Certificate authority Trustwave has revoked a subordinate root certificate it issued to a company that allowed it to intercept their employees’ private email communication.
“This single certificate was issued for an internal corporate network customer and not to a ‘government’, ‘ISP’ or to ‘law enforcement’,” explained Trustwave’s security researcher Nicholas Percoco. “It was to be used within a private network within a data loss prevention (DLP) system.”
The certificate allowed the company to issue unlimited SSL certificates for any server, so that the DLP solution could create a valid certificate for any connection it tapped into while trying to do its work and prevent confidential information from being sent out from company computers.
The company has also made sure to explain that it issued the subordinate certificate after auditing the customer’s physical security, network security, and security policies, and that it was placed on a dedicated hardware device, where the fake certificates it generated were also consequently stored.
“When the system would accept an outbound SSL connection from within the customer network, and negotiate the session with the server outside the customers network, the private key for the resulting re-signed SSL certificate (that is presented to the internal network) would be generated in the HSM and only live for the duration of the SSL request,” wrote Percoco. “No party had access to the re-signed SSL certificate private keys at any time, nor could they gain access to them. This is what prevented the customer from being able to perform ad hoc issuance of certificate for any domain and use them outside of this hardware and infrastructure.”
All the same, Trustwave has stated that it will not be offering this type of certificate any more, even though they say they other CAs are also doing it.
This particular issue has long been a thorn in the side of many security experts because of the very good likelihood that such certificates can be misused by governments and law enforcement agencies to spy on users.
“It’s good that we now have a public example of such an deployment, it will help to raise awareness that we urgently need improvements for today’s SSL trust model,” commented Red Hat security and cryptography expert Kai Engert during a public discussion. “I’m not yet convinced that TrustWave should be blamed. In my opinion, if you decide to blame TrustWave, you could equally blame any CA that has issued at least one intermediate CA certificate and gave it to a different entity.［…］If anyone is to blame, it’s the company who deployed the MITM device. I hope they had informed their employees. If not, shame on them.”