Microsoft has updated their Certificate Trust List (CTL) after the private key for xboxlive.com was leaked to the Web. The company didn’t explain how the leak happened, but the exposed certificates were immediately revoked and replaced.
Patrick Hilt, CTO of MIRACL explains why this is still an issue despite Microsoft revoking the exposed certificates:
“This incident underscores a fundamental architectural flaw inherent to the design of PKI, which is the security infrastructure that underlies digital certificates — that whoever holds a certificate authority’s root key can issue a legitimate certificate to perform a man in the middle attack, decrypting traffic that is meant to be secured between a client and a server.
The commercial digital certificate industry in general, is broken, and it needs to be replaced. This latest incident is just one of many whereby the commercial certificate authority’s position as a single point of trust is causing serious problems.
We believe that Microsoft took the correct steps for a short-term solution by “updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of the certificate.” Unfortunately it’s just mitigation. Older versions of Windows don’t automatically update the CTL unless CTL updater service is manually installed, which will leave some machines open to a MITM attack.
In the long term, the tech industry must realize that PKI isn’t fit for purpose since the single entity holding the root key can have such an adverse impact on the trust relationship with end users. We need a paradigm shift towards distributed trust. Under such a paradigm, compromise of one of the trust roots will not enable an attacker to implement an attack.”
Note: “We are currently working with a small group of impactful partners to bring that future forward and would welcome others into our collective effort. http://www.miracl.com/