1

So the premise of the question is to quantify the risk of wild card certificates versus regular certificates. From my research the greatest fundamental danger of wild card certificates is the possibility of compromising a weak system, getting the private keys then you can masquerade as any system. For this to work you have to compromise a system and compromise the public DNS server(assuming this is an Internet based attack) and do so before the certificate is revoked.

It occurred to me that if the requirements of certificate authorities for verifying companies validity changes, where some are easier to social engineer then others, it may discount the risk of Wild card certificates. That is, it may be easier for someone to social engineer a CA then it is to break into a system and steal the private keys. Further the named Certs may foster a false sense of security as they may be mimicked by another trusted authority. This also creates another issue where certificate revocation is out of the hands of the company, where a wildcard could utilize it.

What I have not been able to find is a standard that root Authorities must follow when verifying client domains. Is there a standard they must follow? If not does anyone know a list or site of the different verification requirements of each CA?

Thanks

Brett Littrell
  • 355
  • 2
  • 10
  • Hey All, this is all good information however these standards, when I look at them, refer to the security of the CA and not the practices used to verify the customers. The only thing that seems to refer to customer verification looks like it requires the CA to follow it's own policy when verifying, which could be a email verification or it could be a blood sample of all employees at the company. So far I do not see anything where there is a minimal requirement for verification. Am I missing something? – Brett Littrell Jan 27 '15 at 16:00

2 Answers2

5

This document can give you an historic overview of how standardisation for CAs has evolved.

EDIT:

A fragment of the document that gives a well overview:

The first requirement imposed specifically on CAs as a group was in 2000 when an annual security audit under the WebTrust for CAs standards was mandated by browsers and others with trusted root stores. See the original WebTrust audit standards available at http://www.webtrust.org/homepage-documents/item27839.aspx. These standards have been updated from time to time, so the current WebTrust audit standards are reflected in the detailed v.2.0 requirements found at the same link. Even before the first WebTrust for CAs standards in 2000, most CAs also underwent annual performance audits under SAS 70 standards (later replaced by SSAE 16 / SOC 2 / SOC 3) – and many still do in addition to WebTrust. Nearly all CAs in North America follow the WebTrust standards, but CAs in other parts of the world may be audited to the equivalent ETSI (European Telecommunications Standards Institute) audit standards – see www.etsi.org. Government CAs must submit equivalent government performance audits on a periodic basis as well.

Herson
  • 49
  • 3
1

I would say that wildcard certificates do not pose more danger than a ordinary single-domain certificate, provided that the CA do really verify that the subject in question does own the whole SLD, and never issues certificates for any third-level domain if the subject cannot demostrate ownership of the whole second level domain (SLD).

For example, a wildcard certificate can present a security risk, if a CA do verify a customer at customer123.freewebhost.com and then issues a wildcard certificate for *.freewebhost.com, because the customer will then be able to impersonate other customers on the same web host and possibility MITM them.

Since the prerequisites for getting a certificate really is that you MUST own the SLD, with the exception of certain third-level domains like .co.uk that is handled like a TLD that is ".co.uk", the wildcard certificates do not present a more security risk than a ordinary certificate. Some automated domain-only CA's even prohibit .co.uk and such completely because their automated processes cannot differentiate someone claiming ownage to something.tld or claiming ownage to co.uk.

The security risk lies rather in CA's that issues intermidiate CA certificates, and do not do a proper verification. Since a intermediate CA certificate can be used to impersonate any site, a intermediate CA certificate must be issued only on a strict "need" prerequisites, eg never issue intermediate CA certificates for anyone that do not need to resell certificates to customers.

sebastian nielsen
  • 8,779
  • 1
  • 19
  • 33