[Cryptography] The EFF 650 CAs lie

Florian Weimer fw at deneb.enyo.de
Sun May 3 03:14:11 EDT 2020

* jamesd:

> The basic problem with certificates is that a very large number of 
> entities can cook up a man in the middle certificate.  Have man in the 
> middle certificates been observed in the wild?

| Mozilla Foundation Security Advisory 2013-117
| Mis-issued ANSSI/DCSSI certificate

| Google notified Mozilla that an intermediate certificate, which
| chains up to a root included in Mozilla’s root store, was loaded
| into a man-in-the-middle (MITM) traffic management device.  This
| certificate was issued by Agence nationale de la sécurité des
| systèmes d'information (ANSSI), an agency of the French government
| and a certificate authority in Mozilla's root program.  A
| subordinate certificate authority of ANSSI mis-issued an
| intermediate certificate that they installed on a network monitoring
| device, which enabled the device to act as a MITM proxy performing
| traffic management of domain names or IP addresses that the
| certificate holder did not own or control.
| The issue was not specific to Firefox but there was evidence that
| one of the certificates was used for MITM traffic management of
| domain names that the customer did not legitimately own or control.
| This issue was resolved by revoking trust in the intermediate used
| by the sub-CA to issue the certificate for the MITM device.


If I recall correctly, certificate pinning in Chrome found a bunch of
such cases over time.  In order to discover them, it is necessary to
run something on the network that is subject to interception, it is
usually not possible to find these interception certificates by
scanning the public Internet.

More information about the cryptography mailing list