Do the SSL Watchmen Watch Themselves? 171
StrongestLink writes "In an intriguing twist on the recent Comodo CA vulnerability discussed here last week, security researcher Mike Zusman today revealed that three days prior to StartCom's disclosure of a flaw in a Comodo reseller's registration process, he discovered and disclosed an authentication bypass flaw to StartCom in their own registration process that allowed an attacker to submit an authorized request for any domain. During a month which was marked by the continuing paradigm shift to SSL-verified holiday shopping, the Chain of Trust continues to run off the gears, and Bruce Schneier is even commenting publicly that SSL's site validation mission isn't even relevant. What lies ahead for the billion-dollar CA industry?"
Let governments handle SSL (Score:5, Insightful)
SSL certificates are one area best served by government. Bear with me here,
SSL certificates are the online version of your driver's license or your passport. We entrust our governments to provide us with reliable, trustworthy forms of identification. We know that if we see a driver's license or a passport, we can be reasonably certain the person holding said identification is who they claim.
It is becoming increasingly clear that SSL certificates issued by private industry cannot be trusted. Since private industry issues them, there are real standards for how one qualifies for a certificate. A $20 SSL cert from Godaddy is just as valid of identification as a $500 one from Verisign. Worse, the private industry has a conflict of interest. Their business makes money by issuing certificates to paying customers, not rejecting customers for bad information. The more stringent their policy, the more applicants they reject, and the less money they make. It is simple math, they have to make it as easy to get an SSL certificate as possible or go under. (The bond rating industry suffers from a different, but somewhat similar conflict of interest, actually)
Who then should issue certificates? The only entity that doesn't have to make money--your governments. Ideally you should be able to walk into whatever agency issues photo identification in your country and somehow get an SSL certificate issued. Businesses and non-profits could get them issued by checking a box on the form they use to set up a corporation or LLC.
Letting the government deal with this has many extra benefits. For starters, we could make SSL certificates fall under the same kinds of laws that govern passports or drivers licenses. If you forge one, or enter fake information, you could be charged under the same laws that faking a drivers license fall under. For second, if done right, good governments would issue these for virtually nothing and maybe protocols like S/MIME would finally get widespread adoption.
What about open source projects who currently cannot afford SSL certs? Well, if the government does it, they could file as a non-profit and get one for free (or reduced cost).
How would this work from a technical standpoint? How would browsers deal with a long list that has every countries certificate authority? Dunno, but it seems it wouldn't be a big problem. It is a technical problem though, so we can solve it somehow.
What international agency would regulate this? Who regulates passports? Dunno, but seems to me we already have a long history of internationally recognized identification--both for business and personal use. Why not task those guys with SSL certificates? This is more of a political problem, and isn't as easy to solve as the technical bits.
Bottom line, I know we all seem to hate more government, but SSL certificates are one thing governments should be doing, not private industries. It might create a new class of problems, but I suspect the new problems will be much less severe than the ones we have now.
Re:Let governments handle SSL (Score:5, Funny)
I can't wait to see the phishing websites validated by the Nigerian government's CA.
Re: (Score:2)
People want justice in the world. They want karma, they want a god or a superhero to come down from above and fix the ills of the world. They want safety, they want security, they want peace.
Government, like religion, usually works so long as you believe in it. When you stand back, however, you often see just how useless and ineffective it is, just like everything else. Truth is, you're not going to find any justice. No hero or knight in shining armor is going to ride out of the smoke and save you.
You
Re: (Score:2)
I trust the Chinese government as well as the US government to handle this. You just have to know how to handle them.
The Chinese you simply tell, that they have a second child that they conceived while listening to anti-communistic music, cross the street when the light is green, and read American news sites.
The US you tell, that they just "pirated" the latest hit album from Osama Bin Laden for their karaoke machine while wearing this shirt [freewebs.com].
I'm joking. You could really tell both governments anything that in
Re:Let governments handle SSL (Score:4, Insightful)
Your trust of government is simply astonishing after what the Bush administration has been up to for the last eight years especially considering all those slashdot stories concerning fumbling incompetence on the part of certain governments... The problem wish computer security isn't private industry, it's that there are few direct consequences for companies that produce faulty security systems, banks with shoddy security etc.- legally granted limited liability is a problem, Once they find their own heads on the chopping block after a security flaw is found they'd be a lot more keen on solving the problem.
Re: (Score:2)
Hey now, don't belittle the strengths of a bureaucracy because of Bush. There are certain things it can do well, licensing is one of them. It's not perfect (not hard to get a fake ID) but its good enough (moderately difficult to get a GOOD fake ID). Plus, then you know for sure that someone is checking on the security of the certificates because that's 50% of their job.
Now if only they'll make it so where there is a road, there is pipe (for the most part) and get some of the boonie yahoos some decent DSL
Re: (Score:2)
Plus, then you know for sure that someone is checking on the security of the certificates because that's 50% of their job.
Yes, and there are also supposed to be people making laws that agree with the constitution and striking down unconstitutional ones, and people that make sure patents are valid before they get approved. But in both of them they fail in their jobs.
And think about the ways that governments would abuse this system. For example AT&T might not have a decently secured site, but because they agreed to wiretap they might give them a certificate. On the other hand a site that sells materials disagreeing wit
Re: (Score:2)
Don't be so sure:
http://www.computerworld.com.au/index.php/id;50110485 [computerworld.com.au] they [at least the UK] seem to be fairly adept at losing things, if they screw up big time you still pay for it.. when a company screws up bad enough at least people might have a chance to look elsewhere- no, I think the solution here is to make use of that horrible trait of human nature- greed, well at least enli
Re: (Score:2)
Exactly. As an end-user (businesses refer to you as a consumer), you expect
that the website you are interacting with is who you *trust* them to be.
And as the end-user, you expect that the reason you trust the site is because
you have the lock showing in your browser, and you believe the SSL system
is trustable.
Yet, as the end-user, what have you personally seen as evidence
that the https protocol using SSL is really trustable?
Most people have seen nothing.
And yet, here someone says the government should be tr
Re: (Score:2)
So you trust your government less than a random company that has bought its CA status with money?
Re: (Score:2)
given enough competition I trust that if any of them prove themselves unworthy of trust that it's still a better system than any of our governments could design and no I really don't trust a governmental monopoly over competitive private industry especially when our little government has been caught spying on its own people.
Re: (Score:2)
Would you care to elaborate on how a private company is supposed to compete for trust and profit at the same time, without sacrifying one for the other?
Oh and btw: A governmental CA can not be used to "spy" on anyone. Put down the tin foil...
Re: (Score:2)
"Would you care to elaborate on how a private company is supposed to compete for trust and profit at the same time, without sacrifying one for the other?"
You can't sacrifice trust for profit if you're in the trust business. All you have to sell is the trust people have in you. Give that away and you have nothing to sell.
Re: (Score:2)
I take it you have never order a SSL certificate at a shop like RapidSSL, instantSSL and the ilk?
If your definition of trust translates to "owns (or stole) a credit card" then yes, today's PKI is perfectly fine.
Re: (Score:2)
All I'm trusting them to do is verify the domain. They do that.
Making it harder to get any certificate at all just means that less traffic will be encrypted. That's a much worse problem than man-in-the-middle attacks.
Re: (Score:2)
why on earth would you continue to use an untrustworthy company's product if there is any competition whatsoever? why would a company stay in business making profit if people abandon them for more trustworthy companies? If a company wants to make as much money as possible [profit] and being untrustworthy undermines that profit base, why would they be able to continue? the only situation where things could not improve in this manner is with a monopoly, private or public monoplies have no incentive to impr
Re: (Score:2)
As basically every government is, or wants to, listen in on any traffic they can I don't only not trust them, I am utterly certain that they will issue any number of falsified certificates enabling them to intercept and MITM any SSL communication they want to. The CA's have yet to indicate that desire. Not that I think most would hesitate to sign a false certificate on request from the government anyway.
So for the purpose of certificates, I trust governments far less than a random company. Of course I also
Re: (Score:2)
Well, if that is your concern then you are just utterly clueless about how SSL works.
The CA can not spy on your SSL traffic, no matter how much they want it.
Re: (Score:2)
Re: (Score:2)
You need to look up how man in the middle attacks work. As long as they can create a signed certificate saying their server is the destination server they can transparently proxy your communications.
For non-government CA's it's tricky, as they'd have to spoof or control DNS for the domain in question, but for a government it would be trivial. There's already many examples of redirects and censorship proxying being done, and as long as a government can either produce, or compel to be produced, signed certifi
Re: (Score:2)
Claiming that such a scenario would be "trivial" for a government or anyone else is just nonsense.
The government does not own DNS, nor does it own the ISP pipes. If they want to go to such lengths as to fake a CA they can just as well rubberhose a privately owned CA into doing it for them today - and it would probably be much cheaper on a per-case basis than permanently maintaining the required infrastructure themselves.
Furthermore, what interest does the government have in snooping on our online banking an
Re: (Score:2)
Claiming that such a scenario would be "trivial" for a government or anyone else is just nonsense.
Many governments already do siphon off traffic to proxies and/or interfere in ISP DNS services for child porn blocking, as well as for various intelligence purposes. To think that's hard to do when it's already done is rather disingenious.
they can just as well rubberhose a privately owned CA into doing it for them today
They probably do it regularly. I can't see Verisign objecting to a national security letter.
Re:Let governments handle SSL (Score:4, Insightful)
So, after wading patiently thru your treatise, it would seem you elected not to answer the question, which would explain your warmth towards politicos, at least
Nope. Government AND private companies (Score:5, Interesting)
It's better to use private companies with government oversight.
I now live in Ukraine and we have such a system. Government licenses private companies to work as certification centers and mandates that only certain (strong) crypto algorithms must be used.
As a result, I can use my private key to sign my tax report for IRS (or tax report for my company). IRS in turn uses its own key to sign their letters.
That's pretty cool, if you think about it.
Re: (Score:2)
Re: (Score:2)
Low broadband access rates,
Err, you do know that most of it is because the population of the USA is spread across a large area whereas just about any country in Europe (minus Russia) would fit within our borders? If the USA had roughly the same everything just scaled down to the size of a mid-sized state, I'm sure the USA would have the highest broadband access rates in the world.
Re:Nope. Government AND private companies (Score:5, Insightful)
OH boy, the 'but the US is huge' argument that comes up every time broadband in the US is discussed. I'd buy that if our metro areas were chocked full of fiber speeds and just the rural areas were slow. The fact is that even in our largest metro areas the US broadband is horrid.
A recent study [speedmatters.org] shows that even our smalled state, Rhode Island, with population density of over 1000 per square mile, has an average speed of only 6.7 Mbps. If you can't make that dense of an area high speed there is something seriously wrong with our system. Namely the Telco lobby arm is so strong that their gov't sanctioned monopoly remains and speeds don't improve.
Re: (Score:2)
Since when was six megabits per second not 'high speed'? To me that sounds like enormous bandwidth. A wireless LAN might have only twice that. Sure, for high-definition porn in real time you might want more, but 6Mb/s is ample for all but the most greedy users.
More relevant is the quality of the upstream network and the amount of contention.
Re: (Score:2)
Re: (Score:2)
The simple truth is that the US is huge. The best solution is to ram through whatever legislation is necessary to get the latest and greatest wireless tech up to cover the last mile. Honestly though the answer there might just be to push mesh networking to the masses. We desperately need to augment the internet as we know it with a mesh network just to increase reliability.
Showtime Network had a documentary about this... (Score:2)
A recent study shows that even our smalled state, Rhode Island, with population density of over 1000 per square mile, has an average speed of only 6.7 Mbps. If you can't make that dense of an area high speed there is something seriously wrong with our system.
The Showtime Network had an extended documentary about this very phenomenon - it was called Brotherhood [sho.com].
Re: (Score:3, Informative)
Sweden, Finland, Norway and Canada whose population density is lower than the US yet have higher broadband penetration seem to suggest that theory may not be entirely accurate.
Re: (Score:2)
Maybe their average population density is lower, but for Canada at least that's misleading. Most of the population is in a belt along the US border. I think Sweden is the same, most people live in a few cities on the Baltic coast and hardly anyone lives in the rest.
However I don't buy the argument that the problem with the US is size and low population density; it certainly didn't stop them building roads to almost everywhere.
Re: (Score:2)
Just not true.
80% of the US population lives in urban or suburban environments.
The US has a roughly equivalent size and population to the EU.
This excuse has run out of steam.
Re: (Score:2)
Yes, there are certified secure hardware tokens available. They are optional, though.
There's also a centralized mechanism for key revocation.
Re: (Score:2, Insightful)
So you have some governments that issue high-quality reliable certificates.
And some corrupt ones which can be bought for peanuts.
So someone has to choose which root certificates to trust.
Someone, probably being the browser makers.
So what would it solve?
That is a technical problem (Score:2)
You'd have the browser show which country issued the certificate. Use a flag, use something. Firefox already does this by using a tooltip.
Plus, unlike private companies, we all have a sense of which countries certificates we may or may not trust. A user would get suspicious if "bofa.com" was using a certificate issued by Nigeria or "tesco.com" had a certificate that wasn't issued in the UK. What the fuck is the difference between a certificate issued by Thwarte vs. Verisign? Beats me!
Re: (Score:2)
Perhaps if the browser stored every certificate the first time it was seen, then flagged the user when it was changed (combined with relying on certificate chains and the like) we wouldn't be having so many issues with MiTM.
Re: (Score:2)
No and yes. I think both of you are making great points.
The flags are a great idea because they give the users who care a meaningful tool to assess the trustworthyness of the site at hand.
Knowing the country of origin is much more meaningful than an anonymous padlock.
Saving the cert fingerprint and raising an alarm on change is not even a great idea by any means - it is just obvious, absolute baseline stuff.
The Mozilla guys are seriously humiliating themselves by fucking up the SSL handling even more instea
Re: (Score:2)
So we need some way to rate CA quality...
Also, we can consider using money to fix this problem. For example, we can make all CAs put a big sum of money into an escrow account to be given to the first person who shows that CA doesn't perform 'due diligence' while issuing certificates.
Re:Let governments handle SSL (Score:4, Interesting)
It is becoming increasingly clear that SSL certificates issued by private industry cannot be trusted... Who then should issue certificates? The only entity that doesn't have to make money--your governments.
The problem with your idea is, even though you're correct that private industry cannot be trusted in this matter, the government cannot be trusted in this matter either.
These are technical flaws, not policy flaws - mistakes are happening due to software errors, NOT because some executive decided that allowing anyone to have a certificate without verification would be a great idea. I may trust the government's intentions, but experience suggests that they won't develop a system like this in-house, but contract it out to the lowest bidder, who is likely to have far less experience with this sort of thing than the current players.
For starters, we could make SSL certificates fall under the same kinds of laws that govern passports or drivers licenses. If you forge one, or enter fake information, you could be charged under the same laws that faking a drivers license fall under.
Pretty much all current spam is illegal under the CAN-SPAM act, so spammers could be charged under that law. They're not. I have no confidence that fake SSL certs would be prosecuted.
You might be wrong (Score:2)
Do governments crack down on people who fake their passports? If so, what is their motivation for doing so? How would their motivation for cracking down on SSL forgeries be any different?
Re: (Score:2)
How would their motivation for cracking down on SSL forgeries be any different?
You can't transport someone into a country with a fake SSL cert.
Re: (Score:2)
The ramifications of using a fake SSL cert vs forging a fake passport are vastly different. I thought that would be obvious, but I forgot this is Slashdot.
Re: (Score:2)
Who then should issue certificates? The only entity that doesn't have to make money--your governments.
Specifically, I would opt for Notary Public, maybe as a specially trained office, but the function is nearly identical.
Re: (Score:2)
Lastly, trusting the government not to cock this up relies on all countries doing the same thing and it relies on governments sorting their acts out and stop fucking things up as virtually every government seems to do.
A Better "Web of Trust" (Score:2)
This is how a web of trust should work. People trust certain sites to issue certificates. As certain sites gain trust, more people want to get certificates from them, etc. I might trust my friend Bob, but there is no reason you should. If a bank or e-commerce site wants t
Re: (Score:2)
What about simply creating a better web of trust?
Congratulations!
You Sir have just re-invented CaCert [cacert.org]. CaCert is a certification authority which operates by a web-of-trust model: users certify each other after seeing id, and only users having gathered a minimum amount of assurance points can get a certificate.
Unfortunately, CaCert is not trusted by the browsers (such as Mozilla or Konqueror), who seem to be more hung up about expensive audits and pompous root key signing ceremonies.
Other CA's, such as Comodo/CertStar [mozilla.org] or RapidSSL/GeoTrust [win.tue.nl] don't seem to
Re:Let governments handle SSL (Score:5, Insightful)
The **last** thing I want is for my government to be the entity that issues the requisite public/private key pairs to the private institutions and companies with whom I do business. My business is **my** business - and not the government's business - until a **legitimate** search warrant or indictment says otherwise. And even then, it's still **my** business [wikipedia.org].
As the article posting indicates, SSL is built around a Chain of Trust. People buy SSL certificates from the likes of VeriSign, Thawte, Equifax, etc., because they are well-known and (ostensibly) trustworthy organizations.
I, for one, do not entirely trust my government. I don't trust VeriSign and crew all that much, either, but their reputations are a strong motivation for them to do their jobs reasonably well, and provide products that perform as advertised. To do otherwise would damage their reputations, resulting in lost customers and weaker profit margins.
Most governments, on the other hand, don't care much about their reputations, and have little regard for profit margins (just look at the US Government's annual budget deficit). They therefore have no compunction against using excuses such as "national security" and "protect the children" to provide (at best) or mandate (at worst) inferior solutions to technological problems.
Admittedly, some companies - like AT&T [wikipedia.org], for instance - are so large and well-entrenched that they sometimes bow to the mandates of government, and little heed the damage done to their reputations because of it.
But most companies are not that large, and can ill afford to lose face in the marketplace. Reputation is their bread-and-butter, so they do what's in their own best interests, which may even coincide with their customers' best interests.
Re: (Score:2)
Clipper etc. was a scheme where a back door was explicitly built in. A system where the government signs your PUBLIC key without ever seeing your private key wouldn't permit such abuses.
That is part of the solution. In addition, the web of trust needs to be more configurable in any case. I may trust a particular key's validity. I might or might not trust keys signed by it. Further, I might trust that much but not trust keys signed by a particular key to sign other keys (I know the key belongs to the person
Re:Let governments handle SSL (Score:4, Informative)
without ever seeing your private key
Why would they need your private key? As long as they can sign any key as being valid for being 'you' they can make their own signed public/private key pair purporting to be you and MITM any communications to you. To get around that you'd still need out-of-band exchanges of the keys in which case the government signing serves no purpose.
In addition, the web of trust needs to be more configurable in any case.
Without a doubt.
Re: (Score:2)
Why would they need your private key? As long as they can sign any key as being valid for being 'you' they can make their own signed public/private key pair purporting to be you and MITM any communications to you. To get around that you'd still need out-of-band exchanges of the keys in which case the government signing serves no purpose.
They would only need my private key if they wanted to implement the 'key escrow'/clipper sort of snooping. My only point was that just having the government sign your public key doesn't enable that.
I do agree that there are cases where a government might impersonate someone itself. That's where the configurable web of trust comes in. You might even want to add the concept of scenario and assign different levels of trust based on the scenario. For example, if I'm browsing the website of a Chinese business I
Re: (Score:2)
That's not really what signed certs are for though.
You don't really use your signed cert to encrypt your data(for data encryption you don't need a signed cert, and additional information is used within the SSL procedure to generate temporary keys. I can get a copy of the signed cert for your bank, but that doesn't mean I can read the transaction you're making. You don't even have to have a signed certificate to have secure transmission of data.
Signed certs are about validating "who" someone is, they are pre
Re: (Score:2)
The Clipper fiasco was a failed attempt by US government to build a deliberate back door into a specialized crypto algorithm. It was doomed for many reasons, not least because governments such as mine pointed out that it would not be in our national interest to import products which used the Clipper chip. Realizing that
Re: (Score:2)
Do you know who I'd trust with this kinda thing? Certain groups of people in the NSA*, NASA, and Education Instututions. If anyone knows how to make something bulletproof, if anyone knows how to do category-5 (CMM) software development, it'd be people from the first two agencies, and people from the latter are both smart and already incented to do things for the good of mankind. And it shouldn't be US centric, of course, everyone in the world should sign on and provide some money and people (I'm a Canuck
Re: (Score:2)
You forget, many of the companies are limited or just plain monopolies. They don't have to care about reputation as they always know they're going to get paid.
One could argue that the telephone carrier industry as a whole falls into this category. AT&T may no longer be a monopoly vis-a-vis "Ma Bell". However, one could make a case that "Alltel + AT&T + Sprint + T-Mobile + Verizon" add up to a "collective" monopoly, or (more properly) a hegemony.
The government has some advantages as an issuer, it's huge, not going away soon, and bureaucracy helps keep the corruption away and eventually can be held accountable for what corruption there is as it's all public.
Gotta disagree on this one. Cases in point: Watergate [wikipedia.org], Iran-Contra [wikipedia.org], NSA/AT&T Room 641A [wikipedia.org] (not to overuse the example), Coingate [wikipedia.org], Danngate [wikipedia.org], Rodgate [wikipedia.org]... That's just a small list of US Federal and State scandals
Re: (Score:2)
Yes, that is how it works TODAY. However, it would only take one bill passed by congress (think Patriot Act) to have the government just issue both keys. Don't worry - they'll only use the copy they keep for "important reasons."
Which Government? (Score:2, Insightful)
You have placed your trust in the government. However which one?
Most governments would with the best of intentions try to do the right thing. However some would not. Some would down right look at this as a cash cow. It would be ripe for the picking of corruption and miss use. With next to no legal recourse.
So who governs the government?
I would contend that this belongs in the hands of grander body. The UN or blocks of countries, the EU, NAFTA, African Union, G8,9,10,11(What ever it is now). etc. At le
Re: (Score:2)
Ideally, more than one the UN+ a local country competing would be better than either on their own.
My answer is (Score:2)
These are valid questions, no doubt. Who oversees passports? I'd look real closely at how those get handled and steal the bits that work for them. There is a lot of overlap between the two.
Once governments handle SSL, this becomes politics on an international level just like trade. If those damn Canadians don't stop with the crappy certificates, we Americans will just stop buying their maple syrup. Or something like that.
That said, ultimately "legal recourse" always disti
Re: (Score:2)
The more stringent their policy, the more applicants they reject, and the less money they make. It is simple math, they have to make it as easy to get an SSL certificate as possible or go under. (The bond rating industry suffers from a different, but somewhat similar conflict of interest, actually)
It's never that simple, clearly, because there is another factor called "trust". If you let in too many false positives, you lose the trust hierarchy and are pushed out of business by the other (more stringent) competitors. Who will put the government out of business when their sloppiness leads to disasters(as it uniformly has when dealing with security)? We trust the government locally because federal/state docs are produced with other federal/state documentation - we have 'faith' in the authentication mec
Re: (Score:2)
>> We know that if we see a driver's license or a passport, we can be reasonably certain the person holding said identification is who they claim.
>> but seems to me we already have a long history of internationally recognized identification--both for business and personal use.
Apparently no. That's the reason the travel to USA is now a PITA with all that added biometric registrations.
And for developing countries, the passports never were enough: because immigration laws, most require visa applica
But you are trading one nightmare for another (Score:2)
My nightmare is a bunch of companies with massive conflicts of interest issuing bullshit certificates. Nobody but nerds understand SSL and Mom and really even myself cannot tell what makes a good certificate "good".
I also think government SSL would actually increase innovation in other, more productive industries. Government issued SSL certificates would most likely mean everybody gets ones. That means things like S/MIME become widespread and SPAM gets harder. That means code signing becomes widespread
Re: (Score:2)
Governments never agreed in a single worldwide way to generate trivial sequential numbers (for example, SSN are useless outside USA) and I find a bit impractical (from a political POV) that they can agree on a single scheme for something a lot more complex (and potentially dangerous) like SSL certs.
And in that hypothetical scenario, be ready for USA banning Cuba CA's (and all current enemies); same the other way against USA; and also more bans against several categories of immigrants (as currently happens w
Re: (Score:3, Interesting)
Their business makes money by issuing certificates to paying customers, not rejecting customers for bad information. The more stringent their policy, the more applicants they reject, and the less money they make. It is simple math.....
Who then should issue certificates? The only entity that doesn't have to make money--your governments.
Sir. I am not sure where you live but here in America we have seen countless changes made by various government agencies just so they can grab more tax money for there already inflated budgets.
Allow me to weave a tale for my fellow readers. My very first job was in a paper and printing supply warehouse. Things were great. I worked there for about 6 months before I got a rather strange call. It was a customer of ours who placed regular orders for pens and toner and the like. She said she was going to be plac
Re: (Score:2)
Your overall point is rather silly, but this in particular stuck out:
Worse, the private industry has a conflict of interest. Their business makes money by issuing certificates to paying customers, not rejecting customers for bad information. The more stringent their policy, the more applicants they reject, and the less money they make. It is simple math, they have to make it as easy to get an SSL certificate as possible or go under. (The bond rating industry suffers from a different, but somewhat similar co
Re: (Score:2)
Let me clarify my last statement:
You make it, there is no guarantee that someone won't end up breaking it, or find some flaw or way around the system.
Re: (Score:2)
You are totally wrong giving the problem to governments does nothing to address the trust issue. Is a cert from Libia as good as one from the UK? How could the average person know other then by using applying the same international prejudices we use today for other things? How is that any different then trusting Godaddy more or less then Verisign?
The problem is a certain popular web browser shipping with windows and the most popular open source browser for following the behavior of the former ilk. They
Re: (Score:2)
Re: (Score:2)
"The only entity that doesn't have to make money--your governments." It's also the entity that suffers the least for its mistakes.
Re: (Score:2)
The result:
And yet (Score:2)
You dont seem to worry that Verisign or Goddady has access?
Paradigm Shift? (Score:3, Funny)
demontrate control of the domain in question (Score:3, Insightful)
Why don't they use the method Google uses to verify control of a domain (and hence ownership)?
The CA should require a unique file (containing a serial number) to be posted to a specific location on the website. Failing that you should be able to receive mail to an arbitrary email address at the domain.
CAs who don't employ a technical measure (such as above) to verify domain ownership *prior* to issuing a cert would be taken out of the list of trusted CAs.
Re: (Score:2)
I believe StartCom and probably the other free providers do something like this. StartCom is in Firefox by default, by the way.
Re: (Score:2)
A brute force attack upon a server which gives you the ability to receive email through it or place files on it does not mean you have legal "control" over the domain.
OK, it tends to indicate it but it is not any real assurance.
Re: (Score:3, Insightful)
Kaminsky's DNS attack -- and the BGP hack, for that matter -- demonstrate pretty clearly why being able to masquerade as a particular host to the CA is not sufficient to prove you are actually the proper owner of that domain.
Re: (Score:2)
The domain has to be registered to someone, and the path to companies who hold the "someone" information can be made trusted. You don't have to issue a whois query and hope that the information hasn't been tainted.
For the issuing of SSL certificates, which essentially protect against network-level hacks, being susceptible to network-level hacks is a pretty big deal.
We need multiple tiers (Score:4, Insightful)
Need a two tiered system.
The world is so fucked up right now as far as censorship and snooping. We need encryption, everywhere, right now.
Tier 1:
"httpe" that acts similar to SSH - big warning on key changes. Known key can be included in html links even from untrusted sites (such as from a google search results page) for a cautionary warning with no loss of security. No prompt for a new site. Prompt if it changes. Prompt if a link gives a 'known' key different from the given one.
Very easy to gradually deploy.
Tier 2:
Well-known certs for the root nameservers. Stick self-signed cert in DNS records. Sign DNS responses. Imposes a chain of trust type requirement on lesser nameservers.
Tier 3:
The fancier certs being passed around these days which are supposedly hyper deluxe verified. Actual monetary cost involved here. Determine a magic solution to make at least a few of the CAs trustworthy.
Re: (Score:2)
It was vaporware anyways (Score:5, Insightful)
The "industry" provided no value - it merely allowed you to pretend you were somehow secure, above and beyond the actual SSL part. Smoke and mirrors. If this "industry" dies, it will be a market correction, nothing more.
Bruce is wrong (Score:5, Insightful)
"SSL protects data in transit but the problem isn't eavesdropping on the transmission. Someone can steal the credit card on some server somewhere. The real risk is data in storage. SSL protects against the wrong problem," [Schneier] said.
I respect Bruce, but I think if you say something true enough times, you lose sight of the fact that in this case it may not actually be a valid point. While credit card theft is a major problem, Phishers frequently target bank account login credentials--- which are not stored all over the place. In this case, SSL is one of the primary protections keeping you from all kind of hell (losing your credit card is a pain in the butt, but usually it's insured... losing your banking credentials can be a huge disaster). Now imagine that instead of a few rubes being conned by Phishing emails, you had millions of relatively savvy customers at a large ISP diverted to a fake Bank of America site (perhaps with help from insiders at the ISP). The losses could be substantial.
Again, Bruce is right about one problem but not necessarily about every problem (and I can't help but notice that he works for a storage company...)
Re: (Score:2)
Well, no, they're not stored every place. Usually, they're stored on the user's web browser or in some other similar system. As I recall from the paper on The Internet Auditing Project, their SSH security was broken because someone had the password on their Windows box and the Windows box was broken into. Also bear in mind that there were many stories in 2008 of servers being cracked, leading to the loss of hundreds of thousands, occasionally millions, of credit card numbers. So whilst I agree with you that
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Actually, it's mostly popular to get bank credentials directly from the user's machine via malware. Jacking SSL isn't as successful.
Re: (Score:2)
> Jacking SSL isn't as successful.
Yet.
Re: (Score:2)
Jacking SSL wasn't sucessful exactly because it was strong, so there was no known vector to attack it. Since malware couldn't attack SSL, they refrained to less efficient tatics, like relying on the ignorance of the user.
Now, that SSL is broken, it is almost certain that they will start to use the more efficient attacks, that directly target SSL.
Re: (Score:2)
SSL isn't really broken. There's one attack against it. It was already known that the attack was possible, the only question was the difficulty. As it stands, reproducing their work is fairly difficult. There's also a quite effective mitigation -- don't accept certificates where any elements of the certificate chain other than pre-trusted root certs use only MD5 as their hash algorithm.
Taking a harder line on certs. (Score:5, Interesting)
There are really three tiers of SSL certs being sold:
Current browsers don't distinguish between #1 and #2. They should. "Domain control only validated" certs are enough to secure some social networking site or blog, but not good enough to send someone a credit card number. If they're taking your money, the cert should contain enough info to allow you to find and sue them.
Our SiteTruth [sitetruth.com] system distinguishes between #1 and #2, because we're looking for business identity. It's a useful way to filter out the "bottom feeders".
The problems with bogus SSL cert issuance seem to be, so far, confined to the "Domain control only validated" certs. This is an additional good reason to distinguish between them and the better tiers.
Re: (Score:3, Interesting)
Personally, I lost faith in the CAs and the certs they sign early on. I was at a sort of b2b expo (The dot-com boom was just barely beginning but nobody knew it).
I met a representative from a CA that I won't identify, but I'm sure you've heard of them. He came prepared to give 'why you need a cert and https' sales pitch to various sorts of people from CEO to sales to CTO to techie.
He wasn't (apparently) prepared to discuss trust and authentication in any depth. When he told me (paraphrased) that they "KNOW
Re: (Score:2)
When he told me (paraphrased) that they "KNOW the entity they give a cert to isn't committing fraud because they have to sign a LEGAL DOCUMENT that says they aren't!"
A marketroid spouting nonsense about technical matters. What else is new?
Of course, you and I know that a CA is supposed to verify identity of the party that they're issuing a certificate to, not its trustworthiness (unless they're issuing a sub-CA certificate, but that's a different matter). Much misunderstanding does indeed come from this misconception of a CA's role.
Of course, https is screwed up anyway because of the way it munges security and authenticity together. Ideally, browser and server should immediately do a key exchange, then once the connection is encrypted, perform optional authentication after the browser sends the host field. The lock icon should indicate encryption and authentication separately.
Ok, now you seem to fall prey to the same misconception. Without being sure about the identity of the party your communicating with, there
Re: (Score:2)
Actually, I am well aware of the issues w/ MITM attacks. However, IF ssl established encryption, then virtual host, then authenticity (to varying degrees of confidence as configured by the user's trust settings), https wouldn't require a seperate IP per virtual host anymore. If I'm talking w/ my bank, I'll surely require authentication as well as encryption.
There are cases (such as a private lan to an internal server) where authentication (particularly CLIENT authentication) w/o encryption may be reasonable
Re: (Score:2)
However, IF ssl established encryption, then virtual host, then authenticity (to varying degrees of confidence as configured by the user's trust settings), https wouldn't require a seperate IP per virtual host anymore.
It doesn't. There are several approaches to the problem:
. Most clients (browsers) today support it out
Re: (Score:2)
The problem is that there is no reason why the vast majority of http communications should be unencrypted as they are today. If you make the SSL verification standards even more stringent, then the cost of obtaining a certificate will raise to a point where SSL will only be used for the most critical functions. Stuff like gmail would be in the clear - which isn't appropriate.
If anything we need to make SSL certs EASIER to obtain, but better distinguish in their use. Even self-signed certs should be usabl
Re: (Score:2)
"The problem is that there is no reason why the vast majority of HTTP communications should be unencrypted as they are today."
The problem is that HTTPS is not cache-friendly. Is there really a reason why every single one of my 8 computers should download its own copy of a 100MB operating system update? (I live in the mountains and have lousy Internet access.)
This is not SSL's fault. But unfortunately, SSL and HTTP are not well-integrated. There is no way to tell what encrypted data is public and what isn't
Re:Sorry to go off-topic (Score:5, Informative)
quis custodiet ipsos custodes
Latin for "who will watch the watchers".
Re:Sorry to go off-topic (Score:4, Funny)
quis custodiet ipsos custodes
Latin for "who will watch the watchers".
So did you know that phrase before it was used on Star Trek: TNG?
Re: (Score:2)
I sort of tuned out TNG after a while. I didn't realize it was used in there. Also, I don't know if they used the Latin or just a rough translation in Enemy of the State.
One year of high school Latin did it for me.
ILLEGITIMI NON CARBORUNDUM!
bailout?, Not what I was thinking, but ... (Score:2)
I was thinking more along the lines of jail time. Scams that take money under false pretenses often do result in jail time.
But, then I thought about the recipients of the current bailouts, and bailouts do seem to be an alternative to jail time.
You could be right.