Verisign Buyout of Thawte Consulting Challenged

andyr writes "Independent Online has a report that Entrust Technologies is challenging Verisign's buyout of Thawte consulting. Verisign is the world's largest SSL Certificate issuer, with 60% of the market, with Thawte the second-largest, with about 40%. Combined, they own 99% of the market. "

Entrust's Perspective

[irix]

Some interesting info on the relationship between Entrust and Thawte, and how this affects Entrust:

http://www.entrust.com/investor/12_21_ 99.htm

huge scam

[bobalu]

These guys are a huge scam. It's a ton of money for sending you a computed string. What they're supposed to do for server certs is actually check you out enough to know you are who you say you are. When I got my first server certificate I had to send all manner of info; tax stuff, corp. papers, etc. When I went to renew they asked me to send it all again! I said "Wait a minute, you know you I am and should have that already." She said "well no we don't." To which I said "Well, if you don't know who I am then by continuing to authorize the cert for the last year you were representing to the public that you Ok'd somebody you know nothing about, and your service is worthless at best and possibly fraudulent."

And guess what? I didn't need to send all that info after all, as long as I paid the $725.

What a great business!

Re:this seems unacceptable

[gorilla]

One problem is that Verisign & Thwate have a major advantage over any competitor in that the browsers contain CA records, while a competitor would not. This is the principle reason that Verisign has a bigger marketshare than Thwate, because VS's CA was in Navigator & MSIE earlier than Thwate's were.

Thawte's demise is depressing

[konstant]

Having worked on crypto for some time, I've come to greatly admire Thawte for their careful identity authentication practices, which made a strong contrast with Verisign.

Verisign certainly is large, and their root key is probably in more trusted stores than Verisign's, but not by much. Both, for example, are in the IE4/5 trusted store that comes with shipping windows. IE3 too, I believe. And Thawte will issue keypairs for no charge. Or at least, they used to.

Verisign has made a practice of issueing "temporary" certificates containing arbitrary unverified data. True, the user cert is marked as temporary, and the key expires after I believe 40 days, but the marking is buried and 40 days is ample time to perpetrate a fraud on an unwary user. As a game, the members of my test team would send messages to each other "signed" by famous figures like Ghandi and President Clinton. Since the from header is trivial to forge, these mails looked like the real deal to a cursory inspection. You would have to have a medium-level understanding of crypto even to guess they might be fakes.

Thawte has never allowed this sort of thing to go on. When I applied for my one and only Thawte keypair I had to submit a great deal of information about myself, all of which they verified over the course of a day. I understand Verisign's desire to promote their product, and certainly it must work because of their prominence, but playing fast and loose with authentication is a surefire way to get the whole crypto industry discredited in the eyes of the public.

-konstant
Yes! We are all individuals! I'm not!

Why it's a bad thing

[Ledge+Kindred]

A lot of comments are asking "Why is this such a bad thing? If Verisign/Thawte just get too big and snooty, other competing companies will spring up and the market will regulate itself." Except that it doesn't work this way.

What Thawte and Versign do isn't exactly related to the encryption part of SSL, it's related to the X.509 certificates of sites that implement SSL. A site can do SSL without a certificate signed by Thawte or Versign, but if the Certifying Authority that signed the certificate doesn't have its own signature in the lists of CAs maintained by the browsers (Netscape and MSIE include a list of CAs on the local machine when they get installed; I'm not sure how other browsers handle it.) then the browser will pop up some manner of error message when the site is contacted to the effect of "This site's certificate is signed by someone we don't know, do you want to continue?" It doesn't affect the server's ability to do SSL traffic - it can still do that - it only affects the browser's ability to verify that the certificate assigned to the site is who it says it is. (i.e. if you go to a site called www.mcdonalds.com to buy burgers over the 'net, you can look at the certificate to verify whether or not this is really the place that has the golden arches out front by the information in their certificate.)

The problem here is that probably 95% of the people doing e-Commerce on the net today are going to balk at a purchase if ANY sort of message box that looks like an error box pops up. It doesn't matter if you explain to them that the message only means that the browser doesn't recognize the authority that signed the certificate and that traffic is still encrypted when you communicate with the server, like my mom, they're just going to see an error message and freak out and not want to to business there. (In addition, I've personally had problems with MSIE properly passing information from forms when connecting to a secure site before we get the valid certificate installed. With the "Push here to connect to our secure server" button, ID information we might want to pass across to the secure server seems to get vaporized or something in the process of the user clicking the "Ok, connect anyway" dialog.)

So why can't some new, faster, better CA pop up and just start doing business? Because they're signature isn't in the tens of millions of copies of Netscape and MSIE that are already active on the internet. Why can't they just get their signature into the new version? They can, I suppose, although after looking into it from a developer's perspective, I've not been able to find out how one would go about doing this other than I suppose contacting Netscape/AOL or Microsoft directly and passing along various salespersons until you found the person who could tell you how you could pay to have your CA's signature put into the next version. It still doesn't help the millions of people who haven't upgraded yet and will still get that error message.

Further, even if you could manage to get your signature into the new versions of the browsers, there's still the issue of what a CA is supposed to do. The CA exists to verify that the server is run by who it says it is. That means when you go to www.mcdonalds.com to buy burgers and check the certificate and it says "McDonald's, Inc." the CA had better have done its job and verified that the server is indeed being run by the golden arches people. If not, and the customer gets a load of rancid meat, I don't know what kind of liability comes into play, but in the U.S. anyway, someone's probably going to try to sue someone. It's hard to run the kind of services you need to be able to do this sort of thing reliably out of your living room, which means that the cost of entry is rather high. (This is completely ignoring the fact that most CA's I've dealt with lately just seem to accept any old thing you feel like faxing them with whatever letterhead you can throw together. As long as I have a Microsoft Word Form Letter Wizard that can put the McDonald's logo on my letterhead, I could probably get a certificate signed by one of the big CA's stating that I'm McDonald's, Inc.)

So, the problem with this merger is that if you combine Thawte and Verisign, they not only have 99% of the market, but also they, or subsidiaries of those two companies, are most of the CA signatures included with the current version of your web browser. The monopoly is not only in the market share, but also in the fact that the browsers themselves limit the number and which companies are "allowed" entry into the business without generating error messages on the client machines.

One solution would be to seperate out the encryption from the trust capabilities; i.e. don't make having a valid X.509 certificate on your site a prerequisite for doing encryption. Or at least program the browser differently so the error message just warns about an unsigned certificate but specifically states that encryption is still capable, you just can't verify that the site is run by who it says it is. Again, this still doesn't fix the problem of the millions of people using current or old versions of the browsers out there right now.

I obviously feel very strongly about this issue.

-=-=-=-=-

Re:Why it's a bad thing

[Ledge+Kindred]

"This is the danger of anti-trust law and the seemingly logical arguments that support those laws. I don't mean to say that you're wrong, because these issues are notoriously slippery, I mean to say that it is by no means this simple."

I absolutely agree. I'm not even sure that I would say that a Verisign/Thawte merger *should* be considered a "monopoly", only that it would certainly, for *many* reasons, be "bad" for the industry.

In fact, as I sort of skirted around in the previous comment, I don't even think the best solution to the problems that would certainly arise from a merger between these companies would be to disapprove the merger but to revamp the way secure communications happen over HTTP. As someone else pointed out in another comment somewhere, IPSec is something that might make the merger a moot point anyway, but I think the deployment timeframe for IPSec will prevent it from being a "total" solution for some years.

"Your argument is that there is a significant barrier to entry into the market and that competitors cannot easily begin to compete because of this barrier."

Not entirely, just that several barriers exist, two of which (the list of CAs that come with the browsers today and the relative cost and/or difficulty of becoming a company that people will trust to verify the identies of sites on the 'net) aren't even really related to a server's ability to do encryption. If it were just a matter of writing some new software, you've gotta admit the entry to the market would be a lot easier since all you'd need were some good programmers as opposed to trying to make some sort of "Relationship" between yourself and the browser makers and also the ability to accurately do identity verification.

The biggest problem, as I see it, is that the way SSL happens, you HAVE to have a CA before your server can effectively do SSL, even though the signing of your certificate has nothing directly to do with the fact that your SSL server can do encrypted HTTP traffic.

The fact that SSL server act the way they do causes lots of problems with a situation like this because you can't really "blame" Verisign or Thawte for making SSL happen the way it does - so is it their problem that you need to get a CA to sign your certificate before your browser will stop complaining about an invalid certificate? Does that mean you shouldn't let them merge? Isn't it Netscape's "fault" for designing SSL the way it is that you have to have a signed certificate to do SSL? Is the the browser's manufaturer's faults for not making the error messages more descriptive that a certificate signed by someone not in the built-in list of CAs has no bearing on the security of the connection?

Every time I have to deal with setting up a new SSL server, it just reaffirms my conviction that the whole SSL thing just needs to be redesigned to avoid these issues to begin with. Have one part of the spec handle encrypted communications and another part entirely deal with the certificate/identity part of the issue. (I'm sure the reason it's done the way it's done is because Netscape believed that by now there would be so much encrypted commerce over the internet by now, between companies and individuals, that the X.509 certificate on the parts of both parties would be an invisible part of the situation to the point that you would simply go to a website and click "buy this" and the server would initiate some sort of secure connection to get *your* X.509 identity and handle all the commerce stuff invisibly, instead of the more-or-less invasive method of going to the secure server and filling out a bunch of HTML forms with your personal information that we're actually doing.)

And besides, it would make me feel better if we didn't need the CAs to do SSL because I get so irked that they like to claim that they're a necessary part of doing secure communications over the Web, when that's such a misleading statement. And Verisign's the worst because they don't even do the part of the job they're supposed to do (identity verification) very well and still want to gouge you for hundreds of dollars to do it.

-=-=-=-=-