A lot of the commentary floating around on the SSL “rogue certificates” issue (seeDiginotar, Comodo, etc.) is misleading at best. There’s some downplaying of the issues that seem to be based on misunderstanding of the typical attacks that can employ these certificates. There is mounting evidence that the recent Diginotar certificates have been used to spy on a large number of Iranian citizens. However, this sort of massive scale spying is not the only use of rogue certificates.

There are many types of so-called Man-In-The-Middle (MITM) attacks, and some have been demonstrated in the wild quite recently. First, Firesheep is a tool that is generally used for performing MITM on people using sites that don’t make proper use of SSL; examples including Amazon, Facebook, etc.

Here’s a good article describing this sort of MITM attack in an Internet café scenario. Using Firesheep with rogue certificates is a logical next step.

Also, DNS attacks, either on a broad scale or targeted at particular endpoints are seen in the wild. Yes, this stuff is really happening.

In addition, using stolen certs can help attackers infiltrate enterprises, by providing them with an additional rich source of credentials which are normally encrypted and therefore unavailable.

There are a wide variety of uses for rogue certificates. This is a legitimate concern with Internet security and it’s only getting worse.