SSL meltdown forces browser developers to update
According to Tor developer Jacob Appelbaum and a blog posting by the Mozilla Foundation, the Comodo SSL Certification Authority may have been compromised. As a consequence, criminals apparently obtained nine certificates for web sites that already existed, including addons.mozilla.org. There is no official statement on whether the situation was caused by insufficient checks during the certification process or by a breach of Comodo's infrastructure.
However, what initially appeared to be a problem for Comodo is now forcing browser developers to take counter measures and release updates. Otherwise, criminals could, for example, redirect users to a bogus Firefox plug-in page and offer them infected add-ons to install – as the page would possess a valid server certificate for addons.mozilla.org, users would be unaware, and Firefox wouldn't issue an alert. Similar attacks on online banking sites are also conceivable.
PKI infrastructures allow compromised certificates to be withdrawn, and providers can offer either Certificate Revocation Lists (CRLs) to download or an online checking service, via Online Certificate Status Protocol (OCSP). This is supposed to allow browsers to check whether a certificate that is being offered by a server is not compromised. Consequently, Certificate Authorities (CAs) have said for years that cases such as the current one are "not a problem".
So much for the theory. In practice, however, it has now emerged that CRL and OCSP queries can be blocked without triggering an alert in the browsers' default configurations. This will cause verification to fail, and users to remain unaware. Probably for this reason, Comodo has contacted all major browser developers and notified them of the serial numbers of the affected certificates. These serial numbers are now to be hard-coded into browsers as a blacklist so they trigger an alert even without CRL and OCSP.
Google had already responded last week by releasing Chrome 10.0.648.151, while the Mozilla Foundation narrowly managed to include the blacklist in Firefox 4, and the newly released Firefox versions 3.6.16 and 3.5.18 also include the list. Tor developer Jacob Appelbaum, who has been in contact with Comodo since last week, says that a mitigation pack for Internet Explorer is being put together. The update policies of Opera and Apple currently remain unknown.
The incident is further proof that the entire concept of SSL and of users' trust in the Certificate Authorities are standing on feet of clay. After all, a certificate is also considered trustworthy even if it is issued by a CA reseller based in a country to which users probably wouldn't even go on holiday for security reasons. And the promised technologies don't even work when a compromised certificate is made public. It is time to come up with a new concept – and "EV-SSL" certificates, at least, should not be a part of it .