What are the security impacts of a site that has an invalid certificate?

Asked

Viewed 880 times

29

Many Brazilian government websites often do not have valid safety certificates. Examples:

https://www.ibama.gov.br/ (expired)
https://www.ibge.gov.br/ (auto-signed, invalid URL)
https://www.funai.gov.br/ (self-signed)
https://www.brasil.gov.br/ (CA unknown: ICP-Brazil)
https://www.senado.gov.br/ (Unknown CA: ICP-Brazil, Invalid URL)

In most cases the browser says that the "root certificate of the certification authority is unreliable", and others are still simply expired. This situation is unusual on commercial websites, but from time to time I also top with one of these. And of course, I myself have some difficulty maintaining the sites I always manage with valid certificates.

Is it necessary for a site to have a valid certificate for communication with it to be safe? Why? Some of these government sites have very important functions (e.g.: IRS, Ministry of Labor, Siape...), is it safe to continue using them despite the security alert presented? (some even reach instruct the user to ignore these alerts)

It has already been suggested (by my former hosting provider) to use certificates from cacert.org rather than a self-signed, as they "are not yet recognized by the main browsers, but many systems already accept" (ie, is still invalid!). Would that be acceptable practice? Can I just tell my users to sign up for the security alert and that’s that, just like these government websites do? What impacts an invalid certificate has on a website’s security?

  • I hope some comment response from ICP Brazil, which is the problem of most of the sites mentioned, and is a problem different from those already said here: Brazil has invented a certification authority that (yet?) is not believed by the vendors of browsers currently in use, and the person is required to install the root in the hand. The question of the root ICP Brazil is one of the fundamental points to answer part of the question.

  • @Bacco I gave the example of Cacert because fundamentally it is very similar to the ICP-Brazil: both are used by a large number of sites, both are not considered "reliable" by browsers, both you have to download and install the root certificate in hand, and in both such a certificate is served by an unsafe channel. The difference between them and, say, a private CA created by a company, is that it’s easy for the company to distribute the root certificate to its employees (on a flash drive, for example), but these others are intended for the general public.

  • Relevant: "Installing a CA only for specific Omains" (see also my comment in Thomas Pornin’s reply) and "Certification Authority only for Certain Domains" (a little older, but if the information there is correct, bad news...)

  • 3

    @mgibsonbr here is a good example of how one can ask almost the same thing in a much more objective way and above all much more interesting.

3 answers

12


Is it necessary for a site to have a valid certificate for communication with it to be safe? Why?

Yes, it is. Any and all requests made over SSL require a key that is contained within the certificate. The content of the request is encrypted on the server and sent to the client, which decrypts the request using the certificate key.

When there is a problem with the certificate (unreliable, expired, etc.) the inviolability of communication is not guaranteed:

  • If the certificate is unreliable, it means that there is no way to guarantee that the key to this certificate is actually protected, as there is no way to guarantee the integrity of the certifying authority, and that it can be reproduced in a false certificate, which makes it possible for an attacker to obtain the content of their requests and to decrypt them and access their content;
  • If the certificate has expired, it means that, by some process, some attacker may be able to break the encryption and get the key. There are some methods for this. Particularly, breaking SSL is complicated and time consuming, but not impossible.

Certification authorities have their own certificate, which is called root certificate. The main certificates of certification authorities are distributed by Internet browsers.

Would that be acceptable practice? [using cacert.org certificates]

If you have a website that handles sensitive information, such as very sensitive data of financial, governmental or corporate importance, no, because browsers do not distribute the root certificate of Cacert.org, and therefore makes Cacert an unreliable certification authority.

For sites where security is needed, but not at a more critical level, I see no problem. Cacert uses a method of a network of trust between the whole community, ie, if any certificate is reported as invalid by someone in the community, the certificate is no longer accepted by it.

I can simply tell my users to sign up for the security alert and that’s it, just like these government websites do?

You shouldn’t. Analogously speaking, it is as if you have a line of people to enter a restricted place by age and do not check whether their documents are true or not.

Although SSL interception is not common in Brazil, it is still a security problem.

What impacts an invalid certificate has on a website’s security?

It does not guarantee the inviolability of the request because it does not meet the security requirements of the SSL standard. That is, it is not guaranteed that the information circulating between you and the server cannot be intercepted and read.

  • "For sites where security is needed, but not on a more critical level, I see no problem." But what does that mean? That if a site displays an invalid certificate alert, but I see that the certificate came from Cacert.org, I can trust this site as long as it doesn’t do anything important? What’s the difference between doing this or simply not using any certificate? (i.e. using http only)

  • By the way, I agree with what you said about expired certificates, but about the "unreliable" I have a different impression: it is not that the key inside the certificate may not be protected, but rather that this key may be the key of someone else not the owner of the site I want to access. Because it doesn’t matter to the attacker to copy someone’s public key if he doesn’t have the private key, but to put the key his in place of the real key, so that the victim communicates with him and not with the original site.

  • 1

    That last attack you mentioned @mgibsonbr is man-in-the-Middle: http://stackoverflow.com/a/14907718/2236741

  • 1

    On your question, the correct one would be to guide the user to install the Cacert root certificate on your machine and the problem would be solved (not to warn of the invalidity of the certificate). The problem is precisely this: this requires a manual action that does not guarantee the inviolability of the process. The man-in-the-Middle, pointed out correctly by @Cantoni, says exactly that.

  • About "If a website displays an invalid certificate alert, but I see that the certificate came from Cacert.org, can I trust that site as long as it doesn’t do anything important?" , I would not say important but sensitive, and that can be answered with a question: "How serious is the interception of this data by an attacker?".

  • 2

    "The problem is precisely this: this requires a manual action that does not guarantee the inviolability of the process." I agree, if I simply tell users "go to the Cacert website and download the X certificate" they won’t be protected - because the Cacert website itself does not have a valid certificate (i.e. signed by a recognized CA), so it cannot be relied on as sensitive an action as "installing a root certificate". And anyway, when asking for the installation of a cert. new root I would be demanding that.

  • 2

    @Thanks for the link, by the way the linked reply summarizes very well my biggest criticism to the ICP system as a whole ("even if you pay for a high-confidence certificate, your site will not be in any way locked to your certificate, you would need to trust in all os Cas no browser customer since any of them could generate a fake certificate to their website that would be as valid as [the real].").

Show 2 more comments

9

If a website is intended for the general public, the only way to guarantee the authenticity of communication without manual intervention is through a valid certificate. Using an invalid certificate is only marginally better than using nothing - as it reduces the chances of anyone on the network monitoring (eavesdrop) communication without anyone noticing, especially on open networks such as public Wi-Fi.

Clarifying: even with an invalid certificate the client/server communication is confidential and complete (because the communications channel is encrypted appropriately). Just can’t be sure that you are communicating with the right server... View the question "How HTTPS (SSL) works?" for more details.

To gypsy response already touches on the main points (including problem of installing new root certificates manually in the browser). I will only complement with the last item not mentioned:

it is safe to continue using them despite the security alert presented?

In general, no, because as explained "browsers do not distribute the root certificate of Cacert.org, and that therefore makes Cacert an unreliable certification authority". The same goes for ICP-Brasil. Without knowing if the root certificate is reliable, there is no way to differentiate between the authentic certificate and a forged one. And even if the user manages to obtain the true certificate in some other way, "the correct one would be to guide the user to install the Cacert root certificate on their machine".

To make matters worse, many government websites do not even use the ICP-Brazil, but a signed certificate. The reasons for this are unknown, but the fact is that some of these sites need to be accessed to perform sensitive operations, and we can not do opt-out (a recent example is eSocial, although this falls in the previous case of ICP-Brazil).

What to do then? Currently not much, but there are some options:

  • Open the site on a few different days, on some different computers, and check the fingerprint of the same (their signatures). When you are confident that there are no problems with the certificate - i.e. the same certificate was displayed every time, and there were no reports of intrusions in that period - add an exception to that specific certificate, so that future visits will no longer show the security alert. If the certificate changes, stay tuned and repeat the process, because it may just be a periodic change (e.g., the old one is about to expire) but it may be an interception attempt;
    • Note: this can be done both for the self-signed and those anchored in ICP-Brazil.
  • Do the same with the root certificate of ICP-Brazil, or maybe try to get it by a safer means, and then install it in the list of Certification Authorities. It is a more "extreme" form of the previous one - because in doing so it happens to trust the ICP-Brasil as much as other Cas, which allows them to sign certificates for arbitrary domains;
  • Use a different certification template. The design Convergence, for example, uses a set of "notaries" to together determine the authenticity of a site. The idea is that although running a single Mitm is feasible, making multiples simultaneously and in different parts of the internet is much more difficult. That way, a user could see a certificate automatically check with one or more notaries if they are also seeing the same certificate, and if everyone (or most of them, is configurable) agrees, then we are probably connecting to the right site. Unfortunately, the moment I write that answer, this project is half dead...

But the ideal thing for those who are providing a website that needs or would benefit from encryption is to obtain a certificate from one of the globally recognized Cas. For despite all the problems is the safest way we have available to the general public, without relying on complicated and risky manual settings.

  • 2

    For those interested, there is a basic free option here that is recognized by most browsers. I tested it on several desktop recently, and no "chiou". https://www.startssl.com/ PS: I have already renewed one of them for the second time, and there was no bureaucracy. Unlike a "free" around that are only three months and only renew if you pay. It is the tip pro Ibama!

  • @Bacco I use this one too. I didn’t mention it in the question, but after trying Cacert and seeing that the problems remained, I tried this one and have been using it for many years. But it’s worth noting that only "Class 1" certificates are free - the one that validates if you actually own the domain and nothing else is worth 1 year, can’t be revoked (in other words, don’t lose!) and do not include multiple domains/wildcards. But if you pay to verify your identity, you can issue as many "Class 2" certificates as you want for the 1 year period, all of them for free.

  • 1

    I think class 1 revokes, but it costs $25 :) https://www.startssl.com/? app=25#72

  • 1

    I understood by the phrase that it is not necessary to have means to generate another, but not that it cannot. What I saw there is that you have the option to go up to 2 to generate others for free to replace. Anyway, I hope I do not need to "test" this question.

  • What would be the procedure/cost for the companies that own the browsers (Mozilla, Google, cia) include in their distributions the ICP-Brazil certificate chains?

  • @renedet Given the great power that the Certification Authorities possess, the inclusion or exclusion of an AC is something quite serious, I can’t say exactly what the procedure or cost (even because it should vary from supplier to supplier) But I suspect it’s hard and costly to do it right. Remembering that a single poorly managed or still malicious AC can compromise the security of the entire internet.

  • @renedet Speaking specifically of ICP-Brazil, I find it unlikely that it will be incorporated into major browsers even if it meets all the security requirements, simply because it is a governmental entity, and not a private company. If these companies don’t even trust their own governments to manage keys (imagine after Snowden’s complaints whether someone would trust a certificate issued by the US government...), how would they trust a CA run by a foreign government?

  • 1

    @mgibsonbr is ugly so... about startssl, it seems that Mozilla and CIA are discontinuing the inclusion of chains in the browsers, the way is to start using Let’s Encrypt

Show 3 more comments

1

Look as answered earlier answered the digital certificate has the following functions:

  • Integrity: Proves that the data has not changed
  • Authenticity: Proves the person’s authorship
  • Security : Message cannot be read if you do not have the key
  • No repudiation: The person who sent has no way of disputing that he did not send

Many Brazilian government websites often do not have valid safety certificates

This happens because the certificate has expired and has been changed. Example: The ICP has had its certificate expired and it communicates the Ac(Certifying Authorities) not to use that certificate anymore Because they switched the certificates. But as browsers do not update all the time the certificates shows that the certificate is unreliable because not the list was not updated with that continues that expired certificate

Browser other questions tagged

You are not signed in. Login or sign up in order to post.