Two SSL certificates for one domain and MITM with a valid certificate?

N

Nikolai Fedorov2020-02-21 13:17:17

Information Security

Nikolai Fedorov, 2020-02-21 13:17:17

A hypothetical situation - an attacker took control of a domain for an indefinite period, and received a simple SSL certificate, like positivessl or letsencrypt. Those. hypothetically, at the moment there are 2 valid certificates for the same domain from different providers.

In this regard, a few questions:
1) Are there technical restrictions on issuing two or more SSL certificates from different vendors for one domain? Do vendors somehow check that the certificate has already been issued by another vendor?
2) Is a "Man in the middle" attack scenario possible, in which an attacker (suppose) poisons the DNS cache, redirects users to his server with a valid certificate, which has a proxy like mallory, and which in turn sends requests to the real "official" "server? Those. in this hypothetical situation, neither the client nor the official server can recognize MITM, because the client sees a valid certificate, the official server does not know that it is communicating with another server.
3) Is it possible to somehow find out that there are "other" certificates for a particular domain, and / or prohibit the issuance of more than 1 certificate? Is it possible to defend against the hypothetical attack in question 2 if the second certificate has been issued?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

arto, 2020-02-21
@artopp

1. no. why should i be limited in issuing certificates for my domain?
2. may therefore look at HPKP and the like.
3. https://en.wikipedia.org/wiki/Certificate_Transparency ?

E

Eugene, 2020-02-22
@yellowmew

To protect against a situation with two (or more) certificates, you can register in the CAA DNS record only those CAs that you allow to issue certificates for your domain.
Technically, this will not protect against the situation you describe, but it will complicate its implementation: if you limit the issuance of a certificate only to certain CAs, then an attacker will either have to add an entry to your DNS for another CA (the same LE) or be issued on a permitted CA. And there this domain is registered on you

V

Vitaly Karasik, 2020-02-21
@vitaly_il1

As far as I understand, the answers to #1 and #3 are that there is no reliable mechanism for today.
www.certificate-transparency.org/what-is-ct are working on it.
https://en.wikipedia.org/wiki/Certificate_Transparency
About MITM - you can do it.

C

CityCat4, 2020-02-21
@CityCat4

1. No. No. Can you imagine how the "certificate business" works? There are several monopoly firms that have created CAs and issue certificates. What gave them such an opportunity? This opportunity was given to them by the inclusion of their root certificates as trusted in all distributions of Windows, Apple, and Google. If, let's say, I had a hypothetical opportunity to pull this off - and I would become "CityCat CA" :) And so - this business is no different from the other. So I can get a certificate for nichego.net in Thawte, and another in Comodo, and another in LE - and no one will say anything, just "carry your money", especially if it's not a simple DV, but OV / EV
2. It is not only possible,
3. You can't ban anything from Thawte or GlobalSign :) - the ban hasn't grown that much :) You can protect yourself from MitM - HPKP, for example (but it does more harm than good) or manually checking the serial number of the certificate. You can also check the publisher. Serious platforms, such as QIUK - judging by the fact that they do not work through a bumping proxy - do exactly that. But here by "you" I mean the server operator. For the client, there is only one protection - to carefully look at the properties of the certificate and check not only its validity, but also the publisher - which, as always, conflicts with convenience :)