This document discusses security issues with SSL certificate validation processes that rely on email verification. Specifically, it describes how many certificate authorities would accept registration emails to common addresses like admin@domain.com, allowing attackers to potentially obtain fraudulent certificates. The document outlines the fixes made to certification policies to address this, but notes there are still avenues of abuse if certain email providers do not properly validate ownership of addresses.
SQL Database Design For Developers at php[tek] 2024
The life and times of Hanz Ostmaster: Email verification issues in SSL certificates
1. The life and times of
Hanz Ostmaster
By Hanz Ostmaster
2. Chaim Sanders
Trustwave
Security Researcher
Member of Spiderlabs Research
Web Server Security Team
Offer support, development, and consulting for ModSecurity
Supports the OWASP Core Rule Set
Work with Trustwave WAF
Rochester Institute of Technology
Professor (Cryptography and Web Security)
Prior
Security Consulting (Pentesting, Red-teaming, Code Review, etc)
Governmental Consulting
Background
3. Crypto and you
Generally speaking the area of research regarding secret
writing and methods for attacking these secret writings
has been of interest
Cryptography – Development of enciphered writings
Cryptanalysis – Attacking of enciphered writing schemes
Why do I care?
Since the mid 80’s we’ve seen cryptographic systems evolve from
tools of military interest to common usage within our daily lives.
To counter this many (governmental) organizations that have come
to rely on their ability to in some way compromise crypto.
5. Asymmetric Crypto and this talk
One of the biggest uses of asymmetric crypto into todays
infrastructure is for securing communication between
webservers
Why might this be of interest?
How do we ensure speed?
Asymmetric crypto has two very nice features
One is scale, as we previously discussed
The other is that they often have support for digital signatures
What is a digital signature.
6. What is SSL
SSL stands for Secure Sockets Layer and it is a standard security
technology for establishing an encrypted link between a server and a
client
First SSL Certificate was created in 1994 by Netscape Communications
SSL Certificate issuers are called Certificate Authority or CA’s
SSL allows sensitive information such as credit card numbers and
social security numbers to be transmitted securely
Required by the Payment Card Industry (PCI) to have an SSL
Certificate
Main component of SSL Certificates are keys which are the Public and
Private key
7. Design Requirements of Asymmetric
System
The main design requirement is that all parties trust this
Certificate Authority
Additionally, the certificate authority must only issue
certificates to legitimate hosts
The question becomes how does a CA like Symantec verify that
individuals are responsible for legitimatize hosts.
This is the interest of todays talk.
8. Host verification
There are a number of different methods that ICANN has
specified for allowing CA’s to verify users:
HTTP Validation – Can be performed by uploading a special
text/html file into the root directory of the domain name.
DNS-based validation - For this validation method you need to
create a certain CNAME record in the DNS settings of your domain.
Email Validation – Users will be validated by an email that belongs
to the domain
9. Email based authentication
Until late 2015 the email addresses that were allowed to
be specified by the CA. This might be an interesting
problem
Cert Vulnerability note 591120 (March 27th 2015)
Multiple SSL certificate authorities use predefined email addresses
as proof of domain ownership
16 certificate authorities were listed as affected (others unknown)
What is the problem
If an admin is not aware of sensitive email addresses and assigns
them this can lead to a certificate being issued for their domain
11. The Fix
Most documents including the Mozilla CA Certificate Inclusion Policy
and the CA/Browser baseline requirement documents the addresses
that can be used should be limited to those specified in RFC2142
MAILBOX NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS
The only exception is also the domain listed in the WHOIS contact
This largely solved the underlying problem but every CA in existence
needs to update their policies otherwise the issue isn’t fixed
This is mostly a problem where people can choose their own email
registration names or they are given based on a known theme. Hence
the title.
13. An exercise best left to the reader
Now all you would have to do is find a CA that still allows
registering that email address and poof mail.rit.edu SSL
cert.
15. What are these addresses
PostMaster@example.com
Reserved for SMTP
Hostmaster@example.com
Reserved for DNS
Webmaster@example.com
Reserved for Web
16. The new problem
Not everyone realizes that these addresses must be
registered when setting up a webserver that will use SSL
Or email that will use SSL, etc.
These email addresses are not well known. For instance
hostmaster is no a widely recognized email address
17. A New Twist on a New Problem
If these are registered then we are fine.
But is there a situation where we might still be able to
access other peoples email?
Where individuals might forget about this concept?
Enter Bill Stackpole
19. Breaking the bank
Mailinator is actually the only one I haven’t broken yet.
Well this isn’t strictly speaking true…
However often these are so simple where I can just search
hostmaster@xyz.com
20.
21. Other issues
Often these are slightly more secure and require that I be
clever.
However…
Often these systems will try and be intelligent about their email
address understand, but not about security
For instance, spaces, dots, null characters, etc.
24. General Fixes
Don’t allow email verification
Communication among CAs would prevent this
It will also help security as a whole
Pinning certificates
Editor's Notes
Additionally, I Lecture at RIT
Others such as sysadmin, info, is, mis, sslwebmaster etc depending on host