On Wednesday, July 2, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by the National Informatics Centre (NIC) of India, which holds several intermediate CA certificates trusted by the Indian Controller of Certifying Authorities (India CCA).
The India CCA certificates are included in the Microsoft Root Store and thus are trusted by the vast majority of programs running on Windows, including Internet Explorer and Chrome. Firefox is not affected because it uses its own root store that doesn’t include these certificates.
We are not aware of any other root stores that include the India CCA certificates, thus Chrome on other operating systems, Chrome OS, Android, iOS and OS X are not affected. Additionally, Chrome on Windows would not have accepted the certificates for Google sites because of public-key pinning, although misissued certificates for other sites may exist.
We promptly alerted NIC, India CCA and Microsoft about the incident, and we blocked the misissued certificates in Chrome with a CRLSet push.
On July 3, India CCA informed us that they revoked all the NIC intermediate certificates, and another CRLSet push was performed to include that revocation.
On July 3, India CCA informed us that they revoked all the NIC intermediate certificates, and another CRLSet push was performed to include that revocation.
Chrome users do not need to take any action to be protected by the CRLSet updates. We have no indication of widespread abuse and we are not suggesting that people change passwords.
At this time, India CCA is still investigating this incident. This event also highlights, again, that our Certificate Transparency project is critical for protecting the security of certificates in the future.
Update Jul 9: India CCA informed us of the results of their investigation on July 8. They reported that NIC’s issuance process was compromised and that only four certificates were misissued; the first on June 25. The four certificates provided included three for Google domains (one of which we were previously aware of) and one for Yahoo domains. However, we are also aware of misissued certificates not included in that set of four and can only conclude that the scope of the breach is unknown.
The intermediate CA certificates held by NIC were revoked on July 3, as noted above. But a root CA is responsible for all certificates issued under its authority. In light of this, in a future Chrome release, we will limit the India CCA root certificate to the following domains and subdomains thereof in order to protect users:
Update Jul 9: India CCA informed us of the results of their investigation on July 8. They reported that NIC’s issuance process was compromised and that only four certificates were misissued; the first on June 25. The four certificates provided included three for Google domains (one of which we were previously aware of) and one for Yahoo domains. However, we are also aware of misissued certificates not included in that set of four and can only conclude that the scope of the breach is unknown.
The intermediate CA certificates held by NIC were revoked on July 3, as noted above. But a root CA is responsible for all certificates issued under its authority. In light of this, in a future Chrome release, we will limit the India CCA root certificate to the following domains and subdomains thereof in order to protect users:
- gov.in
- nic.in
- ac.in
- rbi.org.in
- bankofindia.co.in
- ncode.in
- tcs.co.in
I don't think 'Certificate Transparency' is all it is made out to be.
ReplyDeleteWhy Google has abandoned enforcing certificate revocation via OCSP and CRL, is beyond me. You are the only ones with the position to get the CA's to return revocation information in a timely and meaningful manner - why not do that instead?
Once CT is running, it will just be THAT much easier for all CA's and CA resellers to just tie to that system and market to all the users of those certs (thusly annoying everyone more than they do already with their scanning to get the same data). At least with scanning there is some barrier to entry and time required to do the task...
Why not Hash the domains in CT and only allow 3rd parties to request the presence of the domain via hash (or something similar)? The way it is now, you are just providing SSL Selling Parties a direct marketing list. Google seems smarter than that...
Anyway, glad that this India NIC event seems reasonably well contained, in Chrome, at least. What actions has MSFT taken to limit impact on IE users?
Could you please clarify what do you mean by Google Domains?
ReplyDeleteI would like to know whether other rogue certificates found under CCA. Also, whether the others were also issued by NICCA or some other authority under CCA, and if so, which one.
ReplyDeleteUm. So is Google still formally opposed to cert revocation checks?
ReplyDeleteIf we could migrate over to DANE, we could do away with this entire CA structure. There would be no need to "trust" these hundreds of (possibly corrupt, possibly hacked) CA:s spread over the entire world.
ReplyDeleteA good first step would be to get DANE support (back) in Chrome ;)
Do you know SSLCop ? http://www.security-projects.com/?SSLCop
ReplyDeleteGoogle, when will you start using DNSSEC (http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) and DNS-based Authentication of Named Entities (DANE, RFC6698) to combat such "attacks"?
ReplyDeleteHello,
ReplyDeleteI was wondering how you detected the rogue certificates?
Thanks.
Could you do this for most CAs where they have an obvious scope, especially those operated by country governments?
ReplyDeleteCCA India confirms that suspension and revocation of NIC CA has been reverted from there end but still on Chrome SSL issued by NIC and other DSCs are not working on chrome and IE. My question to Google is that why Chrome is still not allowing it...
ReplyDeleteThanks
Kaushlesh Kumar
don't think 'Certificate Transparency' is all it is made out to be.
ReplyDeletedigital certificate