains technically valid. However, it undermines the core principle of Certificate Transparency. Certificate Transparency logs are designed to provide an auditable record of all issued certificates, allowing for public scrutiny and detection of mis-issued or fraudulent certificates. The "notAfter" date of an SCT serves as a timestamp guaranteeing the certificate's inclusion in the log up to that specific point in time. By backdating the SCTs, the CA effectively creates a situation where the proof of inclusion in the CT log expires prematurely. This creates a window of opportunity where the CA could potentially issue other, fraudulent certificates without those certificates being reflected in the CT logs, as the now-expired SCTs no longer offer valid proof of inclusion. This undermines the entire auditability and transparency mechanism.

  The blog post details a practical demonstration of this vulnerability, showing how one can programmatically examine SCTs embedded in a certificate and compare their "notAfter" dates with the current time. This allows for the identification of certificates with potentially backdated SCTs, raising a red flag regarding the trustworthiness of the issuing CA, even in the absence of traditional certificate errors. The post concludes by emphasizing the importance of validating SCT "notAfter" dates as a critical part of robust certificate verification procedures and underscores the subtle ways in which the Certificate Transparency ecosystem can be compromised, requiring vigilance beyond simply checking for standard certificate validity. It implies that relying solely on the validity of the certificate itself isn't sufficient for guaranteeing trustworthiness and that scrutiny of associated SCTs is paramount.

  • TLS
  • SSL
  • certificates
  • Certificate Authority
  • CA
  • PKI
  • Security
  • Web Security
  • SCT
  • Signed Certificate Timestamps
  • transparency
  • X.509
  • Not After
  • Expiration
  • Distrust
  • verification
  • Cryptography

  Summary of Comments ( 43 )
  https://news.ycombinator.com/item?id=43285671

  Verbose tl;dr

  Hacker News users discuss the practicality and implications of the blog post's method for detecting malicious Sub-CAs. Several commenters point out the difficulty of implementing this at scale due to the computational cost and potential performance impact of checking every certificate against a large CRL set. Others express concerns about the feasibility of maintaining an up-to-date list of suspect CAs, given their dynamic nature. Some question the overall effectiveness, arguing that sophisticated attackers could circumvent such checks. A few users suggest alternative approaches like using DNSSEC and DANE, or relying on operating system trust stores. The overall sentiment leans toward acknowledging the validity of the author's points while remaining skeptical of the proposed solution's real-world applicability.

  The Hacker News post "How to distrust a CA without any certificate errors" sparked a discussion with several insightful comments. Many commenters engaged with the core concept of the blog post, which explored how a Certificate Authority (CA) could potentially manipulate certificates without triggering typical browser warnings.

  One commenter highlighted the difficulty in detecting this type of manipulation, emphasizing that the trust model inherently relies on the CA. They pointed out the unlikelihood of a user independently verifying the certificate chain, especially given the complexity involved. This reinforced the article's point about the potential vulnerability.

  Another commenter discussed the "certificate pinning" technique, which involves hardcoding expected certificate information into an application. While effective against the specific attack described in the article, they acknowledged that it's not a widespread solution and introduces its own set of management challenges, such as the need to update pinned certificates regularly.

  The conversation also touched upon the broader issues of trust and security in the digital landscape. One commenter expressed a general lack of trust in CAs, citing past incidents of compromised CAs and questionable practices. This sentiment resonated with other users who echoed concerns about the centralized nature of the CA system.

  Some commenters suggested alternative approaches to enhance security. One idea involved using DNSSEC combined with DANE (DNS-based Authentication of Named Entities), allowing domain owners to specify which CAs are authorized to issue certificates for their domain. Another suggestion was to explore decentralized identity solutions, moving away from the reliance on centralized CAs altogether.

  Several comments also delved into the technical details of the attack described in the article, with users discussing specific aspects of certificate validation and the potential implications for different browsers and operating systems. There was some debate about the practicality of the attack and the likelihood of it being exploited in the wild, with some arguing that the complexity involved would make it a less attractive option for attackers.

  Overall, the comments section reflected a general understanding of the potential vulnerabilities associated with the current CA system and a desire for more robust and transparent security solutions. While no single solution emerged as a clear winner, the discussion provided valuable insights into the challenges and potential future directions of certificate management and online trust.