Analysis reveals the most common causes behind mis-issued SSL/TLS certificates

We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen.

Researchers from Indiana University Bloomington have analyzed 379 reported instances of failures in certificate issuance to pinpoint the most common causes as well as systemic issues that contribute to these happening.

About public key certificates

A public key certificate (aka digital certificate) proves that an individual, entity or a device is the rightful owner and user of a public key. They are issued by certificate authorities (CAs), which function as a trusted party both for the owner of the certificate and those who rely on it being legitimate (e.g., visitors to HTTPS-based web sites).

CAs are obligated to follow certain guidelines for the issuance and management of public key certificates, but failures happen and can have serious consequences for all stakeholders and end users.

What did the research reveal?

The Public Key Infrastructure was conceived to be trusted. As the researchers pointed out, “its cryptographic foundation is solid, the role of each participant is defined, the hardware is mature and applications program interfaces are widely used.”

But there are issues that can weaken that trust: breakable algorithms (due to technological advances), and vulnerabilities arising from algorithm implementation or the business systems or processes that support the issuance of digital certificates.

The analysis revealed that the most common causes of incidents/failures related to CAs in the PKI network are:

• Software bugs
• CAs’ failure to comply with baseline (CA/Browser Forum) requirements or those of Root Programs (e.g., those of Microsoft, Apple, Google, Mozilla, Oracle, Adobe, etc.)
• CAs placing their own interest over compliance with the above mentioned requirements (e.g. backdating of digital certificates, issuing certificates for MITM attempts, issuing of rogue certs).

StartCom, WoSign, DigiCert, PROCERT and Comodo (recently rebranded as Sectigo) top the list of problematic CAs, followed by QuoVadis, VISA, GoDaddy, Certum, Camerfirma and SwissSign.

The entire paper is well worth a read, as it goes into great detail and also includes some of the most notorious cases of CA misbehavior in the last ten years or so, as well as a helpful timeline of main events in PKI history.

The researchers’ conclusions

One of the conclusions that the researchers reached is that, as things stand now, Root Program’s owners have tremendous power in the PKI network and they should use it to penalize those CAs that put their welfare over that of the Public Key Infrastructure.

“With just their independent decision they can end the business of a CA, especially if several Root Program’s owners are aligned with the revocation’s posture,” they noted.

“Given that they are also the owners of the web browsers, they are judge, jury and executioner in the network. On the other hand, if a misbehavior is detected in a CA but not all the program’s owners agree with a mass removal of it, a removal by a sole owner may have a negative impact on this owner given the potential loss of customers that that decision may carry; therefore, if there is no consensus between Root Program’s owners, CAs may keep with their miss-practices.”

They have also proposed several solutions for CAs and Root Program Owners to implement to improve trust in PKI.

But, ultimately, they put forward that a cleaner PKI scheme without so many parties whose decisions balance between bringing trust to the network or to be more profitable could be a better option for the future.

“After all, today PKI’s network relies on these entities, and we as end users are obliged to trust in them without any viable alternative,” they added.