Bulletproof TLS Newsletter #30
Leaked private keys and revocations based on fake private keys
31 July 2017
Author: Hanno Böck

This issue was distributed to 38,463 email subscribers.

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space.

In this issue:

  1. Leaked private keys and revocations based on fake private keys
  2. Controversy over TLS interception
  3. Short news

Leaked private keys and revocations based on fake private keys

Last month, we reported that Spotify and Cisco had bundled private keys for valid certificates within applications. Such certificates will be revoked according to Baseline Requirements, but applications aren’t the only source that leak private keys.

Koen Rouwhorst found various private keys belonging to valid certificates in GitHub repositories. The author of this newsletter was able to download keys via standard file names such as server.key directly from the corresponding webpages.

Baseline Requirements has a deadline of 24 hours by which certificate authorities must revoke certificates in case of a key compromise. This leads to the question of how thoroughly it would actually test such key leaks.

The author of this newsletter was able to trick Symantec into revoking a certificate without a real private key. Symantec revoked the certificate based on a fake key that looked like the correct private key when the public key values were compared without properly checking the key (see Symantec’s answer).

Controversy over TLS interception

The TLS working group is currently debating a proposal by Matthew Green about how to use static Diffie-Hellman to allow passive TLS decryption. This is a follow-up to a discussion that was started by a request from a banking organization that complained about the removal of the old RSA key exchange in TLS 1.3.

Recently, a lengthy thread on the TLS mailing list and a discussion at the IETF meeting in Prague followed the debate. The usual “humming” vote in the TLS working group led to no clear consensus.

Stephen Chekoway has written a summary of the debate. Nick Sullivan from Cloudflare covered the controversy in a talk.

Short news

Hands-on SSL/TLS and PKI training in London

Available now: The Best TLS Training in the World (with Internet PKI in Depth)

If you're a developer or a system administrator we'll teach you everything you need to know for your day-to-day work.

Join us for two days full of fun practical work!