Is It Time For an Open Source Certificate Authority?

cagnol writes "So far there are three free ways to get a free certificate to sign your email and receive encrypted communications: Thawte, Comodo and CAcert. Thawte's root certificate is in mainstream browsers. Thawte's interface is good and the web of trust allows for increased security by verifying people's identity. However Thawte is not open-source; worse: it is owned by VeriSign. Comodo's root certificate is in mainstream browsers too but there is no web of trust and their forms are not always working. CAcert is the closest to an open-source certificate authority but is not open-source and it seems that parts of the system are shaky. CAcert provides a web of trust. Unfortunately, CAcert's root certificate is not in mainstream browsers. Don't you think it is time for a true open-source certificate authority? Should this community be related to the Mozilla Foundation and comply, since day one, with the requirements to get a root certificate in Firefox?"

Zimmerman has it right .

[Ckwop]

I've fell out of love with public-key signature schemes as a means of proving authenticity. There are a few problems with the idea in general:

1. Nobody actually reads the certificates.
2. Even if they did, they don't really mean anything anyway. How difficult is it to get a real certificate with fake credentials?
3. Moreover, if the URL is similar enough to the target of your phish then your SSL certifcate may well be legitmate in every sense of the word but you trick people because the URL is close enough to a big brand's main domain.

I think Zimmerman, with his ZPhone program, has got it right. Really, all you're interested in for E-mail or VoIP is not whether the person really is Simon Johnson, of Widnes, based in the United Kingdom who is 23 years old with a pet dog called Thornton. You're actually interested in whether this Ckwop guy I'm speaking to now is the same guy as I spoke to last-time.

When you weaken your security requirement to this position, you can remove a staggering amount of complexity. You can cut out all the CAs, all the X.509 certificates and ASN.1 implementations etc. What you're left with is Diffie-Helman and AES in CCM mode. You can implement this in a couple of thousand lines of provably correct code and your done.

The real way to solve the "identification problem" with web-sites is to change the way credit-cards work. You have a secure token that outputs a different string every thirty seconds. RSA have made these but they're very expensive for no explicable reason, the banks would develop an open-standard in my model to drive down prices. When you pay for something, you submit your credit-card along with the token's value. The transaction will only be authorised if the token's value matches what the bank thinks that value should be.

That way, phishers only have one shot to take your money. Sure, they could make a mock payment page but the auth-code is only going to work once. I think this would destroy the cost effectiveness of phishing for credit-card numbers. That said, identity theft would still be an issue.

Simon

Re:

[Anonymous Coward]

That is incidentially how SSH authentication works. The host key is cached along with the host name, so if it is different the next time you connect, you'll get a big warning.

Re:Zimmerman has it right .

[Workaphobia]

Credit cards simply should not work based on knowledge of a stupid number. Change the system so that every transaction is authorized through a direct communication between the cardholder and credit card company, and you've eliminated the danger of not knowing which merchants to trust with a common number.

What's

[KKlaus]

the point of having the card in the first place then? Maybe I'm mistaking your suggestion for something else, but what role exactly is the actual card playing here?

Re:

[Workaphobia]

None. The card's just an artifact of the past. Under the current system even, there's no reason to have a card in internet shopping if you have your number and security code written down on a piece of paper.

Re:

[FLEB]

Paper? I know both by rote.

Re:

[Old Wolf]

Change the system so that every transaction is authorized through a direct communication between the cardholder and credit card company, and you've eliminated the danger of not knowing which merchants to trust with a common number.

But then Catherine Zeta-Jones can't use her Visa to buy bananas off monkeys!

Re:

[Wesley Felter]

SET failed, and now we have Verified by VISA, which I refuse to sign up for because it imposes extra work on me for no benefit. I'm not eager to try this idea a third time.

Re:

[Zeinfeld]

Credit cards simply should not work based on knowledge of a stupid number.

Few people would argue with that idea.

Change the system so that every transaction is authorized through a direct communication between the cardholder and credit card company, and you've eliminated the danger of not knowing which merchants to trust with a common number.

That is underway, in Europe they already use smartcards for credit card transactions. Getting that to happen in the US is a major problem because there are 10,00

Re:

[Workaphobia]

I don't think I understand how your statements follow from mine. How is authorization going to require infinite employees answering requests in finite time? Why are employees even involved?

Re:

[leonmergen]

Let's say that Visa launched a new line of credit cards, call it 'Visa Net Secure' or something: they could provide a web-interface for allowing or declining transactions, in which detailed information about the transaction (and more importantly, the company conducting the transaction) is available. You can set certain companies to 'trusted', whose transactions are automatically accepted. And to fix your 99 cent problem, you can just as well use that 'accept transactions below a certain threshold' idea ther

Re:

[billcopc]

While that concept works great in other realms, the truth is Visa has no interest in reducing fraud. They profit from fraudulent transactions, and so do their customers. The ones who are hit hardest are the sellers, as not only do they have to pay ridiculous chargeback fees, they often lose the item they were selling.

Let's say you buy something off the net, then call a month later and declare the transaction as fraudulent.... IMMEDIATELY they yank the cash out of the merchant's account, send you a cute l

Re:

[vux984]

That's essentially what paypal invoices are if you've got your CC setup.

You make purchase.
Vendor sends you paypal invoice.
You pay paypal invoice.
Paypal charges your card.
Paypal transfers money to merchant
Merchant sends you product

Works like a charm.

Except I hate paypal.

Sure wish Visa/MC/Amex would just implement this directly:

You make purchase
Vendor sends you Visa "Net" Invoice
I log into Visa "Net" and authorize it.
Visa transfers money to mercant and charges may card.

Oh wait... they did. Its called "Verifie

Re:

[shaitand]

'REQUIRE a picture on every single credit card (POS transactions), and be strict about the requirement on merchants to ship ONLY to addresses on file (online/telephone transactions).'

The picture sounds good. The changing card number idea is great. The only ship to billing address idea is terrible. It is inconvient and annoying when something you need NOW is declined because you live in a 'city' within greater Miami and told the card company the city name and put in Miami on the other. Or when you *gasp* wan

Re:

[Workaphobia]

Well making it not a shared number is one solution, but not the system I was getting at. In my version, the shared/stupid number would simply be used for identification. Possession of this number does not amount to authorization, nor does it have to be kept confidential. You simply need a different means of securing the channels between the cardholder and credit company, and the merchant and credit company. Let the sensitive information be internal to the credit company.

Re:

[Workaphobia]

Lemme clarify: When I use the term stupid number, I'm referring to a number that is more vital to and trusted by the system than it should be. For example, social security numbers are under this definition stupid numbers because they are used both for identification and authentication, and can cause far too much damage once they are compromised, which is easy because they are so widely shared. Credit card numbers are in a similar boat, because possession of the widely used number is assumed to indicate auth

Very Large Prime Numbers

[mosel-saar-ruwer]

Two points.

1) To be a cert authority, don't you need at least a medium-sized farm of supercomputers to mine very large prime numbers [<=, say, 2^4096] from the greater ether [wikipedia.org] of non-primes? And ain't that gonna require some pretty serious investment $$$'s?

2) A little off-topic, but what happens in RSA [wikipedia.org] if you cheat, and use non-primes as your keys? [Often the math will still work, but sometimes it won't - and what goes wrong if it doesn't?]

Re:

[TheRaven64]

To be a cert authority, don't you need at least a medium-sized farm of supercomputers to mine very large prime numbers [

A CA doesn't need to generate a lot of primes, it needs to generate two. The product of these is then the public key. A CA only really needs a single certificate (a certificate is a public key and some data about the owner, signed by the private key). This is then used to sign the ones their customers provide. OpenSSL includes everything you need in order to be a CA. You generate your public and private key pair with it, your customers can generate theirs and the certificate signing requests, and you can sign their certificates with it.

Having the CA generate your certificates would be a very bad idea. At no point should your CA (or anyone else) have access to your private key. Roughly speaking, a CA works by having providing customers with some data that can be attached to the certificate (and including a hash of the certificate) that is encrypted using the CA's private key. Someone downloading the certificate who has the CA's certificate can use the public key from that to decrypt the signature from the certificate, and verify that the CA believes that the certificate is valid.

A little off-topic, but what happens in RSA if you cheat, and use non-primes as your keys?

Then you get nonsense out. RSA is based on modulo arithmetic and only works correctly if you have no common factors. For certain messages, you could create non-prime keys that would work, but it would be a lot more effort to find them. The only keys that work for all messages are primes.

Re:

[fwr]

1) To be a cert authority, don't you need at least a medium-sized farm of supercomputers to mine very large prime numbers [&#140

No. If you're unaware of how CA's work, they just sign certificates. That's their primary purpose. The end-user or RA may generate the certificate that the CA signs. Or you may have the CA generate the certificate for the user. Or the CA can download a small applet and have the end-user do the work as far as generating the keys. However, the preferred method is to have t

Re:

[Zeinfeld]

Better yet, generate the keys on a smart card so that the private key can't be extracted or exported by code on your computer. Do you really trust your OS? With a smart card, the signing occurs on the card and not in your computer. This improves the system security at a much lower cost than doing the signing in a special crypto hardware module.

Exactly, and if you want to be a CA you should be looking at very high security hardware such as the Chysalis or n-Cipher products which are FIPS 140-4 certified.

Re:

[kestasjk]

Nobody actually reads the certificates.

Nobody has to if you trust the certificate authority. What use is reading it anyway, if it hasn't been signed by a CA/friend and can be tampered with?

Even if they did, they don't really mean anything anyway. How difficult is it to get a real certificate with fake credentials?

If a CA is worth its salt, nigh on impossible; that's what you pay those ridiculous prices for (at least, that's where the money should go). This is the main problem with an open CA; there are presumably fewer security checks that the person requesting the certificate is who he says he is.

Moreover, if the URL is similar enough to the target of your phish then your SSL certifcate may well be legitmate in every sense of the word but you trick people because the URL is close enough to a big brand's main domain.

That's a phishing problem, not a crypto problem.

I think Zimmerman, with his ZPhone program, has got it right. Really, all you're interested in for E-mail or VoIP is not whether the person really is Simon Johnson, of Widnes, based in the United Kingdom who is 23 years old with a pet dog called Thornton. You're actually interested in whether this Ckwop guy I'm speaking to now is the same guy as I spoke to last-time.

This is exactly what

Re:

[Kalriath]

Sorry, you're not quite correct there. For a start, what you don't realise is that Verisign completely ignored the phone number you provided on the application. They took your company name, and looked it up against what they consider a trusted source (usually your telco's white pages), calling THAT number. Next, the certificate they sent you is next to worthless. It does not contain your private key, only your public key (your private key was installed on your PC when you filled in the forms in the firs

Re:

[Zeinfeld]

The certificate arrived in unencrypted email! I kid you not.

And worse still it is sitting in an LDAP directory with world read access.

The certificate is a public document. The security of the system only depends on keeping the private key confidential. The certificate is transmitted in plaintext in pretty much every mainstream protocol.

That is what Public Key Cryptography is all about.

The point of the verification callback is to check that the person who applied for the certificate was authorized to

Re:Zimmerman has it wrong

[QuietLagoon]

Really, all you're interested in for E-mail or VoIP is not whether the person really is Simon Johnson, of Widnes, based in the United Kingdom who is 23 years old with a pet dog called Thornton. You're actually interested in whether this Ckwop guy I'm speaking to now is the same guy as I spoke to last-time.

What I am really interested in is whether or not the person I am talking with is real and accountable. I do not want to talk with some ficticious identity multiple times, as Zimmerman would proffer as

Re:

[bcrowell]

You're actually interested in whether this Ckwop guy I'm speaking to now is the same guy as I spoke to last-time. [...] When you weaken your security requirement to this position, you can remove a staggering amount of complexity.
A couple more reasons why a free certification authority is not as useful or feasible as one might think:

1. The traditional service is useless unless someone is going to check on the real-world credentials of the person applying for a certificate. That means there have to be offic

Re:

[iabervon]

Public-key crypto is still useful so that people can have a certificate that they keep really secure which signs certificates that they carry around and use. Furthermore, it's useful for cases where you want to know what somebody else thinks: this really is "that site that my friend recommended" or "a company known to the state of California". The problem isn't PKI, it's the notion that (1) signatures without assertions mean something, (2) "authenticated" without a user-meaningful identity means something,

Re:

[owlstead]

"1: # Nobody actually reads the certificates."

Actually, I do, and it only takes one person to catch a bad certificate.

"2: Even if they did, they don't really mean anything anyway. How difficult is it to get a real certificate with fake credentials?"

Not too difficult. There is some checking if you are a real person, so they may be able to track you down, and you need to pay some money. I won't get one for "betalen.rabobank.nl" though, which is my banking site. They probably would check if the domain has alr

In reality...

[tomstdenis]

They shouldn't be issued by private corporations but instead by the man who issues the business licenses. Otherwise, it's meaningless. So I setup p4ypal.com, buy a cert and trick people to go there. Whoopy.

What do certs really mean anyways? Just because company.com has a legit cert from verisign doesn't mean they're a good company. It means that I'm talking with company.com. Big deal.

Tom

YES! The government!

[bussdriver]

Certificate Authority:
secretaryofstate.state.us or departmentofcommerce.state.us
you should recognize who it is

Far more paperwork and verification is done to incorporate (business licenses.) They have to commit tougher crimes to sneak off with a corporation or LLC. You have multiple parties interested such as the IRS and secretary of state who look bad if dummy corps are floating around (you don't mess with the IRS gangsters.)

Certs allow for multiple signings if I'm remembering correctly. There is no reason

Re:

[pjt33]

Why should certificates be tied to business licences? You don't have to be a business to want to use SSL with your website.

Re:

[DrSkwid]

When I connect to my mail via SSL on a public network, I want to have a means of 1) verifying the endpoints and 2) encrypting the traffic.

Knowing that you're connected to company.com *is* a big deal because you're about to send your some sensitive info.

Advertise it for other than e-commerce.

[grahammm]

All of the current CAs seem to over emphasise the use of certificates for https servers and e-commerce. Their web sites mention this usage almost exclusively and if other uses of certificates are mentioned they are hidden away.

So if an open source CA is set up, it would be good for it to give more prominence to other uses of certificates, such as S/MIME, starttls for mail servers, for VPN authentication etc.

Re:Advertise it for other than e-commerce.

[TheRaven64]

I use a CACert certificate on a couple of mail servers, for outbound SMTP and inbound POP/IMAP. If I need to re-create the certificate, none of the users has to know anything about it, as long as they added the CACert root to their client; the old and new ones are both signed by the same root, and so it just works.

I don't really understand what the original poster meant by saying CACert is not open source. Open source doesn't really apply to something like a certificate authority, because they are not providing software. Anyone can get a CACert certificate at no cost. All you have to do is show two forms of government-issued ID (one with a photo) to an existing member. The more people who assure you in this way, the better the certificate you can get, and eventually you are allowed to start assuring people yourself. The problems I see with CACert are:

1. There is not yet a good infrastructure for assuring organisations. Non-profits would benefit a lot from this kind of thing.
2. There is no good revocation mechanism, nor a good verification mechanism. The points A gets from being assured by B and C are the same, even if C was assured by B. It would be better if you had to be assured by people from divergent branches of the tree.
3. Due to the way IE handles root CAs (i.e. pay lots of money), it is not likely to get in there for a very long time.

Re:

[crush]

I don't really understand what the original poster meant by saying CACert is not open source.

Well this [cacert.org] is the license, and it seems to not allow us to modify and redistribute the source.

Re:

[TheRaven64]

I hadn't seen that, but now that I have, I am still not convinced it matters. It's like asking if we need an open source search engine. Whether the CA uses open source software or not makes no difference. We aren't lacking open source software to allow people to run their own CA (it comes with OpenSSL, found on most *NIX systems). The software used by a CA is completely irrelevant to the service it provides, which is a method of verifying someone's identity.

A completely open source CA would allow red

Re:

[crush]

I'd agree with you completely, but that's where the objection comes from.

Re:

[Zeinfeld]

Due to the way IE handles root CAs (i.e. pay lots of money), it is not likely to get in there for a very long time.

Microsoft no longer charge for including a root. Instead they require a CA to have a WebTrust audit. That can run to a hundred thousand dollars.

The issue that keeps comming up here is that people want to do encryption without a CA. Thats fine, the CA infrastructure was designed to support authentication, not encryption. If you are not concerned about a man in the middle attack you do not n

What is the question?

[smallpaul]

The question posed is "Is it Time for an Open Source Certificate Authority?" But the description does not address the question. Rather it addresses the question of whether there is an open source certificate authority. First: someone needs to define what it means for a service to be "open source". Second, they need to describe why anyone should care whether a service is open source. That would be a better start to the dicussion than a laundry list of certificate providers.

Re:

[Proud like a god]

Story: Are there any free, reliable Certification Authorities?

New question: Is it possible for a Open Source CA system to exists, as this would help ensure these qualities?

Sorry, didn't preview

[Proud like a god]

"...an Open Source CA system to exist,..."

Root certificate inclusion is expensive

[wizman]

Having an open source CA is one thing. Having the root certificate included in major browsers is an expensive endeavor. The www.cacert.org site has an FAQ entry about this:

http://wiki.cacert.org/wiki/InclusionStatus [cacert.org]

Summary: Lots of open source browsers already have the cert; Mozilla/Firefox will have it soon. Internet Explorer (and apparently Apple's Safari) won't have it unless they come up with a way to pay for the $75,000+ plus $10,000 a year for a AICPA WebTrust audit.

Re:

[MooUK]

Not if you would read it as "an eff ay cue", which is what I would do. For acronyms, unless the acronym is usually used as a spoken word rather than individual letters, you go by the sound of the first letter. Examples: "A BBC program", "An EFF Lawyer", "An NDA", etc etc.

Re:

[MooUK]

I can see your reasoning. However, if you were reading "an NDA" or "a NDA", you wouldn't necessarily read it in full. The written form should be related to how you would read it exactly as written.

(Also, I think you missed a word or two at the beginning. Probably adjusted.)

Re:

[leenks]

It depends. Do you say "a FAQ" (fack) or "an F A Q" (eff ahy cue)?

Re:

[shaitand]

There are exceptions in the realm of common usage but as a general rule it is improper grammar to pronounce acronyms, you should always say the letters.

I once went to an interview for a systems administration position with a large hosting company. Naturally, this position would involved administrating a Linux cluster farm and there were dozens of acronyms required to get the job. The guy doing the interviewing was familiar enough with the technology to know what to ask but he pronounced every acronym. His p

Certificates are a scam

[Anonymous Coward]

I've been saying for years that security certificates are a scam. Everybody knows it's a meaningless number. You can write your own security certificates. With the choice between paying $100s to some shady "security company" or generating your own for free what would you choose? Face it, certificates are another barrier to trade and security compaies are greedy mafia and nothing more. How can Thwarte or Verisign or whatever be at the root of a "web of trust"? Trust from whom. Not from me. And if I'm writing the system who gets to say what is and isn't trust? From the uend users perspective, the only person that matters, they never heard of Twarte or Verisign. How would they know a certificate from those companies from another you made up with an impressive sounding company name like UltraSecure or SafeClick? It's a meaningless game. And it's not like this "trust" gives any party some legal recourse or adds accountability to the operator. Yep, Open source certificates all the way. Anyone can set up a verification system selling zero cost numbers to strangers if they sign a form or show their driving licence or something, but it wont make anybody or anything more secure.

Re:

[tepples]

You can write your own security certificates. With the choice between paying $100s to some shady "security company" or generating your own for free what would you choose?

If you generate your own certificate, how do you 1. convince end users to install your certificate and 2. teach end users how to install your certificate?

Re:

[DraconPern]

Push it out via active directory. I did it with an startcom free ssl.

Re:

[mollymoo]

I've been saying for years that security certificates are a scam. Everybody knows it's a meaningless number. You can write your own security certificates. With the choice between paying $100s to some shady "security company" or generating your own for free what would you choose?

Everybody knows it's a meaningless number? Your grandma knows that, does she? Very few people know anything about certificates at all. All they know is that if they go to Amazon's secure pages, a little padlock appears and they've

Thwaite, eh?

[zCyl]

I trust Thwaite a whole lot more than I trust an Anonymous Coward on Slashdot.

Thanks for proving a key point:

Thwaite [thwaite.com]

Thawte [thawte.com]

Re:

[duffbeer703]

The certificate system isn't completely usesless -- There's a paper trail linking a certificate to a bank/credit card account.

If someone buys a certificate, you can conduct an investigation and trace it back to the person who made the purchase, and from there to the authorizaer. If you buy some sort of Verisign cert with a stolen credit card, they'll revoke the cert once the chargeback comes through the CC.

An open-source CA doesn't make sense, as you cannot enforce the security standards.

Re:

[Jeff DeMaagd]

It's even more than that, it links a certain IP address (you have to have a fixed IP), a certain registered domain to a specific business bank account. And in many places, you can't get that bank account without at least registering with a local bank. A typo domain spoof of a secure domain is possible, but I question why someone would go to that length. Getting registered also means that you get into the browser by default. If the browser spits out a nasty warning, a lot of users would go away, so any

Mostly useless

[Chuck Chunder]

Verisign may well revoke it, but do any browsers pay attention to revocation lists?
Besides, if you were being fraudulent you'd have probably moved on by the time the chargeback goes through.

I think you would have a very difficult time using registration details to track down someone interested in fraud, they don't tell you that a business is trustworthy.
Certificates are only really meaningful when you already have some trust in the business in question, such as your bank or some other big name.

Re:

[Gwala]

Protip: Self-Signed Certificates are worthless.

Hypothetical: I hijack your DNS and point your servers IP at my faux-server. For this example, I'll call those 'original', and 'fake'.

You have a self signed certificated issued to by . Since I now control that domain, I can issue a certificate with those same details to myself. Because it's being issued by the same authority, there's no steps required to take those names or assumptions.

This same attack can be performed using a man-in-the-middle on the connecti

Re:

[owlstead]

Can somebody *please* mod this down? First of all, a certificate is not a number. You can write your own certificates, but they won't be trusted by any browsers. The end user does indeed not know about trusted third parties (TTP's) as they are called, but as long as the browsers do, they don't need to. "UltraSecure" and "SafeClick" are not part of the browsers trusted certificate store, and the browsers will rase hell if you try and authenticate with root certificates with that name. And, as another user no

We already have

[Watson Ladd]

It's called GPG. It can be used with TLS as GNU TLS demonstrates. The one issue is making sure that GPG/TLS is implemented more widely.

What TLS is

[DrYak]

Do you not know what TLS is?

TLS and SSLv3 are cryptographic protocols which provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. (Thanks, Wikipedia [wikipedia.org]).

The interesting thing is that they can operate using certificate issued by a CA just like their predecessors (SSLv1 and SSLv2). And thus, you can just do HTTPS as before, only with a slightly more recent protocol.

OR, you can use OpenPGP keys (PGP, GPG, etc) instead. T

Main use would be code-signing

[badzilla]

It's already possible to get SSL server certificates for a few dollars; these "work" in the sense of not triggering scary browser messages but are essentially worthless in the sense that they do not provide any further positive identification of site ownership. Unfortunately it's hard to see how anything "open source" could improve on this, unless the open source CA were willing to provide background-checking services for free.

It's also already possible to get high quality free/beer personal identification certificates for example the Thawte Web Of Trust who issue personal certs based on real-world check of national ID such as passport.

What we really need from an open CA is something you cannot to my knowledge get elsewhere which is reliable code-signing certificates without spending hundreds of dollars.

Re:

[crush]

CAcert also offers free, personal certificates based exclusively on WoT checking, and Class3 certificates for code-signing, it's similar to Thawte's model except for the free Class3 certificates [cacert.org].

The big hurdle seems to be that the Mozilla Foundation won't include the CAcert root certificate in the browser because CAcert doesn't pay them (unlike all the other root authorities).

Re:

[YGingras]

GPG is used daily to sign releases and histories and patches on several revision control systems. I guess you mean signing for runtime loading like in ACS. When patches signing with GPG was implemented in GNU Arch, I remember someone said on the mailing list: "I'd rather have a key signed by Manoj [debian.org] than one signed by the pope". I think that this represent well how decentralized trust (GPG, PGP) compares with centralized trust (SSL). Centralized trust works if you trust the CA. But, being the CA gives yo

Re:

[Kalriath]

https://www.godaddy.com/gdshop/ssl/ssl.asp [godaddy.com] Godaddy does 'em for $20 per year. They're even a real root CA, not chained from Verisign, Thawte, Equifax or Comodo. Woah, they even have EV-SSL for half of Verisign's extortionist price.

Why OpenSource?

[cybrangl]

Right now there are plenty of free certificate authority programs out there. The only difference is that the authorities are not trusted by the browsers. If you could have every authority trusted, the certificates would mean even less than they do now. All we really need to do is take the methodology CAcert uses and add their authority to the browsers.

Awesome!

[222]

Sounds great, maybe one of the Ubuntu guys can help? How about that one guy?

Re:

[222]

Whoever modded that troll should investigate where Ubuntu founder Mark Shuttleworth gathered his wealth...

Jeez, anyone with a sense of humor around here?

Shuttleworth

[matt me]

Thawte was developed by Mark Shuttleworth. He sold it for $560 million in 1999. He's now responsible for Ubuntu.

am I missing something here?

[rucs_hack]

I thought the whole idea of trust certificate type things was because the closed source ethos means there's no way to know what's in the program you're installing, so it has to be certified as trustworthy?

I didn't think open source needed that kind of thing.

When it comes to installing things via browser I prefer firefox's 'authorise this domain' thing, which is independent of certificates.

perhaps the reason there's no open source equivalent of these certificates is that its never come up as a problem.

I may

Re:am I missing something here?

[Solra Bizna]

You're welcome to teach my grandmother how to personally audit every line of source code for every program she ever installs.

Certificates have other uses than blob signing. If nothing else, the current infrastructure of "web" certificates would allow you to verify that the mozilla.org you're about to download and run executable code from is mozilla.org and not some leet h4xxor who owned your ISP's DNS server. They're also supposed to be able to verify that it's Amazon.com Inc. you're about to give your credit card number to and you're not really at a carefully cloaked amazonn.com but in practice that kind of protection isn't dependable.

I wish the Mozilla foundation would get a cert; AFAICT they don't have one and it freaks me out whenever I download an extension....

-:sigma.SB (the paranoid)

Re:

[DamnStupidElf]

Certificates have other uses than blob signing. If nothing else, the current infrastructure of "web" certificates would allow you to verify that the mozilla.org you're about to download and run executable code from is mozilla.org and not some leet h4xxor who owned your ISP's DNS server.

Who is mozilla.org? Can you tell me exactly who they are or are supposed to be? What about mozilla.com, mozilla.net, mozilla.tw, mozilla.cx, etc. What about mozilla-browser.com or mozilla-firefox.org? Does any of those nam

Re:

[Kalriath]

https://addons.mozilla.org/ [mozilla.org]

"The web site addons.mozilla.org supports authentication for the page you are viewing. The identity of this web site has been verified by XRamp Security Services Inc, a certificate authority you trust for this purpose"

Re:

[Solra Bizna]

Yay.

-:sigma.SB

Encryption and authentication are conflated

[Alain Williams]

It is useful to have the communication between the server and web browser encrypted, this is what https (port 443) is all about. It would be useful to be able to ensure that you are surfing the web site that you think you are ... https purports to do this, but does not do it well - as others have said.

The problem is that if you want encryption, you either buy a certificate or you have the user presented with a misleading dialogue box that suggests that you are not trustworthy ... or rather the reverse is not true: just because you have a certificate does not mean that you are trustworthy.

Joe Sixpack does not understand the difference - which is only good for the profits of Versign and friends.

It would be nice if the two could be somehow unlinked.

Re:

[TheRaven64]

You can't unlink them, because they are so deeply connected. TLS without identity gives you no security. All you have is an encrypted connection to somewhere, but no guarantee that it is the person (or machine) you though you had an encrypted connection to. Someone one router upstream from you could be proxying all of you 'encrypted' connections so you get an encrypted connection to them and then an unencrypted connection beyond that. Without a signed or pre-shared certificate, you would have absolutely

How do you get the "Trust" part?

[tji]

Open Source CAs are pretty straightforward. All the code is available, and people are already doing it. The difficult part is establishing the trust model. The root CA needs to be well managed. But, more difficult is the process for issuing new certificates. If you just give cert's out without strong validation of who you're giving it to, your trust model is worthless. If anyone can go in and freely get a cert, what confidence do you have that the cert holder is not a "bad guy"?

That's why commercial CA's, like Verisign,cost money, and provide a real service. They do try to verify the organization they give cert's to. It may not be perfect,and many people complain about how strong that validation is. I can imagine what those people would think about an open source CA, and their level of validation before providing certs.

Absolutely Yes

[Apreche]

In order to do any sort of secure transaction on the web, you need SSL. If people don't see the little lock icon, they will be very unlikely to trust your website. To get that icon you need a signed SSL certificate. Sure, you can sign your own. However, if your cert isn't in the browser, then users will get a warning popup that your site might not be safe. That's worse than not having the lock in the first place.

Verisign, Comodo, and others have a big scam going on. Whoever wants to conduct secure business

Re:

[Have Blue]

If self-signed certs were accepted at face value by browsers the entire thing would fall apart because it's just as trivial to sign your cert with "Amazon.com" as it is with your real name. And it takes money to determine that the guy who typed "Amazon.com" into the Buy Cert form and hit Submit actually works for Amazon.com, because that's far more complex than just typing his name into Google and looking for bad feedback. You have to do work in (gasp) real life.

It's absolutely a good thing that getting

Re:

[neoform]

>That is not cool.

Right on maan, that does NOT ROCK..!!

Real lack of fundamental understanding here

[CPE1704TKS]

The whole point of Certificate Authorities isn't just to distribute certificates... it's to make sure that the certificates are valid and that they are giving them to the right people. Being able to make whatever certificates I want makes the entire thing meaningless. If there is an open source CA, I could create a certificate that says I'm Linus Torvalds or Bill Gates... who would make sure that I'm really who I say I am? If you can't guarantee that the cert is correct, then it makes the CA useless.

The

Shooting at a moving target

[Excelcia]

Should this community be related to the Mozilla Foundation and comply, since day one, with the requirements to get a root certificate in Firefox?

I wish I could apply moderator points to articles so I could vote that part of it flamebait.

On day one, there were no requirements to get a root certificate in Mozilla. Mozilla essentially played a "me too" game in the beginning, putting in root certificates fairly willy nilly. It was only when CACert appeared on the scene that Mozilla magically decided on

Someone didn't do their homework...

[Excelcia]

Someone didn't do their homework. Sorry, but you failed to read the assignment so you get an 'F' in popular history.

This is, because they didn't comply to the Mozilla policy.

There was no policy when CACert began asking. Read the bugzilla report [mozilla.org] and you will see how they only decided they wanted a policy after CACert came knocking. I don't know about you, but when an organization accepts certificates from all comers and then when I come around they say "sorry, but we only accept certificates by those who meet a policy we haven't drafted yet", then I start to fe

Re:

[Excelcia]

So, basically what you seem to be admitting to is exactly what I pointed out in my original post - that CACert was given a moving target to hit. They request inclusion at a time when there are no standards and get told no because there are no standards. Excuse me? But if they can just wait... we'll make a standard. Meanwhile, other certificate authorities are being added, but ok, they wait. For a year. They wait for standards to get set and then meet those standards, but that's not good enough and the

Identity Verification

[madsheep]

I think the OP is worded a little strange and but I think I understand what you are getting at. The problem here is, as others have pointed out, you would essential have a free service and you get what you pay for. Who is going to do all the identity vetting and verifications of those requesting certificates? Are you going to have a full time staff that is verifying who individuals are and that they're authorized to be making such requests? What are the odds tons of *.microsoft.com and *.whatever.gov ce

Solution in search of a problem

[Spazmania]

I think the whole certificate authority scam is a solution in search of a problem. Yes, there are useful man-in-the-middle attacks where a public key hasn't been independently validated. I won't claim otherwise. I will claim that for nearly every application there are so many avenues of attack with a higher probability of success that worrying about key validation is a little like digging a nuke bunker while terrorists buy plane tickets.

For one thing, you don't have the wherewithal to dig a nuke bunker than

Re:

[owlstead]

As long as you keep sending responses like that, I would not bother about encryption either. I'm trying to decode the response for a few minutes now, but I am drawing a blank.

Re:

[Spazmania]

What I said, in so many words, was that a certificate authority (open source or otherwise) generally locks the closed front door while the back door and all the windows are wide open. If that metaphor is too obtuse, I'll state it more directly: certificate authorities are presently a waste of effort.

Why some don't consider caCert open

[ChaseTec]

https://bugzilla.mozilla.org/show_bug.cgi?id=21524 3#c164 [mozilla.org]

Pasting for those to lazy to follow the link.

Rich Freeman wrote:
>
> It just seems like as an organization we [The Mozilla Foundation]
> should be trying to foster open source projects.

Whoa, there. I'd just like to point out that CaCert is not an open source
project in any sense of the term. It uses open source software *internally* to
provide a free (as in beer) service, but CaCert distributes no free (as in
*freedom*) software, and no software that could even remotely be considered
open source. Just the opposite in fact, see the license here, on their site:
http://www.cacert.org/src-lic.php [cacert.org]

It clearly states that you:
1. may NOT modify the source code [...]
2. may NOT make copies of the source code [...]
3. may NOT give, sell, loan, distribute, or transfer the source code files
to anyone else, an, my favorite:
4. may NOT use [CaCert] software created for any purpose or reason other than
verifying that there are no unknown vulnerabilities or the like or otherwise
making your own assessment of the integrity of the source code and the security
features of the CaCert software

Furthermore, below it goes on: "All rights not expressly granted to you
[editorial comment: which would be "none"] in these license terms are reserved
by CAcert. CaCert retains ownership of all copyrights and other intellectual
property rights throughout the world in the CAcert source code and software.
You agree that CAcert will be given a perpetual non-exclusive rights to any and
all derived code, and you hereby assign rights in any modifications you make to
the source code and in any bug reports you submit to CAcert."

This just may be the single most disgusting and ill-advised hybrid software
license I have ever read. The author apparently seeks to keep the software
100% proprietary, guarding it from "competitors", and protecting potential
future licensing revenue, while simultaneously benefiting from the efforts the
open source developer community to fix its bugs, and attest that it is not
malware, for free.

Although I wrote an impassioned comment (#12 above, of 161 so far!)
https://bugzilla.mozilla.org/show_bug.cgi?id=21524 3#c12 [mozilla.org] in *support* of
CaCaert, uh, 4 years ago now, and was a CaCert user and Assurer, I discontinued
my involvement because the source code was released by the founder only months
later, after much prompting and delay, and when it was finally unveiled, these
onerous licensing restrictions were "slipped in" with zero community
discussion.

When I asked why the code was not made open source, the founder described his
perceived threat that if it was made open source, then other free CA's would
start popping up out of nowhere to run our code and to compete with CaCert and
he felt that this would decrease CaCert's chances of getting its root cert into
Mozilla, and then IE.

This seemed a paranoid and protectionist attitude and I've no longer
participated in the Assurer program or the CaCert community since, though I
have monitored the mailing lists. After the founder's recently announced
resignation, perhaps the new board of directors (or whatever governing body
structure they adopt) will revisit this anti-competitive, closed source
position.

I had though a free CA would be a good thing, and if one is good, then two is
better, and hundred would be fantastic! So if they all *do* pop up, and share
code and development effort, I believe that all will benefit and perhaps,
someday, all will be accepted by all the browsers, and Verisign and the sma

How do you define "good"?!?

[vanyel]

Thawte's interface is good

Clearly the author of that quote hasn't actually tried to use Thawte's site much. Cumbersome and arcane are better descriptions...

Open source CA StartCom supported by Firefox

[miller60]

CA Cert gets much of the attention in the discussion of open source CAs, but StartCom [startcom.org] has made more progress in gaining browser support (and hence market acceptance). StartCom certs are supported by Firefox 2.0 [linuxboxadmin.com]. CACert has been working on inclusion in Firefox for several years, and appears to be getting close. Mozilla has stepped up its staff effort to review certificate authorities for inclusion in Firefox/Mozilla, including CACert.

I suppose . . .

[DaMattster]

that many slashdotters here make a good point about it really not being necessary to have an open source CA. CACert does the job really well and I use it for internal communication security. If you really need your own CA, it is not terribly difficult to put together a very rudimentary one. In fact OpenSSL provides just that, a very simplistic, basic CA that is not terribly user friendly at all. See the man pages for openssl ca and openssl.cnf.

Open Source Authority?

[geekyMD]

Open Source Authority = biggest oxymoron of the decade! :)

How to do low cost certificate verification

[Animats]

There's no big problem running a certificate authority at a moderate cost per transaction. It could probably be done effectively for about $10-$20 per certificate.

If you want to buy a certificate for an organization, identity has to be verified. The way to do this is 1) look up the organization in corporation or d/b/a name records, as appropriate, and 2) send a letter or FedEx envelope (extra charge) to the address for service of process listed therein. You'd order a certificate on line, but it's not

Re:

[vidarh]

For an individual, require purchase with a credit card, and send the letter to the billing address of the credit card, which can be verified during credit card verification.

That's true for only a handful or so countries in the world, and even for most of those the address verification services are woefully incomplete (that is, you have to expect them to return no result or wrong result for a fairly large percentage of users).

This is idiotic

[wasabii]

The entire idea of these companies is that they present a publicly viewable, *SUE-ABLE* name to ensure a path to the company applying for the certificate. An "open ca" would be utterly useless in accomplishing this.

The idea is that verisign and pals spend a non-zero amount of time verifying you are who you say you are. Such a non-zero amount of time costs money. Hence the certificate costs money. Whether it is priced right or not is driven only by demand and production. Deal with it, or make your own.

There already is a Free CA: You.

[Sloppy]

OpenPGP lets you have multiple certs for a given identity. This makes it practical for anyone and everyone to be a CA.

Re:

[crush]

Here's a link [cacert.org] to the paperwork, and here's some info about it [cacert.org]

Re:

[rs79]

"you have a play itself backwards, very sick and its it has to be fun it a break, if In addition, be a lot slower may weel remain Abysmal sales and a conscious stand survey which backward and said tangle of fatal obsessed - give continues in a its corpse turned subscribers. Please IS DYING LIKE THE Core team. They sales and so on, Munches the most Creek, abysmal users. This is get how people can up today! If you least I won't log on Then the [nero-online.org]. Gawker At most wasn't on Steve's"

My decoder rin

Re:Great idea

[fyngyrz]

The idea is sound enough, it just doesn't go far enough.

Certificates and the technology surrounding them provides two things, one of them useful, one of them harmful. The useful thing is encryption. This means that as your data goes from point A to point B, it is very, very difficult to make any sense of. This is useful because often, as in the case of when we share our credit card data with some other entity, that is as far as we meant to share it and the encryption erases one of the situations where it is highly vulnerable to interception by others. We definitely want encryption.

The harmful thing is the illusion of "identity." This is 100% harmful, and on several fronts. First, the idea that you "know" who, or where, you are "locking certificates" with is illusory. No mechanism within the process positively or reliably identifies where, or which, computer you are connecting with, only that the certificate at hand has, at some point in the last year or more, been issued by a "certificate authority" that was convinced to some degree that at the time the certificate was issued there was somebody at a phone number and an address, possibly with a business, possibly not. They could have moved 20 minutes after the certificate was issued, and they'd have [certificate expiration time] to fraud up a storm if they so chose. In no way does the actions of the certificate "authority" serve to determine if that entity had nefarious intentions, or if the transaction you are entering into at any one time is legitimate. So you don't know who, or where, you are "locking certificates" with, and nothing the "certificate authority" does even begins to help you out in this manner. Despite very expensive marketing campaigns claiming precisely the opposite, gaining the consumer's trust with glossy, high end advertising.

But things are even worse, because with that illusion of "trust", the impression that the consumer no longer has any reason to check out the business is quite strong; this is partially a consequence of the method, but it is also a marketing lie told to consumers, and there the responsibility rests upon the promulgators of the scam, the "certificate authorities" themselves.

The fact is, as a consumer, you have to determine the legitimacy of the business yourself, and if you don't do that, there isn't a single thing that the "certificate authorities" have done, or can do, that will reduce your risks.

Now we come to the idea that to be useful, certificates have to be issued by a certificate authority. This is entirely false in terms of service, but entirely true because there is a huge scam going on.

Service-wise, a vendor can produce their own certificate, 100% as effective at encryption as anything they can get from the "certificate authorities." That certificate is 100% capable of working with any browser and protecting data during transfer to the connected party as well as anything they might get from a "certificate authority." So effective encryption 100% identical to what everyone uses now doesn't require a "certificate authority." Period.

Scam-wise, not the certificate authorities, but the browser vendors (though certainly encouraged by the "certificate authorities"), have created a situation where if the certificate you have cannot be traced in origin to one of the "certificate authorities", then the browser will pop up a warning and scare the dickens out of the consumer, thereby eroding your ability to do business. Consumers don't understand what is going on, all they know is they got a WARNING OMG WTF.

Therefore, to do e-commerce, a vendor must use a certificate from a "certificate authority" or they will have shot themselves in the foot. It would be the work of only a few moments for each of the browsers to remove these untrue, scam warnings; at that point, any properly generated certificate would work to provide encryption, consumers would stop getting these baseless warnings about "identity" t

Re:

[Beryllium Sphere(tm)]

And after you investigate and find a reliable plumber, you don't want to have an impostor show up with a big wrench and an invoice pad.

This isn't much of an issue in meatspace, but on the Internet the work you did to determine whether a business is acceptably safe is wasted if you end up at a typo squatter's site.

The value of a third-party certificate, limited by the relatively weak checking and the fact that virtually no customers understand it, is that although anyone could register bofa.com and be imposs

Re:

[fyngyrz]

but on the Internet the work you did to determine whether a business is acceptably safe is wasted if you end up at a typo squatter's site.

As I said, it is up to us to take responsibility for what we are doing. Who typed the address in wrong? And since the answer is the user - us - then whose fault would that be? Not the legitimate businesses, and not even the CAs; No, it is the ours. And my precise point is that we should be careful with what we do, the certs don't help in any way to ensure we are wher

Re:

[vagabond_gr]

Oh and while your at it, can't you set up open source supermarkets too?

Better make it web 2.0 [youtube.com] too.

PGP != CA

[DrYak]

That's two different thing :

PGP (and GPG) are systems using public/private key pairs. They are used to encrypt/decrypt or sign data from one point to another in a transmission.
The thing that you are sure is that given one public key, only the corresponding private key in the pair could process the data in the opposite direction. (Completely independent of where that other key is).

CA are certificate. They certify that the person using a given key IS a person with characteristics specified in the certificate.