Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet

Concerns are escalating within the cybersecurity community regarding three TLS certificates mistakenly issued for the 1.1.1.1 DNS service, operated by Cloudflare in partnership with the Asia Pacific Network Information Centre (APNIC). These certificates, which were granted in May, could potentially allow unauthorized decryption of domain lookup queries that are encrypted via DNS over HTTPS. This protocol is designed to provide robust end-to-end encryption when users seek the IP addresses of websites. Experts are particularly worried about the implications of these certificates on other sensitive services, notably WARP, a VPN solution provided by Cloudflare. As of the latest updates, these certificates remain valid, despite being issued four months ago; their existence only became widely known through an online forum discussion. The certificates were granted by Fina RDC 2020, a certificate authority that operates under the auspices of the root certificate holder, Fina Root CA. This root authority is recognized by the Microsoft Root Certificate Program, which determines the trustworthiness of certificates used by the Windows operating system. Notably, Microsoft Edge is one of the browsers that could potentially be impacted, representing around 5 percent of global browser usage. In contrast, representatives from Google and Mozilla confirmed that their browsers, Chrome and Firefox, have never recognized these certificates, assuring users that no action is required on their part. It remains unclear whether Apple's certificate program also recognizes these certificates. The identity of the individual or organization that requested these credentials is still unknown, and inquiries sent to Fina, Microsoft, and Apple have yet to be answered. These certificates play a crucial role in the Transport Layer Security protocol, containing private keys that are essential for digitally signing domains to verify ownership. They are also pivotal in decrypting traffic exchanged between users and the websites they access, raising significant security concerns if misused.