Slashdot Mirror

Certificate Authorities issue "Relying Party Agreements", which specify their obligations to users relying on their certificates. Some of these specify financial penalties payable to end users.Over the years, as with EULAs, these have been made so favorable to the CAs as to make them meaningless. (See, for example, Verisign's relying party agreement. Or, worse, the one from Starfield, GoDaddy's CA.)

Now it's time to push back.

The Mozilla Foundation should issue a tough standard for CA Relying Party Agreements to get a root cert into Mozilla. One that makes CA's financially responsible for false certs they issue, with a minimum liability limit of at least $100,000. The CA must be required to post a bond. A third party consumer-oriented organization like BEUC (in the EU) or Consumer's Union (in the US), not the CA, must decide claims.

The technology behind SSL is fine. The problem is allowing CA's that aren't doing due diligence on their customers to have root certificates in major browsers. Mozilla all by itself has enough power to tighten up standards in this area. All it takes is the will.

This is directly from the website:

1. Why have you stopped offering thawte Personal Email Certificates?

Over the past several years, security compliance requirements have become more restrictive, while the technology infrastructure necessary to meet these requirements has expanded greatly. Despite our strong desire to continue providing the Thawte Personal E-mail Certificate and Web of Trust services, the ever-expanding standards and technology requirements will outpace our ability to maintain these services at the high level of quality we require. As a result, Thawte Personal E-Mail Certificates and the Web of Trust will be discontinued on November 16, 2009 and will no longer be available after that date.

That's the second source that's telling me the Free e-mail certs/WOT program is coming to an end..

However, looking at http://www.thawte.com/ doesn't reveal anything as such..

But I can't say I'm *that* surprised..

--Ivan

SMIME could be the answer. With free personal email certificates available from places like Thawte, it's trivial to enable end-to-end encryption with mail clients like Apple Mail.

I use Google Apps for my business and anything that's sensitive, I will encrypt. In Apple Mail, once you have imported your freemail certificates into your keychain, a couple of buttons appear in the Compose Mail window - one to sign and one - provided you have the recepient's public certificate in your keychain too - to encrypt. In order to get someone's public certificate in your keychain, all you need to to is send them a signed email, to which they can reply with a signed email and you will have each other's public certificates.

Since moving to Google Apps, I've saved power (by not needing a machine on 24/7 just to handle incoming and outgoing email) I've got email syncronised between my laptop, my desktop and my iPhone by using IMAP, I've got a great webmail interface that's powerful and easy to use and I don't need to worry about administering my own email server.

Reliability has been very good so far and I've moved a couple of my clients over to Google Apps as it makes sense for them to outsource their email hosting rather than handle it themselves, or pay per email address through their ISP and have very limited storage space and POP access.

Security is the least of my concerns - and I would consider myself a security conscious person. With email, even sent from your own server, it travels over so many insecure links from it leaving my server to arriving at it's destination that I don't believe outsourcing my email to a 3rd party like Google is any less secure.

As I mentioned initially, if security is a concern, and this applies even if you're running your own email server, use encryption.

That's because there's very little actual use of SPF. I can do with it X.509 certs (Thawte do free e-mail certs at https://www.thawte.com/secure-email/personal-email-certificates/index.html - highly recommended), or GPG, as well, but the problem is getting uptake high enough for it to work.

Also, wildcard certificates + wildcard DNS.

Thawte does this; look about halfway down the page

I must say that in general I have been unsatisfied with thawte. They gave me a hard time about re-issuing my cert after the debian-ssl debacle and in general their tech support people don't know anything beyond what is already on their site.

Seriously, I pay over a hundred clams a year just to so that I can have ssl communication without the "OMFG THIS SITE IS GONNA HAXOR YOU" dialog box pop up in user's browsers, and they pull all kinds of monkey business.

But since verisign owns them, I wouldn't hold my breath for them to be shut down. My guess is the other CAs do this, too.

The problem is that so few people are set up to read encrypted email, that it isn't useful in day to day work.

Wrong. Anyone who uses Microsoft Outlook or Mozilla Thunderbird is more than set up to read encrypted email. Personally I use Claws Mail, but using something that's not made by an über-corp certainly isn't a step people need to take.

If you want to give up your personal information, you can go to Thawte and start sending signed emails right away, which will enable anyone with Outlook or Thunderbird to begin encrypting emails to you. Some people may find cacert an option, but all-in-all if I needed to ask my friends to install a CA, I figured I'd just roll my own.

You might find these commands handy if you were so-inclined to set up your own personal CA for friends and family to whom you can give the CA in person (and to whom you're probably communicating personal information you want to keep private):

Generate a self-signed CA:
openssl req -x509 -newkey rsa:2048 -days 3650 -keyout ca.key -out ca.crt

Generate a key:
openssl genrsa -out client.key 2048

Generate a CSR:
openssl req -new -key client.key -out client.csr

Generate a certificate from the CSR with the CA:
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
-days 3650 -out client.crt

Generate a PKCS12 key from the key and certificate:
openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt \
-name "client" -out client.p12

While it's too bad that PGP didn't catch on at all (no money in it for big CAs I guess), it's not correct to say that most people are not set up to read encrypted email. Your point about unencrypted email being a postcard is absolutely correct, though. It's a shame, however, that people think that encryption is difficult. It's not difficult; it's just that ISPs don't install a personal key and turn on encryption for you when they set up your hardware.

(Personally, I wouldn't want to use a 3rd-party issued key anyway.)

True that, though I don't think that I've ever done business with a CA that didn't allow for screwing up a key/cert at least once (though you might have to beg real hard), and I've used several.

Thawte claims to be the only one to have free reissues for the lifetime of the certificate: http://www.thawte.com/reissue/

Of course, Comodo says it has unlimited reissues as well... http://www.instantssl.com/ssl-certificate-products/ssl.html

At my company, we use three different providers depending on the need.

Client Facing
We use Verisign for anything a client will interact with since we can use the Verisign Secured Seal on any web content on our site. Our studies have shown a percentage of our users actually know of the Versign secured logo and helps to assure them of the security.

Non-client Facing
We use Thawte certificates since these are much cheaper than Verisign, and are fully compatible with most browsers/mobile devices.

QA/Dev Servers
We use GoDaddy for internal/external tests and projects. They are cheap and quick, which makes them useful in a non production environment.

If you only have 50 purchases a year, it means you probably know each person, right? As long as you know the process well enough you just walk them through it.

Adding you as a certificate authority doesn't scale, obviously. But I'll assert that if you get to a level where walking people through adding you is a hassle, you should be doing enough business that getting a code cert isn't a big deal. $250 per year isn't that big of a deal. It is just another cost of doing business. If you are doing 50 customers a year, that adds $5 per unit. How much are each of the units sold for?

I heard about this a few days ago, when I was in the process of trying to figure out the easiest way to encrypt my mail using Apple's Mail.app on Leopard. Most everyone writing online recommended using S/MIME instead of GPG, and getting a no-cost certificate from the South African company Thawte to use for signing as well as encrypting email.

The question I could not answer is how trustworthy is this Thawte-issued "certificate"? One blogger claimed that the key was actually generated in my own browser, and then only the public key transmitted to Thawte to store, thereby theoretically keeping my private key private. But this is certainly not how it appeared. I submitted a "request" for a certificate and then 5 minutes later it was emailed to me from Thawte as an attachment, which was picked up by Keychain and that was that. As far as I could tell, they generated my key for me.

Is encrypting my email this way vulnerable to the same flaws as the Hushmail service? I really don't trust Thawte to keep whatever information they might have about me away from the Feds, if they ever came knocking. Hell, I don't even know if Thawte IS the Feds! If this certificate-issuing system is indeed flawed, can anyone recommend a better process to use strong encryption with Leopard's Mail?

You can already do this, even without paying the two dollars. You can ask the Verisign/Thawte "Web of trust" to sign your public key just like you are suggesting. This will usually be free so long as you can prove your identity with some real-world photo-id. After that one-time registration you could then send unlimited mail which most people would auto-whitelist, assuming some education first about keys etc.

http://www.thawte.com/wot

The problem with this approach is that if you live in a repressive regime and you are critical of the government... do you really want to supply continuous and automatic 100% proof that an e-mail originates from you? Some people have a strong belief in e-mail anonymity.

I trust Thwaite a whole lot more than I trust an Anonymous Coward on Slashdot.

what if you really, really wanted to know you have a real person on the other end of the wire. How would verify that?

Unincorporated partnerships, associations, sole proprietorships and individuals are currently not eligible for Extended Validation Certificates; however, this limitation will be addressed in the next major revision of the standard.

I believe thawte offers a viable and professional alternative to PGP. If you're in the NYC area, please visit my site dedicated to notarizing thawte personal certificates. It's easier than you think, and transparent for most users.

If Firefox (Mozilla) is not keeping up with technology fast, where is the OS X support? E.g. will there be a Safari update to support that thing? Why not? There, Apple.com, traditional business with "security department", will they ship it?

If Verisign loses the "compatibility", there won't be any Verisign in matter of couple of years. Remember I said it.

SSL'es power comes from Compatibility. When you implement a SSL site with Verisign, you know your clients,even the ones using Opera on their Symbian PDA's will have no problem accessing it,with same security standard.

Oh, what about Symbian support Verisign? They don't keep up with technology too I guess :) I am nearly sure that it will be implemented on Windows CE next.

I remember first days when Outlook Express came with S/MIME support. When you wanted it, a IE page opened with huge Verisign icon asking for $$$ for a full feature certificate. It took years for some to figure there is Thawte.com which gives them for FREE.

Speaking about Thawte, look at that:
http://www.thawte.com/ssl-digital-certificates/hig h-assurance/index.html

"To this end, and through our involvement with the CA Browser Forum, we are working with the American Bar Association Information Security Committee, browser manufacturers such as Mozilla, KDE, Microsoft and Opera as well as leading CAs to define industry standard online identity assurance processes that will serve to reassure all our customers of our dedication to building a trusted digital future that instills confidence and trust in all internet users."

So, there is a open technology which will be supported by ALL browsers (Read KDE as Apple). You know what to install from who.

4. Why is High Assurance/Extended Validation SSL being implemented?

Answer:

Improved online identity assurance, and improved browser representation of online identities, will empower users to better protect themselves against malicious and suspicious activity, which has gradually been eroding user confidence in digital security, including online shopping and banking. thawte's commitment to establishing and implementing High Assurance/Extended Validation SSL standards, and to being one of the first to offer compliant product lines, underscores our commitment to enabling a secure digital environment for all.

6. What is the difference between High Assurance/Extended Validation/Enhanced Validation SSL certificates and existing SSL certificates?

Answer:

The online identity assurance process is intended to be more comprehensive and standardized across the entire industry. Whereas currently online identity assurance processes vary from CA to CA, the new standards/processes under discussion by the CA Browser Forum, will have to be adhered to by all CAs if they wish to offer High Assurance/Extended Validation SSL certificates. This will encourage greater confidence in CAs as well as the processes that are used to vet and issue digital certificates. thawte's commitment to establishing and implementing High Assurance/Extended Validation SSL standards, and to being one of the first to offer compliant product lines, underscores our commitment to enabling a secure digital environment for all.

You said, "The real insight of this story is the listing of the products into "credence goods". If you can call this new insight. Otherwise, it's just stating the well known/obvious." And I agree, but we also need an infrastructure where encryption is a given and is transparent to all users. For example, I believe https works, but I don't really need to do anything special. This of course largely depends on an infrastructure where certain certificates are trusted. Now for email, s/mime works, but to many it looks scary and requires users to think.

BTW, thawte offers free s/mine email certificates.

I'm sure I've seen plenty of legit sites using a .cgi scheme where for some reason there's .exe in the URL. Will these be flagged as malware?

Random example: https://www.thawte.com/cgi/server/status.exe

Bollocks.

The problem with email at the moment is that forging From: fields is trivial, anyone who knows the first thing about SMTP can do it in 5 seconds and this means that an email can appear to come from any source the actual sender wants. I can send an email to anyone and make it appear as if it's from any bank in the world.

With a signed email, if the sender(bank) email address in the From: field doesn't match the certificate then you know it's not from the real sender(bank). It's perfectly possible and indeed simple for the client to automatically check that a signed email is from who it says it's from. That's the whole point of digital signatures. It could then display a nice happy face for valid emails and an unhappy one for invalid or neutral for unsigned ones.

And certificates should be easy to obtain. Everyone should have one. Go get one now, they're free! It isn't whether you have a certificate or not that matters it's that you are who you say you are that matters and that's what certificate authorities do for you. It's then up to users check that the From address shows user@barclays.co.uk rather than user@barlcays.co.uk but at least they'll now be able to check.

You can get free certificates which can be installed in your s/mime compliant email client.

http://www.thawte.com/secure-email/personal-email- certificates/
http://www.cacert.org/
http://www.instantssl.com/ssl-certificate-products /free-email-certificate.html

More info here.
http://en.wikipedia.org/wiki/S/MIME

The problem with S/MIME is that you need to buy a certificate which costs $$$. ...I want to see PGP/GPG support in email programs.

You can get personal certificates free from Thawte. Also, PGP add-ons are widely available, eg for Mozilla/Thunderbird, Enigmail hits the spot.

Just becuase your drivers are not signed now, does not mean that Silicon Image, NVidia and ATI will not start signing their drivers. Of course they will. 500 bones is nothing as far as normal shop goes. They don't do it now, becuase they don't have to.

For the private driver developer - http://www.thawte.com/ssl-digital-certificates/cod e-signing/index.html will provide us with $199 certs. A price, but not one that is rediculously high.

Not to mention that Thawte was based in South Africa long before Verisign bought them out. (archive.org from 6 years ago)

I haven't RTFA because it's slashdotted, but I sure hope that the free alternative would provide the same kind of check, else it won't be any more secure.

Are people really so childish to believe that there is no relationship between big software manufacturers, and the big profit-producing cert authorities? Try to use even a mid-tier (I am not even getting to the free ones) authority, like Thawte, and let me know if you will ever get the Jinitiator client in Oracle 9i working, without manually redistibuting a new cert file to all clients ... what you end up doing is paying Verisign a few more thousands, for all the servers, to avoid paying the admins tens of thousands, to customize clients, distributions and updates ...

Verisign acquired Thawte back in 1999-2000.

Thawte, a leading provider of SSL Certificates provides a page on the explanation of cryptography with everything from its history to how its done.

First Read:
http://xns.org/i-names-explained.html
http://xns.org/xri-and-xdi-explained.html
http://www.xdi.org/

The premise is that you pay for a pseudo-permanent identity in cyberspace.

What else have you got? If you don't have your own domain somewhere, that can often times be taken down by your ISP "just because", what else do you have? Your email address. That's pseudo-permanant, right. Is it 50 years permanant? Maybe.

So you tell everyone your email address for a pseudo-permanant identity - great! .... wait. You've got spam! What if you have to change it?

Will that email address cost you more than $25 over 50 years? 9 times out of 10 people will spend significantly more than that to maintain an email address with any kind of permanancy. And they'll get spammed all the while because the identifier is directly tied to the delivery method. You can't tell someone who you are without giving them a direct line.

XNS is a global public database that people can go to if they want to find you, just like DNS resolves mabu.com into the IP address your server is at. Not a global public database that contains all the juicy bits, just who's got the goods. Can you imagine being tied to the same IP address for the life of your domain name???? We all want to be able to move but nobody wants the trouble of keeping every single contact you've ever had informed of your new location.

This system makes it like this: If you want to find me ask my broker. He'll get in touch with me and make sure I still want to talk with you, then either I'll tell him "sure - let him know where I'm at." OR "Thanks for trying to get in touch with me. I'll call you."

You can give your broker a whitelist. All these people (your brother, parents, some old school friends) - tell them whatever they want to know. An offwhite list (you can keep a list of individuals, any from *@alumni.school.edu, how "connected" they are or based on reputation) - feel free to give these people my email but I don't want them knowing where I live. A blacklist tells your broker never to give out any information to (=these, =people, =and.weird, =relatives, =and.old, =girlfirends) And on and on.

The global part points anybody in the world to the place where the goods are at, just like how the root DNS servers point to the "authoritative" DNS box you run on your own net. You can change things there and when people come looking you feed them whatever you want - YOU STAY IN CONTROL.

The whole broker thing... You choose a broker you can trust. Right now there is only one, 2idi.com. Not to say you couldn't start up your own. Granted you'd have to get people to trust you if you didn't want your service to fall flat on it's face, but you could do it. Maybe run one for your family or business. Thawte could do it. CACert could do it. Your bank could be your broker. Whoever you trust to handle your personal information, THEY would be your broker.

Sending $25 and your credit card and your email address to 2idi.com is not a requirement to use XNS. At this point they're the only game in town so if you want a particular =i.name, it's pretty much a race. They stick for 50 years.

More (from 2idi.com)...
Basic Terms of Use for your I-Name

* Once registered, you can use your community personal i-name as long as you adhere to this agreement and any applicable laws.
* You can keep your i-name for as long as your community maintains a relationship with an i-broker. You can also add other community or global i-names to your account that can act as synonyms for your community i-name.
* The community i-name registry is public. It does NOT contain any of y

You do not have to pay. Use Thawte WOT

After hearing this story on the radio this morning, I was thinking that this system would work well if it had a web-of-trust component, similar to that for Thawte or other digital signature authorities. To me, it's a given that this thing is going to be hacked, and exposing it to as much daylight and as many human users as possible is what would make sure the system was trustworthy....

Check this out. Free personal e-mail certificates!

I am affraid I am a Mac user, so I will take a gmail invite instead of DNF. The stick is optional.

If *everyone* would just get valid, signed certificates to authenticate themselves as a given entity with a given email address, then *everyone* could turn on a switch in their mail client that says "reject all mail that isn't signed with a cert which matches the sender's address and that's signed by an authority I trust".
that wouldn't be free & decentralised anymore.
if you want to have the ability to receive messages from total strangers, you have the ability to receive totally useless messages(spam) from them as well.

• GeoTrust. No warranty. Certificate worthless. Reject.
• Entrust Disclaims all warranties. Certificate worthless. Reject.
• Pttrust This one is very funny. There are some notes at the bottom about links that need to be fixed up. But generally follows Verisign's approach, with warranties. Probably OK.
• DigiSign. Certificate quality varies. Some are validated, some aren't. Probably best to reject.
• Thawte Certificate quality varies. Only High Assurance certificates should be accepted.

There are already identity verification processes available on the web, and it doesn't require government involvement. Check out the Thawte Web of Trust. To receive a "trusted" certificate, you have to appear in person before at least two WoT notaries to have your claimed identity verified against real documents.

It's not perfect, but it's as trustworthy as what you describe.

How is this different from the Web of Trust free cert service that Thawte provides? Same notarization scheme.

Slow down, cowboy. Thawte has been offering free personal certificates for at least 5 years already, along with a "Web of Trust" that allows for distributed certification of identity, exactly as this group is doing.

Admittedly, these are not usable as server certs (I think), but don't be so quick to slam things you wot not of.

Verisign acquired Thawte in late 1999. Though they acknowledge the fact on their corporate website, they don't exactly make it obvious they no longer compete with Verisign.

Go S/MIME, and its even easier!

S/MIME (admitively slightly different versions of) is supported by Outlook and Mozilla. In both cases you:
a) Go to web site. (I use Thawte, as its free, most cost quite a bit)
b) Fill in details, wait for keys to be created (and auto insterted into either MSIEs (& thus Outlooks) or Mozillas Key Chain tool).
c) Click the "Encrypt" button thats now in your toolbar.

Just browse over to Thawte for a free S/MIME cert (your choice of Outlook or Mozilla), install it, and start sending encrypted e-mail. (Yeah, S/MIME has Closed Source Cooties. Tough. It works.)

There are three reasons that more people don't encrypt their mail:

1. Some mailers won't handle S/MIME, and behave badly when they come across it (refusing to let you read a signed message, for example).

2. People's e-mail rituals don't include signing/encrypting mail. They don't do it because they don't do it.

3. Security mavens tend to run in full Paranoid Nazi mode. They tend to insist on solutions that are only needed if you insist on full anybody- to- anybody communication with a guarantee of no man in the middle. They also seem to think that "security" is synonymous with "how many times can we make the user type in his password?"

Because of #2 above (the real killer) nothing will be done until businesses start insisting on using secure mail. If I remember correctly, Microsoft Exchange has the capability to enforce this, as well as generating certs. No excuse for not using it.

I run my own webservers, with mail service etc.
1 good thing was to make sure every user has a defined email address, or alias to their username. That means I can send a good 85% of mail straight to /dev/null as most spam is sent to madeupname@domain.com

The rest of the spam is due to people leaving their addresses in plain site (on web pages etc) and not having virus free computers.

I also run MailScanner to remove viruses, before the user can get to them, but I don't use spam assassin, because thats not my problem. The users are, to a large extent, to blame for the amount of spam going through the server, (see above) and I don't see why I should deprive them of their ill-gotten gains !
My spam count in my inbox is virtually zero, the few I do get are forwarded from other servers, but are trivial to delete.
If only people would use personal certificates to identify themselves, then spam filtering would be so much easier.

http://www.thawte.com/email/

There is a GREAT client which makes encryption/signing very easy: Apple Mail! I am using a personnal certificate from Thawte (which is free, multiplatforms, easy to create if you find a good step-by-step guide with Google). Once you get your certificate, you insert it in Apple Keychain (which is the system wide program to manage your passwords and supports locking). You can then sign emails and encrypt for those people whom you have the public key. Try it ;).

Thawte doesn't agree with you.
Web of Trust for personal email certs

Certificates are free as well.
http://www.thawte.com/html/COMMUNITY/personal/inde x.html
You can also sign your own, but then they aren't trusted of course.

And for this 'postage' solution to work, the money comes in the form of digital signatures anyway, so your argument about very serious system being needed applies there as well. Spammers are unlikely to start signing spams because
a) their cert would be revoked
b) signing takes a decent amount of processing time, which for 25 million emails would pose a decent delay.
The biggest problem digital signatures face is webmail, but if MS and Yahoo started signing their users mail that would take care of the two biggest and the rest would probably follow. Since MS is a Root CA this wouldn't be that difficult for them todo.

Thawte is also a wholy-owned subsidary of Verisign. So if you buy from Thawte you're buying form Verisign.

Uh, Thawte is owned by Verisign, smart guy...

But they are a lot cheaper for some reason... Go figure...

Thawte - cheaper than Verisign, much easier to work with them, and will work fine in any 4.0+ browser.

This system still needs somekind of authentication system for its users. Obviously, it has to know what mails are coming from you and only you in order to charge you appropriately (and prevent people from costing you money by faking mails from your account). Hence it either needs more infrastructure on top of the current system, or you somehow have to digitally sign your mails. But if we're already signing our mails, what's the point of this system? Filter out the guys you don't want, keep the ones you do, without the added cost, and more inportantly without getting the government involved... Once they know they can tax email, well, $0.01 will be a cheap email.

BTW, you can get free email certificates for digitally signing / encrypting email. For example...

https://www.thawte.com/html/COMMUNITY/personal/ind ex.html

-AC