Bulletproof TLS Newsletter #39
Trustico debacle shows risk of key generation by resellers
29 March 2018
Author: Hanno Böck

This issue was distributed to 44,216 email subscribers.

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space.

In this issue:

  1. Trustico debacle shows risk of key generation by resellers
  2. Short news

Trustico debacle shows risk of key generation by resellers

Several events related to certificate reseller Trustico have caused questions to arise about the practice of certificate sellers that generate keys for their users.

Jeremy Rowley from Digicert reported on the Mozilla security policy mailing list that he was asked by Trustico to revoke a large number of former Symantec certificates. Symantec was bought recently by Digicert after browser vendors made plans to distrust existing Symantec certificates. Trustico is a certificate reseller that used to sell Symantec certificates and has switched to Comodo certificates.

Rowley refused to revoke the certificates without signs of a compromise, mentioning that one such sign would be revealing the private keys of those certificates. After that, Trustico provided Rowley with keys for most, but not all, of the certificates he was asked to revoke. Subsequently, the certificates belonging to those private keys were revoked.

As it turned out, Trustico kept a large number of private keys that were used when users bought certificates on its web page. It’s been a common practice of some certificate authorities and resellers to generate keys for their users, though doing so is quite controversial.

It isn’t necessary for a certificate authority to have access to a private key. A safer and established way of creating certificates is that a user generates a private key and a certificate signing request (CSR), but some feel this method is too complicated. Trustico explicitly advertised that they can provide certificates without CSRs.

After these events unfolded, some people checked the Trustico web page for security vulnerabilities, and someone found a trivial script-injection vulnerability that allowed executing commands on the server with root permissions.

Although certificate authorities are required to perform audits and have quite strict rules to follow, there are no such rules for resellers. However, it should be noted that none of these events impacted the security of the ecosystem as such. Resellers like Trustico usually don’t have direct access to certificate-issuance and domain-validation systems and thus cannot issue malicious certificates or compromise keys for anyone but their own customers.

Short news