After a certificate authority (CA) admitted to issuing a digital certificate that was used to monitor employees' encrypted communications, Mozilla is being asked to revoke that CA as a trusted root.
In the past, Trustwave issued a subordinate root certificate to a private company that allowed the owner to "transparently manage" employees' encrypted Web traffic. Trustwave has decided to revoke the certificate for the unnamed company and has pledged to stop issuing these types of certificates to enterprises, Nicholas Percoco, senior vice-president of Trustwave and head of Trustwave Spider Labs, wrote Feb. 4 on the company's Anterior blog. Even though Trustwave was confident the certificates issued in this context could not be stolen or abused, "events of the last year" led to the decision to stop this practice, said Percoco.
The certificate was issue to a private company, "and not to a 'government,' 'ISP' or to 'law enforcement,'" said Percoco.
The subordinate root certificate issued by Trustwave allows the owner to sign digital certificates for virtually any domain on the Internet and have it accepted by Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and other major Web browsers. It was intended to be used within a private network as part of a data-loss-prevention system, said Percoco. Employees surfing the Web would be passing through the DLP system before reaching the Website. Since the system's certificate was signing the keys, encrypted traffic from Websites secured with the Secure Sockets Layer (SSL) protocol could still be monitored by the company.
"We did not take the decision to enable this system lightly," and Trustwave took extra steps to ensure it couldn't be abused, Brian Trzupek, Trustwave's vice president for managed identity and authentication, wrote in a thread on Bugzilla, Mozilla's online bug-tracking system. The conversation was in response to a bug filed by a user asking that Trustwave be removed from Mozilla's list of trusted root certificates.
"We did not create a system where the customer could generate ad-hoc SSL certificates and extract the private keys to be used outside this device," said Trzupek.
The certificate was stored inside the system's Hardware Security Module, a device developed specifically to manage digital keys. "Once the trusted subordinate root was placed into the device, it could not be extracted," said Percoco. The unnamed customer also conducted extensive audits of its physical security to make sure there was no way the system could be moved off-premises and used to snoop on a different network.
Trustwave did not revoke the certificate because there was a problem or compromise within the customer's system, but because of "major SSL events that occurred last year," said Trzupek.
Over the summer, unknown attackers breached Dutch certificate authority DigiNotar and issued fraudulent credentials for Google Mail, Mozilla's add-on service and other sensitive sites. Comodo also was breached, but it managed to revoke the fake SSL certificates before they could be used. GlobalSign conducted an exhaustive audit after reports that it had been breached by attackers, but claimed it was secure.
Trustwave sold a certificate knowing that it would be used to perform active man-in-the-middle interception of HTTPS traffic, Christopher Soghoian, a privacy activist, said in response to Tuzupek's post. The fact that Trustwave has abandoned the practice is not enough, since the "damage is done," he said.
"With root certificate power comes great responsibility. Trustwave has abused this power and trust, and so the appropriate punishment here is death (of its root certificate)," said Soghoian.
Mozilla is still "evaluating" the incident and has "not yet decided on a course of action," Jonathan Nightingale, Mozilla's director of Firefox engineering wrote in an email. However, Nightingale praised Trustwave for revoking the subordinate certificate and encouraged other CAs with similar certificates to follow Trustwave's example.
Although Trustwave claimed this was a "common practice" within the industry, it is not clear how widespread the practice is among other certificate authorities, and very few CAs are talking. "This is a highly unusual activity," said Mark Bower, vice president of Voltage Security.
A "Hardware Provider" approached Comodo with a "sizeable offer" to issue a subordinate root certificate that could be used for "intercepting" purposes, but the company declined because "it didn't fit our philosophy of end-user protection," Melih Abdulhayoglu, president and CEO of Comodo, wrote in an email.