Symantec tricked into removing legit certificates by security researcher
Embattled TLS certificate provider Symantec has been caught out by security researcher Hanno Böck incorrectly revoking certificates based on forged private keys.
According to a blog post written by Böck, he registered a pair of domains, received free TLS certificates from Symantec and Comodo, and created a set of fake private keys uploaded to Pastebin for each domain to send to the appropriate certificate provider, along with a request to revoke the certificate because its private key was publicly viewable.
Böck buried his fake keys among a list of genuine publicly viewable private keys, and found while Comodo did not revoke its certificate, Symantec informed him that they had revoked the entire list.
"No harm was done here, because the certificate was only issued for my own test domain. But I could've also fake private keys of other peoples' certificates. Very likely Symantec would have revoked them as well, causing downtimes for those sites," Böck wrote. "I even could've easily created a fake key belonging to Symantec's own certificate."
The security researcher said that during its revocation process, Symantec never told him why his legit certificate was being revoked, and even after he told Symantec his fake key was faulty, the certificate remained revoked.
"Symantec did a major blunder by revoking a certificate based on completely forged evidence," he said. "There's hardly any excuse for this and it indicates that they operate a certificate authority without a proper understanding of the cryptographic background."
At the present time, Symantec is wrestling with Google and Mozilla over how the Chrome and Firefox browsers will reduce their trust in Symantec-issued certificates.
When originally proposed in March, Google engineer Ryan Sleevi said that following a "series of failures" by Symantec, Google believes its users face significant risk.
"Over the course of this investigation, the explanations provided by Symantec have revealed a continually increasing scope of misissuance with each set of questions from members of the Google Chrome team; an initial set of reportedly 127 certificates has expanded to include at least 30,000 certificates, issued over a period spanning several years," Sleevi said.
"Symantec allowed at least four parties access to their infrastructure in a way to cause certificate issuance, did not sufficiently oversee these capabilities as required and expected, and when presented with evidence of these organisations' failure to abide to the appropriate standard of care, failed to disclose such information in a timely manner, or to identify the significance of the issues reported to them."
In response, Symantec promised an audit-fest that would result in greater transparency.
This week, Symantec called for the date of distrust in its certificates issued before June 2016 to be moved from the August 31 deadline to May 1, 2018.
Symantec is not the only certificate issuer in hot water with Google, as the search giant said users of StartCom or WoSign-issued certificates should replace their certificates "as a matter of urgency".
When Chrome 61 lands in mid-September, the browser will have complete distrust of the WoSign and StartCom root certificates and all certificates issued off them.
In August last year, WoSign was caught issuing fake HTTPS certificates for GitHub domains.
Mozilla published an extensive list of issues with WoSign, which included incidents of backdating certificates to avoid browsers blocking certificates using the outdated SHA-1 algorithm, and denying its purchase of StartCom.
"For both CAs, we have concluded there is a pattern of issues and incidents that indicate an approach to security that is not in concordance with the responsibilities of a publicly trusted CA," Andrew Whalley of Chrome Security said in November.