So the premise of the question is to quantify the risk of wild card certificates

Question

So the premise of the question is to quantify the risk of wild card certificates versus regular certificates. From my research the greatest fundamental danger of wild card certificates is the possibility of compromising a weak system, getting the private keys then you can masquerade as any system. For this to work you have to compromise a system and compromise the public DNS server(assuming this is an Internet based attack) and do so before the certificate is revoked.

It occurred to me that if the requirements of certificate authorities for verifying companies validity changes, where some are easier to social engineer then others, it may discount the risk of Wild card certificates. That is, it may be easier for someone to social engineer a CA then it is to break into a system and steal the private keys. Further the named Certs may foster a false sense of security as they may be mimicked by another trusted authority. This also creates another issue where certificate revocation is out of the hands of the company, where a wildcard could utilize it.

What I have not been able to find is a standard that root Authorities must follow when verifying client domains. Is there a standard they must follow? If not does anyone know a list or site of the different verification requirements of each CA?

Thanks

Explanation / Answer

I would say that wildcard certificates do not pose more danger than a ordinary single-domain certificate, provided that the CA do really verify that the subject in question does own the whole SLD, and never issues certificates for any third-level domain if the subject cannot demostrate ownership of the whole second level domain (SLD).

For example, a wildcard certificate can present a security risk, if a CA do verify a customer at customer123.freewebhost.com and then issues a wildcard certificate for *.freewebhost.com, because the customer will then be able to impersonate other customers on the same web host and possibility MITM them.

Since the prerequisites for getting a certificate really is that you MUST own the SLD, with the exception of certain third-level domains like .co.uk that is handled like a TLD that is ".co.uk", the wildcard certificates do not present a more security risk than a ordinary certificate. Some automated domain-only CA's even prohibit .co.uk and such completely because their automated processes cannot differentiate someone claiming ownage to something.tld or claiming ownage to co.uk.

The security risk lies rather in CA's that issues intermidiate CA certificates, and do not do a proper verification. Since a intermediate CA certificate can be used to impersonate any site, a intermediate CA certificate must be issued only on a strict "need" prerequisites, eg never issue intermediate CA certificates for anyone that do not need to resell certificates to customers.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.