I strong recommend reading, or at least skimming:
- Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL by Christopher Soghoian and Sid Stamm
I have known this attack is possible for some time—and have even performed this attack in consentual environments without an intermediate certificate.
These types of attacks are simple to implement in principle, but difficult to execute because root certificates are well controlled by root certificate authorities. This is changing, however, since well-known certificate authorities will provide signed intermediate certificates for a price—or—perhaps a writ from a judge. I will compile CAs providing this service on this blog entry as I find them. For now, this is a start:
With that, I recommend the use of Certificate Patrol to be aware of the problem; Certificate Patrol is also available here.
Update Thu Sep 23 22:53:25 PDT 2010
I find it interesting that Google is now a CA that my browser trusts:
http://www.gstatic.com/GoogleInternetAuthority/GoogleInternetAuthority.crt
Click here and view the certificate rendered:
https://sandbox.google.com/checkout/view/buy?o=shoppingcart&shoppingcart=
This is not good, bad, or otherwise. It simply shows the state of trust on the Internet. Google can sign any “common name” into existence and have it trusted by all modern browsers.
-Eric