[cryptography] what has the NSA broken?

Ralph Holz holz at net.in.tum.de
Sun Sep 8 07:52:21 EDT 2013


Hi David,

>>> Most private keys are issued by, not merely certified by, the CAs.
>> Can you give numerical evidence for this claim?
>>
> Device certificates (those that go into mass manufactured products)
> typically have the CA provide both keys and cert. The back and forth of
> keygen->CSR->Sign->Return per product does not fit in the mindset of a
> manufacturer.
> 
> I suspect this is more certs than all the web site certs put together.

An interesting point, certainly. Two caveats, both of which I have to
systematically verify for SSL, however (I have already verified them for
SSH):

1) Mass-produced devices like to use default keys - Heninger et al.
showed that quite conclusively last year. I.e. we are not looking at
distinct certificates, and not such ones for private use. I can verify
that with our latest scan of today, which was IPv4-wide. It will take me
a bit to wade through the subjects, issuers, SKID and AKID.

2) On the same line: why have a device key signed by a CA anyway if you
are going to use it for all devices of one line?

3) When we look at distinct certs, I am not so sure that your argument
"more than all Web certs put together" still holds. Again, I need a
moment to check that.

Ralph

-- 
Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
Phone +49.89.289.18043
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF


More information about the cryptography mailing list