Digital certificates that allow secure data exchange over the internet can survive domain ownership transfer and can open the door for malicious actions to the previous holder.
An SSL/TLS certificate relies on the public key infrastructure (PKI) model to ensure that information flows securely online. The way this works is that web servers establish a trusted connection with the client browser by presenting the digital certificate. After server authentication, the connection with the client is encrypted and sensitive information can pass through.
A couple of security researchers, Ian Foster and Dylan Ayrey, found that the validity of these certificates in some cases extends beyond the registration period of a domain. When a new owner registers the domain, the initial proprietor still holds the SSL certificate associated with it.
One of the risks is that of a man-in-the-middle (MitM) attack, where a valid SSL certificate for the domain would decrypt the communication between the web server and the client.
Another possibility is denial-of-service (DoS) when additional domain names are defined under the same certificate as subject alternative names. When an alternative site is no longer owned by the certificate user (also referred to as a “bygone domain”), “it is possible to revoke the certificate that has both the vulnerable alt-name and other domains. You can DoS the service if the shared certificate is still in use,” explain the researchers.
Checking the history of a certificate was not possible before the Certificate Transparency (CT) project launched in 2013. CT is a public framework that logs all certificates issued by public Certificate Authorities. Its database holds in excess of half a billion certificates and keeps on growing.
The duo used a sample set of 3 million domains and 7.7 million certificates to find how many pre-dated the registration of a domain and were still valid after registration expired. 1.5 million entries fit these parameters and 25% of them had not expired at the time of the investigation.
Per the rules of the Certification Authority Browser Forum, which sets industry guidelines for issuing and management of digital certificates, revocation is possible if any piece of information in the certificate is or becomes inaccurate. Unfortunately, the process is far from being simple in all cases.
The researchers purchased a bygone domain and then tried to revoke a test certificate. Many certificate operators asked for verification they could not produce.
DigiCert asked them to reply to emails delivered to addresses they did not control; Comodo required them to check account ownership; and Let’s Encrypt needed proof that they owned all the domains under the same certificate.
After pointing out the conflicts to Let’s Encrypt, the service decided to consider a policy change. Other certificate authorities may follow suit and review their security processes for revocation.
To help owners learn if their domain could be affected by problems relating to SSL certificate ownership, the duo released BygoneSSL. The tool uses publicly available DNS data and logs from the Certificate Transparency project.
Foster and Ayrey presented their findings at the Def Con hacker conference in Las Vegas. The presentation slides are available here.