Gmail and SSL
mysidia at gmail.com
Mon Dec 31 04:26:36 UTC 2012
On 12/30/12, John Levine <johnl at iecc.com> wrote:
> Do you ever buy SSL certificates? For cheap certificates ($9
> Geotrust, $8 Comodo, free Startcom, all accepted by Gmail), the
> entirety of the identity validation is to send an email message to an
> address associated with the domain, typically one of the WHOIS
> addresses, or hostmaster at domain, and look for a click on an embedded
These CA's will normally require interactions be done through a web
site, there will often be captchas or other methods involved in
applying for a certificate that are difficult to automate.
They require payment, which requires a credit card, and obtaining a
massive number of certificates is not a practical thing for malware to
perform, unless they also possess a mass amount of stolen credit
cards, and stolen WHOIS e-mail address contacts; on the other hand,
self-signed certificates can be generated on the fly by malware, using
a simple command or series of CryptoAPI calls.
I am aware of the procedure the CAs follow, and I am well aware that
there are significant theoretical weaknesses inherent to the
procedures that are followed to authenticate such "Turbo", "Domain
auth" based SSL certificates. (They use an unencrypted e-mail
message to send the equivalent of a PIN number, for getting a
certificate signed, in reliance of WHOIS information downloaded over
unencrypted connection: WHOIS data may be tampered with, a MITM may
be used to alter WHOIS response in transit to the CA --- the PIN
number in confirmation e-mail can be sniffed in transit, or the
contact e-mail address may be hosted by a 3rd party insecure service
provider and/or no longer belong to the authorized contact).
All of these practices have considerable risks, and the risk that
_some_ fraudulent requests are approved is signicant.
The very e-mail server the certificate is to be issued to, might be
the one that receives the e-mail, and a passive sniffer there may
capture the PIN required to authorize the certificate.
However, the procedures required to exploit these weaknesses are
slightly more complicated than simply producing a self-signed
certificate on the fly for man in the middle use -- they require
planning, a waiting period, because CAs do not typically issue
And the use of credit card numbers; either legitimate ones, which
provide a trail to trace the attacker, or stolen ones, which is a
requirement, that reduces the possible size of an attack (since a
worm, or other malware infection, won't have an infinite supply of
those to apply for certificates).
But "Does the CA's signature actually represent a guaranteed
authentication" wasn't the question.
The only question is... Does it provide an assurance that is at all
stronger than a self-signed certificate that can be made on the fly?
And it does... not a strong one, but a slightly stronger one.
> mail sent from that server. That doesn't sound like "authentication
> of server identity" to me.
More information about the NANOG