"We are certainly not in position to answer these questions to full extent," Turktrust said in a response posted Friday on the same mailing list. "However, it is almost apparent that the agency has wanted to configure the firewall as a MITM proxy for their internal users. Our thorough OCSP [Online Certificate Status Protocol] analysis has also supported this in the sense that almost 96 percent of OCSP requests stemmed from the EGO domain."
The situation unfolded when EGO changed their firewall vendor and device model, Turktrust said. "Odds are too low that there is a malicious intent on their side. There is also no evidence at all of any other malicious use of the faulty cert."
In response to questions sent via email on Friday, a Turktrust spokesman advised this reporter to follow the discussion on the Mozilla mailing list and ask any questions there so they can be seen by the community.
Some people have called for browser vendors to revoke their trust in Turktrust's root CA certificates, a harsh punishment that was taken before in the case of former Dutch certificate authority DigiNotar that filed for bankruptcy after its own root CA certificates were removed from browsers as a result of a serious security breach on its systems.
Mozilla removed a newer Turktrust root CA certificate that had been added in the beta version of Firefox 18 and Google also said that it will update Chrome in January to no longer display Extended Validation status for certificates issued by Turktrust. However, the main Turktrust root CA certificates, including the one that was used to sign the bad sub-CA certificates, have not been removed from either browser. Both companies said that they might decide to take additional actions after further discussion.
Microsoft did not express any intention to completely remove the Turktrust root CA certificates from the Windows trusted certificate store either.
Security experts have long warned that having hundreds of certificate authorities trusted by default in browsers poses a big security risk because if any of them is compromised, it can impact the whole ecosystem. This happened when the CA systems of DigiNotar and a Comodo reseller were compromised and the attackers managed to issue hundreds of rogue certificates for popular domain names. In the case of DigiNotar, the certificates were even used to spy on a large number of users in Iran.
The existence of subordinate CAs poses even bigger risks, because they are usually not held up to the same standards as the CAs they inherit their trust from. Some CAs don't even disclose the sub-CA certificates they issue.
"I have spent the past couple of years trying to convince Mozilla to strengthen their requirements so that CAs must disclose all subordinate certificates that they have issued, so that researchers can better map the risk landscape and so that users can make more informed trust decisions and detect unexpected subordinates," Schultze said in a blog post. "They're getting closer, but it is taking an awfully long time."
In February 2012, certificate authority Trustwave revealed that it had issued a sub-CA certificate that enabled an unnamed private company to spy on SSL-protected connections within its corporate network. Trustwave defended itself by saying that this is a common practice in the industry.
"So once again we go through the process of revoking these [sub-CA] certificates and deciding how much future trust to put in Turktrust," Chester Wisniewski, a senior security advisor at antivirus vendor Sophos, said Friday in a blog post. "It is really time we move on from this 20-year-old, poorly implemented system. Whether it is the Public Key Pinning Extension for HTTP, Convergence, Trusted Assertions for Certificate Keys, or DNSSEC-TLS [technologies proposed to fix or replace the CA-based model] we've got to pick something and start implementing it."