Your browser has a built-in list of trusted certificate authorities. Browsers only trust certificates issued by these certificate authorities. If you visited https://example.com, the web server at example.com would present an SSL certificate to you and your browser would check to make sure the website’s SSL certificate was issued for example.com by a trusted certificate authority. If the certificate was issued for another domain or if it wasn’t issued by a trusted certificate authority, you’d see a serious warning in your browser.
One major problem is that there are so many certificate authorities, so problems with one certificate authority can affect everyone. For example, you might get an SSL certificate for your domain from VeriSign, but someone could compromise or trick another certificate authority and get a certificate for your domain, too.
Studies have found that some certificate authorities have failed to do even minimal due diligence when issuing certificates. They’ve issued SSL certificates for types of addresses that should never require a certificate, such as “localhost,” which always represents the local computer. In 2011, the EFF found over 2000 certificates for “localhost” issued by legitimate, trusted certificate authorities.
If trusted certificate authorities have issued so many certificates without verifying that the addresses are even valid in the first place, it’s only natural to wonder what other mistakes they’ve made. Perhaps they’ve also issued unauthorized certificates for other people’s websites to attackers.
Extended Validation certificates, or EV certificates, attempt to solve this problem.
Certificate Authorities Could Be Compelled to Issue Fake Certificates
Because there are so many certificate authorities, they’re all around the world, and any certificate authority can issue a certificate for any website, governments could compel certificate authorities to issue them an SSL certificate for a site they want to impersonate.
This probably happened recently in France, where Google discovered a rogue certificate for google.com had been issued by French certificate authority ANSSI. The authority would have allowed the French government or whoever else had it to impersonate Google’s website, easily performing man-in-the-middle attacks. ANSSI claimed the certificate was only used on a private network to snoop on the network’s own users, not by the French government. Even if this were true, it would be a violation of ANSSI’s own policies when issuing certificates.
Perfect Forward Secrecy Isn’t Used Everywhere
Many sites don’t use “perfect forward secrecy,” a technique that would make encryption more difficult to crack. Without perfect forward secrecy, an attacker could capture a large amount of encrypted data and decrypt it all with a single secret key. We know that the NSA and other state security agencies around the world are capturing this data. If they discover the encryption key used by a website years later, they can use it to decrypt all the encrypted data that they’ve collected between that website and everyone who’s connected to it.
Perfect forward secrecy helps protect against this by generating a unique key for each session. In other words, each session is encrypted with a different secret key, so they can’t all be unlocked with a single key. This prevents someone from decrypting a huge amount of encrypted data all at once. Because very few websites use this security feature, it’s more likely that state security agencies could decrypt all this data in the future.