Trustwave to escape 'death penalty' for SSL skeleton key
Moz likely to spare certificate-confession biz same fate as DigiNotar
Analysis Trustwave's admission that it issued a digital "skeleton key" that allowed an unnamed private biz to spy on SSL-encrypted connections within its corporate network has sparked a fiery debate about trust on the internet.
Trustwave, an SSL certificate authority, confessed to supplying a subordinate root certificate as part of an information security product that allowed a customer to monitor employees' web communications - even if the staffers relied on HTTPS. Trustwave said the man-in-the-middle (MitM) gear was designed both to be tamper-proof and to work only within its unnamed client's compound. Despite these precautions, Trustwave now admits that the whole approach was misconceived and would not be repeated. In addition, it revoked the offending certificate.
Trustwave came clean without the need for pressure beforehand. Even so its action have split security experts and prompted calls on Mozilla's Bugzilla security list to remove the Trustwave root certificate from Firefox.
Death sentence debate
Critics claimed that Trustwave had enabled its client to issue arbitrary SSL certificates for any domain - this is in violation of Mozilla's policy against "knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates". Trustwave sold a certificate knowing that it would be used in man-in-the-middle eavesdropping of encrypted information, an insecure practice that it ought to have never used in the first place.
Researcher and privacy advocate Christopher Soghoian weighed into the debate on Mozilla's list with the case for the prosecution.
"Trustwave sold a certificate knowing that it would be used to perform active man-in-the-middle interception of HTTPS traffic," he wrote. "This is very very different than the usual argument that is used to justify 'legitimate' intermediate certificates: the corporate customer wants to generate lots of certs for internal servers that it owns.
"Regardless of the fact that Trustwave has since realized that this is not a good business practice to be engaged in, the damage is done."
Soghoian concluded: "With root certificate power comes great responsibility. Trustwave has abused this power and trust, and so the appropriate punishment here is death (of its root certificate)."
Those defending Trustwave suggested that other vendors probably used the same approach for so-called "data loss prevention" environments - systems that inspect information flowing through a network to prevent leaks of commercially sensitive data. It would be wrong to impose a death sentence on Trustwave as a certificate authority after it came clean and abandoned the MitM digital certificate technique, the counterargument goes.
"Personally, I think Trustwave should be commended for being the first CA [certificate authority] to come forward, admit to, and renounce this practice of issuing unrestricted 3rd-party sub-CAs," Marsh Ray, a researcher and software developer at two-factor authentication service PhoneFactor, wrote in the Mozilla debate.
"When I read Mozilla's policy, and the CA/B Forum baseline requirements, I see enough wiggle room in there that someone might plausibly claim that some agreed-upon scenarios for MitM certs was not prohibited by the agreement. In fact Geotrust was openly advertising a 'Georoot' product on their website until fairly recently.
"Those who are advocating Trustwave's removal from the list would seem to be of the belief that Trustwave was somehow alone in this practice. As I do not hold that belief, I think it would be a mistake to continue to threaten Trustwave and discourage other CAs from coming forward at this time."
Trustwave fights backs
In a statement, Trustwave said it supplied the skeleton-key digital credential authority to a private customer - not an ISP, government or law enforcement agency - adding that the technology could not have been used outside the private network to which it was supplied. A Trustwave representative, Brian Trzupek, expanded on this explanation a little during the debate on the Mozilla list.
Trzupek said the "single subordinate root system" technology was supplied as a one-off "issued to a enterprise customer for use on their internal network - with network usage policies presented to users". He said that the decision to stop offering the technology, which he stressed was supplied with stringent safeguards, was made in light of concerns raised by the Comodo and DigiNotar hacks last year. He wrote:
We did not create a system where the customer could generate ad-hoc SSL certificates AND extract the private keys to be used outside this device. Nor could the subordinate root key ever get exported from the device. The system was used only for routing internal corporate traffic and not in any other way. In addition, our on-site audit focused on physical security and controls around the appliances to ensure that the boxes could not be physically taken from the facility to be placed on other networks to route traffic there.
The system is not being revoked because of any type of compromise or issue with the the trust of the system. The system is being revoked in light of the major SSL events that occurred last year, as we have decided to no longer enable this system or any systems of this type in the future.
Last year hackers broke into the systems of Comodo and DigiNotar, granting rights to issue themselves with fake digital credentials. The fraudulent DigiNotar certificates were later used in a man-in-the-middle attack on ordinary internet users in Iran. Users in the Islamic Republic who thought they were talking directly to Gmail, Skype and other services were actually going through an intermediary who would have been able to sniff their traffic, logs at DigiNotar revealed.
Audits of DigiNotar revealed systemic security failures that prompted browser developers to revoke its trusted status, the same sanction some would like to see applied against Trustwave.
The lingering sensitivities over the DigiNotar and Comodo hacks partially explains why such severe punishments against Trustwave are even on the table.
What Trustwave has done "is a highly unusual activity, and is essentially the Holy Grail hackers are looking for", explained Mark Bower, data protection expert and VP at Voltage Security. "This is why hackers last year penetrated PKIs [public-key infrastructures] – to issue themselves bogus certificates for interception cases, for example to snoop on Gmail, which appeared to be the goal of hackers operating for the Iranian government as was reported last year."
He added: "Trustwave is also a security auditor. It’s questionable why an audit firm would be issuing digital certificates which could be potentially used by hackers if they fell into the wrong hands."
"If an organization has the ability to intercept SSL in this ‘man-in-the-middle’ situation as reported, this makes SSL useless. Who is this entity? Why did they have this capability?" Bower asked.
SSL bashers' ball
The debate over Trustwave comes hot on the heels of news that VeriSign suffered unspecified security breaches last year. VeriSign, the 800lb gorilla of the digital certificate business, hasn't said what type of attacks it suffered from, which could be anything from isolated malware infection or denial of service attacks to a more serious compromise. This lack of detail is less than helpful.
Trustwave has come clean about issuing MitM authority but it seems unlikely that it was alone in applying this approach, another source of concern.
"Unfortunately this is meat and drink for the ‘SSL bashers’ in the industry," said Calum MacLeod, EMEA director of the enterprise key and certificate management firm Venafi.
"Trustwave should be commended for making this statement public, knowing that this could result in reputation damage. I believe it is commendable that they will no longer continue this practice, but the reality is, in my opinion, that this is a common industry practice," said MacLeod.
"Most large enterprises use this approach to be able to monitor outgoing and incoming traffic, and it is common to find an assortment of technologies between a user and a web service such as DLP [data loss prevention], performance monitoring, and customer experience monitoring technologies, which are there ostensibly to help provide users and customers’ with more efficient services."
MacLeod compared the practice to the frequent recording and monitoring of calls to bank or airline call centres, a practice frequently explained in greeting messages. He called for a sense of proportion in the debate.
The Mozilla discussion, which has ran to 66 erudite and technically detailed posts, appears to be moving towards a conclusion - if not a consensus. Mozilla representative Kathleen Wilson suggested that Trustwave will escape sanction and that other certificate authorities will be given a period of grace to come clean if they are offering MitM technology. Those that fail to come forward and continue to extend the practice will be punished, Wilson warned.
"I have posted a draft CA Communication in the mozilla.dev.security.policy forum for review/discussion," Wilson wrote. "My intent is to make it clear that this type of behaviour will not be tolerated for subCAs chaining to roots in NSS, give all CAs fair warning and a grace period, and state the consequences if such behaviour is found after that grace period. There is also an action item for CAs to update their CP/CPS to make it clear that they will not issue subCAs for this purpose."
The suggested policy, if adopted, will draw a line under the Trustwave MitM certificate affair but is unlikely to restore complete faith in the digital certificate system that underpins trust in secure communications on the net. The present trust model, vital to e-commerce is well as privacy, was devised in the 1990s, and increasingly looks outmoded and outdated.
Alternative trust models - such as Convergence - remain largely experimental so we'll have to stick with multiple CAs and digital certificate to secure SSL for the immediate future, at least.
To paraphrase Supertramp it's not much of a trust system but it's the only one we've got. ®