Home » Internet, Privacy & Security

Comodo compromise demonstrates need for DNSSec migration

By 23 March 2011 6 Comments

Comodo, a company you probably never heard of which holds one of the many master keys to the Internet’s SSL X.509 Public Key Infrastructure (PKI) system, admitted that their root certificate authorities have been compromised by attackers.  Those attackers issued themselves SSL certificates for seven companies including Google, Skype, and Yahoo so they can fully masquerade as one of the seven companies with legitimate looking SSL certificates.  Comodo responded by revoking those certificates, but that won’t offer full protection until every device on the planet replicates the revocations and we have only Comodo’s word that more certificates haven’t been compromised.

This attack highlights a much more fundamental problem with X.509.  A lot of large companies will say “oh but we use more reputable certificate authorities for SSL”, but it doesn’t matter because the fundamental weakness of X.509 allows any one of the many certificate authorities to compromise the entire SSL PKI system.  Any nation (including rogue states) have access to the master keys.  Anyone willing to spend around $40,000 can simply buy themselves access to a root certificate (essentially a “master key”) that would allow them to create any SSL certificate they desire.  Although the terms of the root certification signing authority contractually forbid buyers from abusing their root certificate, it’s a useless trust based on the honor system.

DNSSEC is a new secure Domain Name System (DNS) that also has the ability to replace the fundamentally weak X.509 PKI system.  DNSSEC security is vastly more secure because of the following design principles.

  • Only the DNSSEC roots have master keys.  By comparison, there are dozens of root authorities for X.509 and anyone with $40K or anyone who compromises one of the many root authorities have access to the master key.
  • Each DNSSEC root doesn’t have a full master key.  The .com root can’t sign for the .ca or .cn root.
  • DNSSEC delegates limited signing authority to each domain owner.  Each domain owner can sign their own certificates for their own servers and users, but they can only sign it for their own domain which eliminates the threat of cross-domain signing abuse possible with the current X.509 PKI system.
  • Domain owners don’t need to pay hundreds of dollars for each server or user certificate like the current X.509 PKI racket.  Not only does this save companies money, it removes barriers for the adoption of secure communications.  Certificate Authority companies should earn their money providing services of value, not signing a few bits for customers who had no choice before DNSSEC.


  • Paul William Tenny said:

    Domain owners don’t need to pay hundreds of dollars for each server or user certificate like the current X.509 racket. Not only does this save money, it removes barriers for the adoption of secure communications.

    Sounds like a pretty good (not that kind of good) reason why we’ll never move to DNSSEC.

    I guess Dreamhost must be one of those $40k people because they offer their customers $10 SSL certs. I’m sure they aren’t the fancy ones that give you the pretty color bars (green/blue for Firefox), and I’m sure you can’t take it with you off Dreamhost. But still, it’s $10 from a host like that or what, $300-600 for a one from a company that only sells certs?

    “Racket” sounds about right.

  • George Ou (author) said:

    Losing the cert racket is certainly one reason companies will resist DNSSEC, but DNSSEC is already deployed. Now we only need software to take advantage of it and bypass the cert authorities.

    The $40K root CA is only for signing your own domains. You have the technical ability to sign for any domain, but you’re contractually prohibited from doing so.

    There are lots of cheap CAs out there offering $10 to $20 certs which is the reason the industry came up with a new racket called Extended Validation certificates.

  • Dietrich said:

    Nice George.

  • Paul William Tenny said:

    So EV certs aren’t more safe or trusted from a security standpoint?

  • George Ou (author) said:

    @Paul William Tenny

    The EV certs require more background checks on the company applying for the certificates. But the weakness of the current X.509 PKI system is that too many cert authorities (CAs) have the master key and when the CAs get compromised, every certificate they ever handed out is suspect and it makes the whole system weak.

    The point of DNSSEC is that the CAs aren’t in the business of handing your certificates unless you outsource your certificate signing to them. Normally you handle certificate signing for users and machines internally rather than letting anyone with a root CA sign it.