The state-level attack on the SSL CA security model

Danny O'Brien danny at
Thu Mar 24 17:29:13 CDT 2011

On Thu, Mar 24, 2011 at 7:09 AM, Harald Koch <chk at> wrote:
> On 3/23/2011 11:05 PM, Martin Millnert wrote:
>> To my surprise, I did not see a mention in this community of the
>> latest proof of the complete failure of the SSL CA model to actually
>> do what it is supposed to: provide security, rather than a false sense
>> of security.
> This story strikes me as a success - the certs were revoked immediately, and
> it took a surprisingly short amount of time for security fixes to appear all
> over the place.
>>  In some places, failure of internet security means people die
> Those people know that using highly visible services like gmail and skype is
> asking to be exposed...

This is definitively not true. There is no evidence of the active use
of these services (or circumvention systems to reach them) being used
as evidence or an indication that a particular target should be
detained, threatened or punished, in Iran in particular and actually
globally. I say this, because such evidence would actually reinforce
some security recommendations that I and other human rights groups
have made, so I'm always on the look out for it.

On the other hand, both gmail and Skype are used by many individuals
on the assumption that they are more secure than the alternatives
(non-SSL protected webmail or those with servers in local
jurisdictions; unencrypted instant messaging clients). You can argue
about whether these tools *are* more protective, but you certainly
can't say that these high-risk groups use them on the understanding
they can expect the same level of knowledge or retribution by their
adversaries than if these systems were openly surveillable.

A security breach like this makes the details of specific
communications readable, which also places people who do *not* use
these tools at far more risk also.

I'm personally not yet convinced that the attackers in this case were
the Iranian state; that's something that is incredibly hard to
ascertain, and I'm surprised Comodo were so quick to draw this
conclusion. Even if these attacks came from Iran, that could be for
false flag reasons, plus as others have pointed out, criminals have as
much interest in obtaining these certificates as the Iranian state --
although factions within the Iranian government could certainly be
potential clients. Other states might have an interest too. Just
because you have an organisation with CA authority within the reach of
a government doesn't mean you'd want to use those signing powers when
dealing with dissidents.

The arguments on NANOG about why non-disclosure in this case might
have been a good idea I think contribute to the debate.

Nonetheless, I'd strongly urge anyone not to assume that activists and
journalists at physical risk in states like Iran assume that risk by
using specific tools, or that major (if temporary) failures in the PKI
structure don't put them and their colleagues at far greater risk.



Danny O'Brien,
Committee to Protect Journalists

> --
> Harald

More information about the NANOG mailing list