Disclosing the private key in this blog post was extremely irresponsible. Although the certificate has been revoked, revocation basically doesn't work[1], so for practical purposes this key will usable for MitM until it expires on Mar 19, 2016. Hopefully browser vendors will push out updates that explicitly blacklist it (Chrome is pretty proactive about this, not sure about other browsers), but that won't help non-browser clients or users running out-of-date browsers.<p>If you ever do this, please, please destroy the private key immediately. There are other ways to prove you had possession of it, such as by signing something with it.<p>[1] <a href="https://www.imperialviolet.org/2014/04/29/revocationagain.html" rel="nofollow">https://www.imperialviolet.org/2014/04/29/revocationagain.ht...</a>
This exact attack was used on obtain a certificate for login.live.com, Microsoft's single sign on site used by millions of people, in 2008 by Mike Zusman. See <a href="https://books.google.co.uk/books?id=fQOLBAAAQBAJ&pg=PA88&lpg=PA88&dq=login.live.com+mike+zusman&source=bl&ots=sFdqVRylJ4&sig=21jZ5C4rGZ_eMtX8dt-Myzwhoks&hl=en&sa=X&ei=rooNVaefCsieywOh5IGQCg&ved=0CCgQ6AEwBA" rel="nofollow">https://books.google.co.uk/books?id=fQOLBAAAQBAJ&pg=PA88&lpg...</a><p>Domain validated SSL was always a bad idea. Disclaimer: I sell EV SSL validation.
Of all the CAs my browser trusts, <i>any single one</i> of them can compromise the entire web by fucking up and issuing bad certificates.<p>I have no say in which CAs I "trust", since my list has to match the list that site owners pick from. Site owners have no benefit from picking better CAs on the list over worse CAs also on the list, because my browser trusts them the same.<p>How could <i>anyone</i> think this is a good system!?<p>[Edit: and yeah, things like cert pinning can mitigate the damage a bit. That's not enough to make a bad idea suddenly a good idea, and it only took approximately forever to start being implemented.]
When another Dutch ISP launched in 1998, I was able to register the root@ email address and a friend of mine got info@. It took them over one year to figure out that they might want to take those away from us.<p>Surprising to hear that this is still possible all those years later, especially with an ISP like xs4all.nl. Those guys always had a good reputation, security-wise. I see they still have the tradition that you get an apple pie for responsible disclosure (<a href="https://www.xs4all.nl/over-xs4all/beleid/responsibledisclosure/" rel="nofollow">https://www.xs4all.nl/over-xs4all/beleid/responsibledisclosu...</a>). So bon appetit!
Is there any way to discover a list of SSL certs that have been issued for a domain?<p>The problem here is, once someone has shown that they could receive emails for administrator@yourdomainname, you have no idea how many SSL certificates they bought, and from which CAs.<p>Even if they publish a blog post about it and show you a certificate, surely your domain is now compromised? You can revoke that certificate, but how do you know that was the only one they obtained?<p>From this point on, all you know is that your domain name is potentially compromised and there's nothing you can do to fix it...
Imo the problem is of the issuer. They only opens holes by doing this kind of things. Imagine if you already secured the admin@domain.com and tomorrow the issuer thinks that admin-ssl@domain.com could be used for validation. Now what, you should keep up with their updates every hour?
The most mind boggling aspect of PKI is that certs for a CN is not globally exclusive.<p>Hell even something as broken as DNS has one and only one place to find each domain's authoritative SOA record
This is why self-signed certificates are more secure than CA-signed certificates. When you expand the trust model to include three parties rather than two, it gets much more complex and vulnerable.<p>If I see a self-signed certificate from CitiBank, I know that the counterparty <i>claims to be CitiBank</i>. That's all I know. When I receive a Verisign-signed certificate from CitiBank, I know a party <i>claiming to be Verisign</i> claims that the counterparty is CitiBank. That doesn't realistically help me much.
What happens if you try admin@xxx using an unicode homoglyph, i.e, the letter "a" in "admin" being the Cyrillic letter "а", U+0430 instead of U+0061 ?
I've never seen a provider of SSL certificates (or any other service) allow you to "prove ownership" of a domain by receiving an email.<p>Even from the early days of email, it has <i>never</i> been the case that a majority of a domain's email addresses were assigned to owners of the entity.<p>That is just absolutely insane.