Forgot your password?
typodupeerror
Communications Encryption Privacy Security The Internet IT

SSL Certificate Authorities vs. Convergence, Perspectives 127

Posted by timothy
from the with-moxie-marlinspike-as-guy-fawkes dept.
alphadogg writes "With all the publicity about breaches of SSL certificate authorities and a hack that exploits a vulnerability in the supposedly secure protocol, it's time to consider something else to protect Internet transactions. If only there were something else to turn to. Protecting SSL and its updated version TLS is vital because they support most e-commerce transactions by setting up end-to-end encrypted sessions that are authenticated, and that requires certificates that are verified by certificate authorities. One new model for authentication is called Convergence, and it similar to one being trialed at Carnegie Mellon University called Perspectives. Rather than trusted third parties whose trust can't be assured, SSL/TLS authentication would rely on a reputation system of verification."
This discussion has been archived. No new comments can be posted.

SSL Certificate Authorities vs. Convergence, Perspectives

Comments Filter:
  • by Anonymous Coward

    It's not even worth getting the first post anymore. Slashdot sucks.

    • by Z00L00K (682162)

      As do the concept of Certificate Authority.

      The CA means that you need three parties involved to set up an encrypted channel and lately it has been shown that the reputation of a CA can go down the drain faster than the flush of your #2 in an airplane toilet.

      Effectively this means that there's a need for a new way of working when it comes to secure communication.

      As I see it - the security risk increases exponentially with the number of parties involved in a secure communication. So it's a case of the old say

      • As I see it - the security risk increases exponentially with the number of parties involved in a secure communication. So it's a case of the old saying "Three can keep a secret if two are dead."

        So the solution is a reputation system ????
        How do we get a reputation level for a site ????

        Catch 22 here I think.

        FYI For those who didn't bother to read the links in the article the proposed systems increase the number of parties involved

        • by Znork (31774)

          Increasing the number of parties involved is the point; they have to agree to clear a site.

          As it is, even besides getting hacked, there isn't a registrar that won't hand over false keys to any security agency in a country they're based. But it might be a bit more difficult for one party to lean on notaries in the US, Russia, China and Switzerland at the same time. Once they don't agree, you know that there's something going on.

          • by wisty (1335733)

            Exactly - you don't need to keep a secret. The aim is to broadcast verified identities as widely as possible.

    • by Z00L00K (682162)

      First Post is only valuable if it has something useful to say related to the original article and you aren't posting as an AC.

  • this story again.

    • So, you're frustrated that we are still talking about a serious issue that we haven't yet resolved? If it bugs you so much, do something that would help in solving it faster. The people who offer the solutions linked in the summary are doing something, and although I'm hesitant we should choose them, they have presented two options. What have you done?

      • by wmbetts (1306001)

        No I'm not frustrated that people are still trying to solve this problem. I'm frustrated at the exact same topics showing up almost weekly on slashdot. As far as what have I done? I've done exactly what everyone else on slashdot as done, jack shit. If we're lucky we have 2 people that will even see this article and have any ability to influence any change. Even if we (slashdot) did have some sort of godly internet powers that let us (slashdot) influence changes on the internet we wouldn't even be able to ag

        • by jbolden (176878)

          Actually slashdot people do have the ability to influence change. A huge percentage of e-commerce sites are written, managed or heavily influenced by people with at least one slashdot regular reader.

    • Re: (Score:1, Funny)

      by Anonymous Coward

      this story again.

      Indeed. It's time we moved to new stories. Why do we keep mulling these tired old ones and zeros with the algorithms and the networks and their mathematics. Hasn't Slashdot beaten this intercomputing story to death yet? What about homestyling? What about Riverdance? Do you know how hard it is on the toes and the knees to do that jumping and vibrating? Did you know that the dance is not called Riverdance, but that that is just the name of that particular theatrical show of traditional Irish jumping and vibra

    • by fluffy99 (870997)

      this story again.

      Yup, another summary that doesn't understand the difference between using a cert for authentication and using SSL/TLS to encrypt the connection. If using TLS with Diffe-Hilman key exchange, the connection is securely encrypted regardless of whether an attacker has the servers private key.

      • by Kjella (173770)

        Yup, another summary that doesn't understand the difference between using a cert for authentication and using SSL/TLS to encrypt the connection. If using TLS with Diffe-Hilman key exchange, the connection is securely encrypted regardless of whether an attacker has the servers private key.

        Sure, but does your "securely encrypted" connection go to the server or a MITM the attacker has set up? When you've got no idea who's at the other end, it doesn't matter much that the line is encrypted. It would be a generally good practice to use SSL/TLS everywhere even without authentication because then you can't simply store traffic for later, you have to actively intercept and run a MITM attack in real time. It's better than nothing but is by no means secure and should not be treated as such.

        • by fluffy99 (870997)

          Sure, but does your "securely encrypted" connection go to the server or a MITM the attacker has set up?

          True, but encryption of the connection versus authentication are still two separate issues. The value of certificates issues by "trusted" CAs is quickly diminishing for a number of reasons. 1) Those CAs are getting hacked. 2) CAs are being careless and issuing weak certs or issuing certs without proper verification. 3) Browsers are including all kinds of CAs that may or may not be trustworthy. 4) Some browsers don't check revocation lists by default. 5) People usually click through the warnings anyway.

  • Reputation systems seem to have worked quite well for eBay and other similar sites, I don't see why it can't work for some sort of SSL.
    • A reputation system is good if you have a distributed anonymous network of sites, and it will perhaps do a great job there. But it has the potential to be abused and it is way too complicated. Why not go with something simpler?

      1. Use the DNS CERT record and ensure that we use dnssec with all zones up to the root signed (or another DNS security scheme).
      2. Remember the last certificate and warn the user every time when it changes. Notify the user that he should signal for an issue if it changes too often.

      Of c

      • Of course, this isn't really what people are thinking of, but what if we went to a BitCoin model? If all we are trying to do is prove who we are, which is much different than proving we are trustworthy, then a P2P system based on proved work should fit the bill.

        In case you're like most slashdotters and don't know how these systems work, well it's super cool. All they do is sign ledgers of transactions with a special proof of work, which is simply a random number attached to the transaction log which cause

        • by Cyberax (705495)

          BitCoin is bad because it doesn't have provisions to revoke a certificate. If I somehow steal your BitCoin wallet then I have full control over your certs.

          And since BitCoin is distributed and anonymous - no court decision can help you.

          • RL money worked like this for centuries. Then banks and governments tried to """"regulate"""" it and look where that got us?

            • by Cyberax (705495)

              _Cash_ worked like this for centuries. That's PRECISELY a major reason why banks (a trusted third party for transactions) have been invented.

      • by Anonymous Coward

        http://blog.thoughtcrime.org/ssl-and-the-future-of-authenticity

      • by MSG (12810)

        Why not go with something simpler?
        1. Use the DNS CERT record and ensure that we use dnssec with all zones up to the root signed (or another DNS security scheme).

        ...because that's the same as the system we have now. If the CA that signs DNSSEC is compromised, then the whole system is broken.

        If a notary is compromised, we can replace that notary and be done. If a CA is compromised, we have to replace the CA and every active cert in the world that they've signed.

    • by gnapster (1401889)
      I can steal someone's identity once out of every thirty times and still get 97% positive feedback.
    • Re:Reputation system (Score:4, Interesting)

      by hedwards (940851) on Sunday November 06, 2011 @12:01AM (#37963146)

      EBay doesn't have a reputation system. A reputation system requires that parties be able to add or subtract from the feedback based upon their views. There will be a few that don't match or are wrong, but over time the values will tend to reflect reality.

      With eBay, they don't let sellers leave negative feedback anymore and as a result the whole system is badly flawed and tends to just reward bad behavior by buyers.

  • by pathological liar (659969) on Saturday November 05, 2011 @08:09PM (#37962102)

    These systems depend on notaries, why do I trust them any more than the CAs? The Perspectives notaries are... AWS and a handful of servers from a single American university (MIT)

    Not exactly diverse.

    • by Anonymous Coward

      The Convergence notaries are whoever you pick, who is running a server. And the server code is free and open source, so anyone could be one. In other words, you trust the notaries because you trust them, not because you are required to trust them.

      • by 0123456 (636235)

        In other words, you trust the notaries because you trust them, not because you are required to trust them.

        So how am I supposed to know who to trust?

        • by Yaur (1069446)
          your browser and/or OS will ship with some defaults... most people will just use those.
    • Re: (Score:2, Insightful)

      One of the fundamental differences is that if some but not all notaries are comprimised you'll be able to know something is up. With CA's, if one is compromised, that alone could be used to MITM between you and just about any website.

      Another is that you don't have to trust any particular notary. You can add/drop them quite easily. With CA's, however, if you chose you don't trust a CA you can't really be confident you're not being MITM'd at any website which has that CA sign their cert.

      Basically, wi
      • by Junta (36770) on Saturday November 05, 2011 @08:46PM (#37962322)

        A more pertinent issue with Perspectives, as I see it, is that if someone MITM's very close to you

        Ditto on the other side. It's impossible to distinguish a valid key change from an invalid one. Since the people attesting to the authenticity of a certificate have zero 'special' interaction, it remains feasible to fool them. It basically throws the baby out with the bathwater. The problem by and large is any singular CA can attest for any thing it feels like. A better approach would be:
        -DNSSEC secured results enumerating the CAs the site selected to secure the domain. If DigiNotar signs yourdomain.com and your DNSSEC says 'Thawte', then there is an issue.
        -Multiple CAs signing a certificate. If you have 3 or so CAs (all listed in your DNSSEC record of course), then compromising all three would be required to compromise your security.
        -A positive OSCP response should be required. Currently, even when OSCP is checked, if some return indicates 'general error' or 'try again later', that's taken as good enough.
        -Having a reputation system as an extra measure makes sense. Perhaps https without a 'padlock' given a positive reputation based read in absence of anything else, and if reputation and CA both check out, grant the visual indication of secure.

        • -DNSSEC secured results enumerating the CAs the site selected to secure the domain. If DigiNotar signs yourdomain.com and your DNSSEC says 'Thawte', then there is an issue.
          -Multiple CAs signing a certificate. If you have 3 or so CAs (all listed in your DNSSEC record of course), then compromising all three would be required to compromise your security.

          What does this gain you over storing the cert signature itself in DNSSEC?

          Since the people attesting to the authenticity of a certificate have zero 'special' interaction, it remains feasible to fool them.

          Nothing prevents a notary from taking extra steps to verify the authenticity of a certificate. That is one of the advantages of the concept: other methods of authentication can be added in a modular way.
          In some ways the notary system gives you the security of the strongest of the notaries you trust, and the CA system gives you the security of the weakest of the CAs you trust.

          • by Tomato42 (2416694)

            What does this gain you over storing the cert signature itself in DNSSEC?

            You get to know all the CAs the other party chose to trust, not one.

          • by Junta (36770)

            What does this gain you over storing the cert signature itself in DNSSEC?

            Ideally (perhaps forced by policy), the DNSSEC chain of trust has no overlap with x509 CAs. If you compromise DNSSEC chain of a target, you still have to compromise a CA before they figure it out and fix it. If you compromise a CA, then you have to break DNSSEC before TLS implementations revoke the CA.

            Nothing prevents a notary from taking extra steps to verify the authenticity of a certificate.

            That's a fairly weak 'assurance'. 'other methods of authentication can be added in a modular way' I read as 'more ways to induce a false-positive'. *Ideally* In the CA relationship, you would at least have

            • *Ideally* In the CA relationship, you would at least have assurance that the site being validated worked explicitly with a trustworthy CA. In the reputation system, the site being validated didn't work with anyone and has no way to authoritatively 'tell' someone they got compromised.

              A CA could be one such authentication step. Consider a network of independent notaries to which the CAs could securely push public certificates and tie them to a domain name.
              Now you have to compromise the CA (or a sufficient number of the notaries, some perhaps run by the CAs themselves), and you have to perform the MITM upstream, not downstream, so the perspectives-like notaries will still see a consistent view.

              • by Junta (36770)

                That wouldn't be so bad, but so many advocates say 'ditch the CA system and replace with reputation'. Augmenting is rarely ever suggested.

        • by MSG (12810)

          A lot of people suggest DNSSEC as a component of replacing CAs, but overlook that DNSSEC requires CAs to function. If the problem is that you can't trust anys given CA, then a replacement has to be independent of CAs.

          DNSSEC can't be a component of a system that doesn't trust CAs, which is exactly what Convergence aims to be.

          • by Junta (36770)

            The abstract concept of 'CA' is not the issue, the issue is the x509 strategies of 'a single CA is sufficient' and 'any CA is good enough'.

            In the DNSSEC case, the 'any CA is good enough' is taken out, it *must* be the server in the specific trust chain. 'sketchyauthority.net' getting compromised would do nothing for 'importantbank.com'..

            The reason I said to encode which CAs you elect to use (that must *also* be in the set of 'trusted' CA certs in browsers) is to take care of the other part. By requiring a

          • Why? Put a public key in the DNS info, done.

            As long as you enter the domain correctly and your own computer is secure with a correct public root KSK you're golden. No MITM possible, no CA necessary.

      • if someone MITM's very close to you (think the people who own/control the AP you're connecting through at a hotel), they could MITM *all* of the notaries as well

        The communication with the notaries is in all likelihood encrypted and signed with predistributed keys, similar to CA certificates today. That's not a large problem, because ultimately you have to trust the software you are running anyway.
        That still retains all the benefits over the CA system that you mention; you get multiple points of trust that all have to be compromised, and if one is compromised you can distrust it with minimal consequences.

    • by swillden (191260)

      These systems depend on notaries, why do I trust them any more than the CAs?

      Individually, you don't. However, if a set of them give you the same answer, then you have reason to trust them more. And if one of them gives you a different answer, you don't trust any of them at all.

    • by sjames (1099)

      You don't. However, with SSL as it stands, you are more or less forced to take a leap of faith based on the word of a single arbitrary CA that you don't really trust. Subverting any of the many CAs out there is good enough to pull off an attack.

      In the proposed systems, several notaries will weigh in, and if they disagree, there's a big red flag.To pull off an attack with certainty, the bad guy would have to subvert all of the notaries.

    • by MSG (12810) on Sunday November 06, 2011 @04:27AM (#37963922)

      Notaries are no more trustworthy than CAs; the advantage is what Moxie Marlinspike calls "trust agility". See, if a CA is compromised, users cannot easily stop trusting the CA. The big CAs simply have too much influence. Drop a major CA, and a significant percentage of the internet's certs are no longer valid. The economic costs of replacing a CA are tremendous.

      If a notary is compromised, no big deal. Notaries can be dropped and replaced without any noticeable consequence. Notaries can be just as effective as CAs, with the advantage that they can be easily replaced.

    • by schwaang (667808)

      Because:
          1) you could choose a notary run by someone you trust
          2) you could UN-choose a notary if you stop trusting it
          3) you can delegate the above to your browser maker or a plugin maker you trust, and not worry about it, just like you already do with the CA system. But *they* can do #s 1 and 2.

      With the CA system you don't have have that flexibility in any practical sense.

  • Won't work (Score:5, Insightful)

    by Baloroth (2370816) on Saturday November 05, 2011 @08:10PM (#37962108)

    Any reputation system that doesn't rely on some central authority to issue it can and will be gamed by crackers. With massive botnets and the like there is simply no way to rely on any number of "individuals" to issue correct information. The only way around this is to have some central authority say "your opinion matters and yours doesn't." Voila, you have the present system.

    For unimportant things or things so unimportant the difficulty makes the problem not worthwhile, a distributed reputation system works. Someone above mentioned Ebay. This system works because the rating of individual sellers, while important to them, isn't terribly important to all that many people, and the system is rather difficult for an individual to game. But for a distributed SSL certificate network, not only is the incentive there, but the people involved are massive and extremely technologically sophisticated.

    Convergence is unfortunately not the answer. Sure, you can say "I only trust this Notary", but how do you know that Notary is even who you think it is? You can't. The only way is if you have centrally distributed root certificates... and again, same problem you have now. Ultimately, the only real way to get guaranteed SSL security is to call up the bank/ whatever and manually verify the fingerprint. Or get the key on a USB drive at the bank. There simply isn't an easy solution.

    And you won't get your average Internet browser to change. People conducting MITM attacks generally aren't concerned with people who are really security conscious. If they actually are conducting targeted attacks against you, then you should have much better security in place. Since most people simply won't switch, even if Convergence was 100% effective it wouldn't matter. Most SSL attacks would still take place just fine.

    • by thegarbz (1787294)

      Any reputation system that doesn't rely on some central authority to issue it can and will be gamed by crackers. ...

      My understanding was that these systems did not take the place of the CA as verifying the identity of the transmitter, and instead only provided validity that the centrally issued certificate looks the same from a variety of different routes, basically ensuring that if your government or telco MITMs you then the local view would not agree with the notaries and the scheme is exposed.

      Certification is still done centrally. Many people look at Convergence and Perspectives as a replacement to the current CA mode

      • by vadim_t (324782)

        For a government/telco it's trivial to block these systems.

        Convergence and Perspectives require a constant connection to their servers. They can be blocked by IP or by port. The current lists are public, making that easy. Or they can just block connections to anything besides selected services like gmail, ensuring the remaining notaries are all local and present the "official" view.

        New servers can be detected by trivial traffic analysis: A convergence/perspectives user will connect to their notary after con

        • by thegarbz (1787294)

          Would the blocking of the notary servers itself be sufficient to raise alarm bells? After all the purpose of this system is detection of tampering on your connection.

          • by vadim_t (324782)

            And how does that help you? If you're in a place like that you already know the government heavily restricts net use.

            This situation makes the entire net have a security status of "unknown". You can't possibly know if anything is safe or not, so what are your options? Don't connect to anything? Connect and hope nobody is watching?

            A certificate based system offers a bit more of hope: if you trust your CAs, and don't connect if the cert check fails, all the government can do is to deny your connection. Either

            • by thegarbz (1787294)

              It just provides one more source of information. Currently you know the government tampers. They *could* be MITM you.

              If you use a notary system then you will either know a) things are ok, b) the government has unimaginable resources, or c) the notaries aren't working and they *could* be MITM you.

              It's a case where you're no worse off if it doesn't work, but in a much better position if it does. Also security is a game of cat and mouse. This just happens to be the latest trick the mouse has. There's no report

    • by MSG (12810)

      Sure, you can say "I only trust this Notary", but how do you know that Notary is even who you think it is?

      The same way that you know CAs, now: you keep their certificate in a local store for validation.

      again, same problem you have now.

      No, you don't. You have one of the two problems that we have now. Right now, the two significant problems are 1) that we rely on organizations that could be compromised and 2) if one of the larger organizations is compromised the cost of dropping our trust in them is impossi

    • by jbolden (176878)

      there is simply no way to rely on any number of "individuals" to issue correct information.

      Sure there is, tie it to something like botnets don't have. Like a real telephone number, or cell phone number. Tie to a physical address and have verification information delivered by snail mail.

  • A reputation system? (Score:5, Interesting)

    by the_Bionic_lemming (446569) on Saturday November 05, 2011 @08:23PM (#37962182)

    What happens when you are a software company that will have at best 1000 clients?

    That's the issue I am facing right now with Norton and SONAR. I started deploying with Clickonce since i needed to add SQLCE to our customers machines. Now SONAR pops up and deletes our software randomly. If you look at the logs, Norton actually says "YOU CHOSE TO DELETE THIS".

    That's just an Antivirus company. How in the hell can I expect to be able to deliver product and keep it updated if I'll never have enough customers to "Trust" our software and build a reputation?

    We cater to a pool of clients that will never go above 1100 customers. Does this mean that in addition to AV troubles, we will never get trusted because we cannot possibly get enough people to make the numbers to BE trusted?

    • Your three independently operated notaries form the core of your system of trust.

      And you tell your clients to quit trusting Norton/Symantec and Microsoft. Re-write your stuff to run on Linux and get your clients to put your app on Linux boxes.

      I mean, seriously, if your target customer base is so limited, moving them to a reliable system is not nearly as hard.

      • It's not possible to force them to do that. They're required by their company to be on Microsoft Internet Explorer.

        • They aren't your clients, they're Microsoft's clients. You are a lowly 3rd party consultant, and your add-on is locked in to that dysfunctional segment of the industry.

          Your trust level is not with the customers, it is with Symantec and Microsoft.

          Your problem is fundamentally outside the scope of this solution.

          • Uh, no - I'm not a consultant. We are a business that provides automation software to those people to allow them to do the jobs they need to do while working for their parent company.

            See. you are using a cookie cutter approach to rip on Microsoft. The problem there is your assumptions are incorrect.

  • I just came accross http://web.monkeysphere.info/why/ [monkeysphere.info], which looks to me like an interesting idea: delegate the trust issue to the PGP web of trust. Maybe this would be a sane alternative?

  • by Anonymous Coward

    To keep saying only that the flaws in SSL/TLS protocols and trust infrastructure affect e-Commerce is untrue and trivialises the scope of the issue. And yet this seems to be the only example ever trotted out with these stories.

    People need to realise that it's more than web sites that are affected, it's everywhere that SSL/TLS is used including secure e-mail, VPN infrastructure and the like. Start telling your CIOs and CEOs that their secure IMAP can be sniffed by NewsCorp so they can publish news of their o

  • there is a philosophical divide here, across which some people have an almost religious faith in a lost cause: that a trustworthy system can be built amongst peer nodes

    sorry, it can't. any such system can be spoofed and gamed

    when it comes to trust, you need a centralized authority. you may feel something akin to an allergic reaction when i say those words, but this is because this simple truth may go against some loopy beliefs of yours, fed by romantic idealism, not realistic understanding

    i'll say it again:

    • "when it comes to trust, you need a centralized authorit"

      Probably you are right.

      But then, when it comes to trust, you can never trust a centralized authority.

    • by Sloppy (14984)

      you need centralized authority

      Cool. And we'll mark that centralized authority as "moderately trusted," but I still want two more just like it which will never have motivation to conspire with it.

    • by jbolden (176878)

      I like the idea of centralized authorities better. Banks for example have doing essentially this sort of work for centuries and unlike peers can put their money behind getting it right.

      But I'm not sure I buy that a decentralized system can't work. Say for example my browser looks at 3 authorities that I hand picked (possible defaults). Those 3 authorities are in a group of 100 authorities that they all query and require 5 to agree before passing it on. Each authority to register a business has to regi

    • A central authority doesn't need to be a fragile forest of fully trusted CAs like we have now. A much better solution would be for clients to have marginal trust in any individual x509 signature of a certificate, requiring at least N distinct signatures to validate the certificate, where N is great enough to significantly reduce the threat of enough compromised CAs signing an attacker's certificate to make it trusted. Inherited trust from an intermediate CA would only carry a portion of the trust placed i
  • Could we implement one of these systems in such a way as to protect us from dupes (like this story)?

  • I really love the idea of Convergence on the face of it, but I had one serious question:

    Convergence seems to solve the problem of a government (Iran) placing fake certs in front of their users and decrypting their GMail and FB SSL connections, and what have you. But what if the fake cert is placed much closer to the target website which is being spoofed?

    If you have a bottleneck in front of the target website you want to spoof, can't the attacker take advantage of that and put a fake cert /there/ sinc
    • by goddidit (988396)

      Convergence seems to solve the problem of a government (Iran) placing fake certs in front of their users and decrypting their GMail and FB SSL connections, and what have you. But what if the fake cert is placed much closer to the target website which is being spoofed?

      That could be mitigated by having at least one notary running DNSSEC, but then you can't have a consensus, you have to have all notaries agree, and require the DNSSEC one to agree. This would work, but in that case, just use DNSSEC (Which I do /not/ like the idea of on its face).

      ...Or some notaries could use the current CA system. The point is _trust agility_ and that you if you employ these certificate checks as an extra measure, you can not be in a worse situation than with the current CA system. In a nutshell: You don't have to trust CAs, you don't have to trust DNSSEC and you don't have to trust notaries that just compare certificates. But you can choose to trust them if they agree (and even if they don't).

      • by xrayspx (13127)
        Yeah, I'm interested to see how this plays out, it's clear the current CA system is pretty badly broken/breaking, Moxie's BlackHat talk was a pretty interesting take. Once lots more notaries come online it will be easier to see how to mitigate problems like I mentioned without giving up some of that agility and being forced to check with something that isn't going to be fooled.
  • by Kjella (173770) on Saturday November 05, 2011 @10:20PM (#37962760) Homepage

    The short answer is, users want a binary answer. Can this site be trusted, true/false. Every system since the "web of trust" in the early 90s that has had a fuzzy answer of "somewhat trusted" has failed. And it stands to reason that when you want such a binary answer, you'll do the minimum required to satisfy it. There's nothing today that prevents your certificate from being signed by multiple CAs, it's just that it doesn't give you anything. The line will show up green in people's web browsers whether it's signed by one or five CAs, it just adds costs with no benefit.

    I can sort of understand that, if I got a company's phone number I fully expect to call them and reach that company, not getting MITM'd to some scam center somewhere. Of course there's all the other scams involved but if I type [company].com I expect there to be some trusted index that makes sure I get to the right site. If that site has been compromised that's another matter, but the sites that need to be secured are usually very secure. I just need to be sure I'm going to the right place.

    Another matter is client security, if your client is compromised then it can show you anything. That's why my bank texts me to confirm payments, giving all the relevant information in the text. Like are you sure you want to transfer X to account Y, if so text OK back. That's really the only way to be sure, otherwise it could authorize some completely different transaction than what it told me, for example through a fake error message. Oh, that must have been a typo let's try again. One fake payment and one real.

    • by scdeimos (632778)

      Yes, users want a binary answer, but they have no understanding of what's going on behind the scenes to arrive at that answer. As far as they're concerned "it just works" and they leave the details up to people smarter than themselves.

      Example: the line showing up green in the user's browser is only indicating that the presented certificate is trusted by a CA somewhere in the user's browser certificate cache. It might be that the presented certificate is signed by DigiNotar, even though the correct certifica

    • by Sloppy (14984)

      The short answer is, users want a binary answer.

      They also want ponies, so I propose we give everyone a pony and then all problems will be solved.

      Just kidding. I know we can give them all ponies. Let's lie to them and just tell them they have ponies, but only if they truly believe.

      This approach is foolproof. I'm filing a pat--WTF? What's all this prior art?!!?! DAMMIT!

    • Every system since the "web of trust" in the early 90s that has had a fuzzy answer of "somewhat trusted" has failed.

      Right. "Web of trust" systems are vulnerable to all the attacks used for search spam - link farms, social spamming, and phony reviews. In any system where unique new identities can be created cheaply, "web of trust" systems are hopeless.

    • by MSG (12810)

      The short answer is, users want a binary answer. Can this site be trusted, true/false.

      And in the Convergence system, they get that. A site is trusted if all of your notaries agree that the certificate you see is the same certificate they see. If it differs from the certificate that they see, then something is amiss and the certificate is not trusted.

  • I can register a domain, get a small server on the internet and serve malware. I can easily get a certification authority to give me a certificate.

    All I've ever wanted a certificate for is so that users don't get the freak out security warning saying that "this certificate is not issued by a known certifying authority." I can just as easily self sign a certificate and get the encrypted link, but all the popular browsers will check their internal list of certifying authorities and show the warning.

    The
    • by jbolden (176878)

      The point of the authority is to verify you are who you claim to be. For example if you set up a website and called yourself IBM

  • Names (Score:3, Insightful)

    by kangsterizer (1698322) on Saturday November 05, 2011 @10:56PM (#37962902)

    Can't people start using names that MAKE SENSE again?

    Who the hell cares how cool it sounds. It's a technical thing, the public doesn't care. Convergence. Perspectives. Seriously? How do one figures any of those name is related to security?

    Heck SSL was called Secure Socket Layer. That makes sense. Computer, is a thing that computes. Make sense.
    Keyboard is a board full of keys. TLS is Transport Layer Security. Goes on and on.
    Then bang, now you get "convergence" and such crappy names that means nothing. Annoying :(

    • by blueg3 (192743)

      You get a good name when you become accepted enough to become a standard.

      For example, Rijndael and AES.

    • by thegarbz (1787294)

      Erm Perspectives is a program that views certificates delivered to the client from multiple perspectives around the world.

      Of all the frigging bad names that exist in projects out there I can't believe you would actually complain about these here. They are about as relevant as they come, the purpose of the program being in the god damn name.

      • because those are technical things, aka where it actually matters
        im sorry but perspective doesnt tell anything "god damn" thing. it could be a million of different things.

        Secure Socket Layers talks a lot more.

        Perspectives could be called Multi Perspectives Certificates instead (and abbreviated MPC). But that doesn't sound cool enough.

    • As far as I know a keyboard is a board that is full of buttons. Not even one of them fits any lock.
  • Most SSL sites require an account to buy stuff, move your money around, post rediculous comments..etc.

    My advice use mutual knowledge of those credentials to establish trust between yourself and the ssl site using a technology along the lines of TLS-SRP.

    Obviously this is not a replacement for SSL as it does little good if you have not already established an account. It would allow sites were you establish relationships in person or offline (Banks) to no longer have to depend on SSL certificates at all in an

  • I generally like the concept and can think of times in the past when I've preferred to receive an SSL certificate from someone else's perspective, rather than one my browser is simply prepared to accept without warning as it has been "appropriately signed". Monitoring such a system of notaries seems fairly trivial (they could monitor each other?) and could well prevent against the most targeted of attacks.

    I have some reservations about notaries being privvy to my browsing history, although I guess local
  • Secure Sockets Layer Protocol (SSL) helps protect Internet Communications through server authentication, encryption and data integrity. All information sent over SSL (names, credit card numbers, private user information, account numbers, etc.) is encrypted so that it cannot be read or tempered with during Internet communications.
    Secure Sockets Layer Protocol uses Secure SSL Certificate to verify the identities and establish secure connection between the Web server and the User's browser preventing crackers

God made machine language; all the rest is the work of man.

Working...