National Security Agency
The issue of certificate masquerading against the SSL protocol is pointed out in . In , various forms of server certificate masquerading are identified. It should also be noted that the attack described is a man-in-the-middle (MITM) attack that requires direct manipulation of the SSL protocol. This paper is a mirror of  and involves client certificate masquerading. The motivation for this paper comes from the fact that this anomaly has shown up in commercial products. It is potentially more damaging than  since a MITM attack is not involved and the only requirement is that the application trust a given root certificate authority (CA). The problem arises when applications use multiple roots that do not cross-certify. The problem is further exasperated since the applications themselves do not have the ability to apply external name constraints and policies. Unfortunately, the problem is a fairly well known problem within the public key infrastructure (PKI) community, but continues to persist in practice despite this knowledge.
Keywords: Certificate, Masquerading, PKI, Trust, Cross-certification, Mapping, Binding, Policy,Name Constraints, Root, Attributes
Read Paper (in PDF)