Re: Verisign PKI: anyone to subordinate CA

[George Capehart <gwc () capehassoc com>]

"Pidgorny, Slav" wrote:
>

<snip>

> me to do some testing. Here are the results:
>
> 1. I configured Microsoft Certificate services to act as a standalone
> subordinate CA. A request for a CA certificate was generated.
> 2. I sent this request as a request for a Web server SSL certificate.
> 3. The Verisign test CA did not complain upon processing this request. It
> generated and signed the certificate.
> 4. I installed the certificate to MS Certificate Services and start the CA
> service.
> 5. From now on, I effectively have a signed CA certification.  Any generated
> signatures from this point will have a certification path leading to the
> root CA.
>
> I only used Verisign test root CA in my test. The steps above can probably
> be repeated using Verisign production root CA, resulting the situation
> whereas I'm becoming a subordinate CA to Verisign trusted root without
> letting them know.
>
> Thawte test CA also signs the CA certificate submitted as a Web server
> certificate, but MS Certificate Server refuses to install the certificate as
> the CA certificate. The difference between Verisign and Thawte certificates
> is the Basic Constraints field. If I would be using OpenSSL tools instead of
> MS Certificate Server, I can probably disable all the checks against the CA
> certificate.
>
> Any thoughts? Do you think it's a security problem?

If I am to understand that you had to do nothing to convince Verisign
(or Thawte for that matter) that you really were who you claimed to be,
and with no information about the policy under which the certificate was
issued, I'd say, yes, that is a security problem.

Disclaimer:  The observations I am about to make are based on no data
whatsoever and on the very little information available above.  Ready,
shoot, aim. ;>

There are two issues that come to mind immediately that seem to warrant
further discussion:  the registration process(es) and the contents of
the certs and how MS deals with it.

Firstly, there didn't seem to be much in the way of an identification
step in the registration process.  This may be because you were using
the test CA(s) rather than the production ones.  One would hope that
before the "real" CAs signed anything, they would go to a little more
trouble to verify that you are who you said you were.

Secondly, there is the way MS handles certs and in particular how they
deal (or do not deal) with Basic Constraints.  See Peter Gutmann's
must-have X.509 Style Guide for more information.  It can be found at:

http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt

My 0.02

--
George W. Capehart

"We did a risk management review.  We concluded that there was no risk
 of any management."
 -- Hugo Mills <hugo () carfax nildram co uk>