Over the weekend, the Google Online Security Blog issued a brief alert. "Late on December 3rd, we became aware of unauthorized digital certificates for several Google domains. We investigated immediately and found the certificate was issued by an intermediate certificate authority (CA) linking back to ANSSI, a French certificate authority. Intermediate CA certificates carry the full authority of the CA, so anyone who has one can use it to create a certificate for any website they wish to impersonate."
There is no suggestion that anything illegal occurred, only that it was improper and could potentially lead to illegal behavior. Nevertheless, Google immediately blocked the certificate in Chrome, notified other leading browsers, and referred the issue back to ANSSI.
ANSSI is the Agence nationale de la sécurité des systèmes d’information; that is, the French cyberdefense agency – so concern over possible government surveillance would be natural. "ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network," explained Google. In other words, the purpose (since the inspection was done 'with the knowledge of the users' on a private network) was not merely acceptable, but possibly even a laudable approach to improving security.
Nevertheless, it was improper behavior by ANSSI, which it later put down to human error. In its own statement, it wrote, "As a result of a human error which was made during a process aimed at strengthening the overall IT security of the French Ministry of Finance, digital certificates related to third-party domains which do not belong to the French administration have been signed by a certification authority of the DGTrésor (Treasury) which is attached to the IGC/A. The mistake has had no consequences on the overall network security, either for the French administration or the general public. The aforementioned branch of the IGC/A has been revoked preventively."
Paul Ducklin, writing in Naked Security, explains that while the intention of the ANSSI intermediate certificate may not have have been a bad thing, the method of implementing that intention certainly was. A certificate that had validity beyond the private network was obtained; which if lost, could be used in man-in-the-middle attacks. But there is a 'right way'.
"If you are setting out to do content filtering, and you are determined to scan your users' HTTPS traffic, don't try to cheat by finding a CA that will mint you an intermediate certificate for the purpose," (which is what happened here) he suggests. "Do the right thing: mint your own root CA and make your own company's browsers trust it, so that if there is a certificate leak from your company, it doesn't affect the rest of the world as well."
Meanwhile, other leading browser vendors have responded rapidly to Google's alert. Microsoft issued a security advisory yesterday. "Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store." Microsoft has blocked the offending certificates.
Mozilla also issued an alert and blocked the certificate. Kathleen Wilson, owner of Mozilla’s CA Certificates Module and Policy, explained the potential problems. "An intermediate certificate that is used for MITM allows the holder of the certificate to decrypt and monitor communication within their network between the user and any website without browser warnings being triggered. An attacker armed with a fraudulent SSL certificate and an ability to control their victim’s network could impersonate websites in a way that would be undetectable to most users. Such certificates could deceive users into trusting websites appearing to originate from the domain owners, but actually containing malicious content or software." Mozilla has also blocked the certificate.