RE: Verisign PKI: anyone to subordinate CA

From: John Howie (JHowie@securitytoolkit.com)
Date: 05/19/02


Date: Sun, 19 May 2002 14:56:06 -0700
From: "John Howie" <JHowie@securitytoolkit.com>
To: "Pidgorny, Slav" <pidgorns@anz.com>, <bugtraq@securityfocus.com>

In response to Slav's posting (below):

These are not fundamental technology problems; rather they are problems
with PKI in general, and policies and procedures belonging to the
issuing CA - in this case Verisign. I am not saying that there are no
bugs in MS Certificate Services, or in Verisign's systems and networks,
but that someone dropped the ball here (this is premised on your
description of events being accurate). If you recall, it was Verisign
who issued two code-signing certificates to someone claiming to be a MS
employee just over a year ago.

The whole concept of a PKI is based on trust. You trust the issuing CA.
If you have no faith in the issuing CA then you cannot trust any of the
certificates that they have issued, or the organizations to which they
were issued. This is not the fault of the organizations, but of the CA
itself.

Thawte's approach to certificates for individuals is interesting, with
the 'Web of Trust'. Of course, this is laughably exploitable by a
determined group of individuals and really doesn't build a 'Web of
Trust'.

While risking the wrath of many I'll venture to say that until public,
governmental, organizations (the Post Office?) act as Root CA's and
issues certificates to an organization that specifically prohibits them
from acting as a Subordinate CA to other organizations, or to
individuals, we won't see much trust in PKI for the foreseeable future.
Remember that you can have a PKI that issues certificates without
knowing what the matching Private Keys are (a fact ignored or
misunderstood by most).

Until then, expect to see a rise in the number of organizations acting
as their own CA's with self-signed CA certificates, which are just fine
if all you want to do is ensure secure communications between employees.
In all honesty a self-signed certificate is no less secure than one
issued by a CA whose Root CA certificate is included with your OS or
browser, it is just that it is not backed by a policy or insurance. And
it is cheaper.

John

-----Original Message-----
From: Pidgorny, Slav [mailto:pidgorns@anz.com]
Sent: Saturday, May 18, 2002 11:01 PM
To: 'bugtraq@securityfocus.com'
Subject: Verisign PKI: anyone to subordinate CA

G'day Bugtraq,

Microsoft Security Bulletin MS01-017
(http://www.microsoft.com/technet/security/bulletin/MS01-017.asp)
inspired
me to do some testing. Here are the results:

1. I configured Microsoft Certificate services to act as a standalone
subordinate CA. A request for a CA certificate was generated.
2. I sent this request as a request for a Web server SSL certificate.
3. The Verisign test CA did not complain upon processing this request.
It
generated and signed the certificate.
4. I installed the certificate to MS Certificate Services and start the
CA
service.
5. From now on, I effectively have a signed CA certification. Any
generated
signatures from this point will have a certification path leading to the
root CA.

I only used Verisign test root CA in my test. The steps above can
probably
be repeated using Verisign production root CA, resulting the situation
whereas I'm becoming a subordinate CA to Verisign trusted root without
letting them know.

Thawte test CA also signs the CA certificate submitted as a Web server
certificate, but MS Certificate Server refuses to install the
certificate as
the CA certificate. The difference between Verisign and Thawte
certificates
is the Basic Constraints field. If I would be using OpenSSL tools
instead of
MS Certificate Server, I can probably disable all the checks against the
CA
certificate.

Any thoughts? Do you think it's a security problem?

Regards,

S. Pidgorny, MS MVP, MCSE

DISCLAIMER: Opinions expressed by me is not necessarily my employer's,
it is
not intended to be formal and accurate. Neither myself nor my employer
assume any responsibility for any consequences.

P.S. Many thanks to Dave Ahmad for the discussion leading to this post.



Relevant Pages

  • Error
    ... I have your WS 2008 PKI and Certificate Security book. ... These surfaced when trying to publish my root ... CertUtil: A referral was returned from the server. ...
    (microsoft.public.security)
  • Digital sign a driver for XP and Vista
    ... My company has just bought a Class 3 certificate from Verisign to digitally sign some drivers. ... The driver is made up by a .inf file, a .sys file and a .dll file. ... SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3 ...
    (microsoft.public.development.device.drivers)
  • Re: RSA vs AES
    ... > Verisign, MS took the extra burden of issuing a critical patch to ... > those stolen root CAs. ... if any of these other keys ever got compromised ... ... BBN Certificate Services ...
    (sci.crypt)
  • Re: Your digital ID name cannot be found by the underlying security system
    ... This morning I received email from VeriSign indicating that apparently I ... Although I do not have a private key recovery feature, ... replaced the certificate 3 times already and still it will not work. ...
    (microsoft.public.outlook)
  • Re: One Post to Sum It All Up
    ... Herb Martin commented ... >> Just an FYI, here's how much they cost from Verisign, ... the problem is certificate compatibility in the ... if the root is trusted all ...
    (microsoft.public.win2000.dns)