Cloudflare on Thursday acknowledged this failure, writing:
We failed three times. The first time because 1.1.1.1 is an IP certificate and our system failed to alert on these. The second time because even if we were to receive certificate issuance alerts, as any of our customers can, we did not implement sufficient filtering. With the sheer number of names and issuances we manage it has not been possible for us to keep up with manual reviews. Finally, because of this noisy monitoring, we did not enable alerting for all of our domains. We are addressing all three shortcomings.
Ultimately, the fault lies with Fina; however, given the fragility of the TLS PKI, it’s incumbent on all stakeholders to ensure system requirements are being met.
And what about Microsoft? Is it at fault, too?
There’s some controversy on this point, as I quickly learned on Wednesday from social media and Ars reader comments. Critics of Microsoft’s handling of this case say that, among other things, its responsibility for ensuring the security of its Root Certificate Program includes checking the transparency logs. Had it done so, critics said, the company would have found that Fina had never issued certificates for 1.1.1.1 and looked further into the matter.
Additionally, at least some of the certificates had non-compliant encoding, and listed domain names with non-existent top-level domains. This certificate, for example, lists ssltest5 as its common name.
Instead, like the rest of the world, Microsoft learned of the certificates from an online discussion forum.
Some TLS experts I spoke to said it’s not within the scope of a root program to do continuous monitoring for these types of problems.
In any event, Microsoft said it’s in the process of making all certificates part of a disallow list.
Microsoft has also faced long-standing criticism that it’s too lenient in the requirements it imposes on CAs included in its Root Certificate Program. In fact, Microsoft and one other entity, the EU Trust Service, are the only ones that, by default, trust Fina. Google, Apple, and Mozilla don’t.
“The story here is less the 1.1.1.1 certificate and more why Microsoft trusts this carelessly operated CA,” Filippo Valsorda, a Web/PKI expert, said in an interview.
I asked Microsoft about all of this and have yet to receive a response.
