The compelled certificate creation attack

My friend Jeff has alerted me to a large hole in the SSL encryption problem: that of the compelled certificate creation attack.

Here’s how it works: your web browser comes pre-programmed to trust a number of certificate authorities. A certificate authority is an organization which vouches for an SSL-certificate being presented by a website. An SSL-certificate is designed to positively identify that a website you’re connecting to is who it says it is.

A national government intent on spying could compel one of these certificate authorities (call it ABC Certificates) to create an imposter SSL certificate (for, say, bankofamerica.com) and bless it with ABC Certificates’s stamp of approval. Because your browser trusts ABC Certificates, it will happily trust this fake certificate from bankofamerica.com. The evil national government could then surreptitiously intercept all traffic bound for the real bankofamerica.com and point it to its fake website so as to collect information. Or, it could surreptitiously insert a proxy into the SSL data stream and capture packets, with you or your browser being none the wiser.

You can read the findings of the two Indiana University researchers, Christopher Soghoian and Sid Stamm, here [PDF] on Cryptome.Org. You can also read the discussion of the vulnerability here (scroll to lower 2/3rds of the transcript).