Bugtraq mailing list archives
Re: Verisign PKI: anyone to subordinate CA
From: George Capehart <gwc () capehassoc com>
Date: Sun, 19 May 2002 10:52:55 -0400
"Pidgorny, Slav" wrote:
<snip>
me to do some testing. Here are the results: 1. I configured Microsoft Certificate services to act as a standalone subordinate CA. A request for a CA certificate was generated. 2. I sent this request as a request for a Web server SSL certificate. 3. The Verisign test CA did not complain upon processing this request. It generated and signed the certificate. 4. I installed the certificate to MS Certificate Services and start the CA service. 5. From now on, I effectively have a signed CA certification. Any generated signatures from this point will have a certification path leading to the root CA. I only used Verisign test root CA in my test. The steps above can probably be repeated using Verisign production root CA, resulting the situation whereas I'm becoming a subordinate CA to Verisign trusted root without letting them know. Thawte test CA also signs the CA certificate submitted as a Web server certificate, but MS Certificate Server refuses to install the certificate as the CA certificate. The difference between Verisign and Thawte certificates is the Basic Constraints field. If I would be using OpenSSL tools instead of MS Certificate Server, I can probably disable all the checks against the CA certificate. Any thoughts? Do you think it's a security problem?
If I am to understand that you had to do nothing to convince Verisign (or Thawte for that matter) that you really were who you claimed to be, and with no information about the policy under which the certificate was issued, I'd say, yes, that is a security problem. Disclaimer: The observations I am about to make are based on no data whatsoever and on the very little information available above. Ready, shoot, aim. ;> There are two issues that come to mind immediately that seem to warrant further discussion: the registration process(es) and the contents of the certs and how MS deals with it. Firstly, there didn't seem to be much in the way of an identification step in the registration process. This may be because you were using the test CA(s) rather than the production ones. One would hope that before the "real" CAs signed anything, they would go to a little more trouble to verify that you are who you said you were. Secondly, there is the way MS handles certs and in particular how they deal (or do not deal) with Basic Constraints. See Peter Gutmann's must-have X.509 Style Guide for more information. It can be found at: http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt My 0.02 -- George W. Capehart "We did a risk management review. We concluded that there was no risk of any management." -- Hugo Mills <hugo () carfax nildram co uk>
Current thread:
- Verisign PKI: anyone to subordinate CA Pidgorny, Slav (May 19)
- Re: Verisign PKI: anyone to subordinate CA George Capehart (May 20)
- <Possible follow-ups>
- Re: Verisign PKI: anyone to subordinate CA Muller Zsolt (May 20)
- RE: Verisign PKI: anyone to subordinate CA John Howie (May 20)