Slashdot Mirror
Self-Regulating SSL Certificate Authority?
bcg asks: "It has come that time again to renew some of my SSL certificates and part with substantial amounts of cash. This has got me thinking - why should we pay large amounts of cash for authorized certs when so little is done by the companies issuing them? Sure they get you to send them a copy of a business certificate but how does this prove the character of those running the SSL server? What ideas can we come up with for a self-regulating certification authority? Could we set something up along the lines of the many free DNS servers around but use it to authenticate SSL certs?"
We last touched on this subject in October, when someone was searching for cheap
SSL certs. We've also discussed why certs are so expensive. Why not take it one step further and discuss ways of making and authenticating our own certs for free...or as close to free as possible?
A certificate lets the client know that the server belongs to an organisation and that that organisation was verified by somebody else.
In a network like the Internet there's no God in a security sense - so we choose to trust people who Verisign trust (and issue certificates to).
It's a pain in the ass to get the certs issued because you have to get you organisations legal certificates and get authorisation from a senior staff member - but thats a Good Thing because they make sure that you are who you say you are (and are authorised to get a certificate on behalf of your organsation, yadda yadda).
If you have a private network, or have an existing relationship with the end users, who cares? Go to wwww.openssl.org download the toolkit and play around with the certs! You'll get a secure channel and not have to pay loads to establish something you already know.
Julian.
one reason is that Java (maybe dotnet too) requires it to be from an authority Sun trusts OR in a keystore file (pain in the neck to work with) for its https code to work.
That's why I need trusted SSL, anyway...
Just create your own CA certificate and then write an html page for Netscape and another one for IE so that it loads your CA certificate into the browser's certificate database.
Then use your CA certificate to issue as many certificates as you like. As long as the DN matches the hostname or IP of your HTTPS server, your users' browser will play along happily.
http://sourceforge.net/projects/xca/ http://sourceforge.net/projects/php-ca/ http://sourceforge.net/projects/stealthisca/ http://sourceforge.net/projects/mkcert/ Alas - most of these are in alpha....
It's Christmas everyday with BitTorrent.
Comodo issues relatively inexpensive certs that are accepted by most consumer, and even most non-consumer browsers.
FreeSSL also offers inexpensive (though it doesn't quite seem to be free) certs.
They seem to work with Lynx, Mozilla-based browsers, IE... Well. Look at the compatibility list. =]
If you want to be compatible with EVERYONE, you'll have to spend a bit more, but these are good for the majority of e-commerce sites, and intranets/basic sites.
-Sara
congratulations, you got modded up without really knowing what the hell you were talking about.
if the urge arises you can self-sign an ssl certificate and you can setup your browser to accept it. you can even have the issuer/authority fields pointing to myclosecircleoffriendsca.com and if your browser is setup to accept that myclosecircleoffriendsca.com is a valid certificate issuer, then your friends can issue tickets to people they trust and your browser will "magically" accept those certs.
so rather than assume that there's some fundamental flaw in the system (there is, but this isn't it) you should inform yourself. i mean this kind of stuff was solved over a decage ago, right?
I can appreciate that companies might find value in the corporate levels certs which bestow a certain degree of authenticity but certainly not email certs.
Someone such as gnu.org, or another free software group such mozilla.org should set up a free server that dishes these things out on demand - sign up, wait for the confirmation email, click on the unique link and get your cert. It's certainly no less secure than what the likes of Verisign would sell you and it would dramatically increase the use of encrypted and signed email. This would be a good thing by any measure.
This would not work... :(((
Imagine a bad guy is your own network admin
and you are in corporate LAN...
He can spoof foo.com, so the configuration will be.
You "-" [Bad Guy sniffer]translates "-" foo.com
(posing as IP and foo.com for you)
||
\/
logs of your connections
No security at all
You can get free ones from cacert.org.
I use them to SSL enable my website at glasgownet.com and any other stuff I need certs for.
Well worth it.
> If I hunt down foo.com on the web, I'm not really worried that their IP has been spoofed, I just don't want my transaction to be sniffed.
k .com/
A spoofed IP can also be used as a man-in-the-middle attack. You can't protect against one without protecting against the other.
The real issue is that currently to get a certificate you have to be able to prove not only that the domain in question belongs to you, but that you have to prove your own identity. The latter process is what adds the cost, and is essentially unnecessary for most sites - okay, so it's a good idea for a bank site to be able to prove it is the same entity as the high-street bank with the same, but it's hardly an issue for briansbuffyforums.org.
In an ideal world you should get a free certificate in the name of "Owner of mydomain.com" with every domain you register, and only have to pay the extra for formal identity checks if that's actually relevant to your business.
--
Andrew Clover
mailto:and@doxdesk.com
http://www.doxdes
I have heard this so many times, and it represents a big misunderstanding.
SSL (the idea, not just the certificate) provides assurance of the identity of whom you are doing business with (among other things). If you want to buy something from www.amazon.com, SSL verifies that it is really www.amazon.com that you are dealing with and not someone else.
If www.evilcriminal.com buys an SSL certificate, and you do business with www.evilcriminal.com, why is it the fault of SSL that you chose poorly? This is similar to expecting PGP to verify who your friends are. It is not fault of SSL, nor is it a valid reason as to why SSL certificates should be free, if you choose to do business with an untrustworthy company.
Now, to truly have an open CA (there is a group trying - http://www.openca.org/) for signing SSL certificates would require a few things:
1. The CA would need to enforce the same level of identity verification that professional CAs do.
2. The CA would need to convince major browsers that it is credible enough to have its root certificate trusted by default. This usually requires an extensive (and very expensive) Certification and Accreditation (C&A) process to make sure the CA is up to par. The ones I have been involved with usually require an amazing amount of documentation demonstrating superb security, expert personnel, and reliable systems.
3. The CA would need funding for the resources (both human and otherwise) required to maintain it.
However, it still seems like an open CA like this would be possible. First, a highly-respected group of people from the community would need to head it up. They would need to be just as diligent and professional as the existing CAs. Then, though I doubt they would have the funding to undergo a C&A (much less pass one), perhaps Mozilla could add their root certificate to its trusted certificate store. Everyone else (users of IE, etc.) could manually trust this root certificate. Instructions could be provided on the CA's Web site for doing this.
Sure, many people would still receive warnings, but there are a lot of us who would be willing to do business with a site that is protected with an SSL certificate issued by this open CA. Some sites (www.thinkgeek.com) have an open source savvy target audience, so these types of sites would benefit the most.
DNSSEC is vaporware. AFAIK It was never finished, much less deployed by Verisign or anyone else. Quoting Vixie:
... ...
"We are still doing basic research on what kind of data model will work for dns security. After three or four times of saying "NOW we've got it, THIS TIME for sure" there's finally some humility in the picture... "wonder if THIS'll work?"
It's impossible to know how many more flag days we'll have before it's safe to burn ROMs that marshall and unmarshall the DNSSEC related RR's, or follow chains trying to validate signatures. It sure isn't plain old SIG+KEY, and it sure isn't DS as currently specified. When will it be? We don't know. What has to happen before we will know? We don't know that either.
2535 is already dead and buried. There is no installed base. We're starting from scratch"
this seems like it's got some interesting technology behind it - definitely has a rigorous security model at its core.
FreeSSL offers free certificates. They confirm by email and an automated phone call. You'll be certified in 10 minutes or less. I found them after reading this article and looking around a bit. Absolutely no problem getting it working. Wish I had know about this sooner.
Yes, they also have non-free certs, but for the life of me I can't figure out the difference. My only question is how they make any money offering free certs and making automated long distance confirmation calls.
Gotta say, it's pretty cool when you press # on your telephone and the web page updates to show you've been confirmed.
Now if only I could figure out a way to get SSL working better with name-based virtual hosting.
- Some browsers do not allow you to click 'yes' at all. Think older IE browsers which simply gave you the "something is wrong" page. It may be a completely valid cert in Mozilla, but with this browser you can't view the page no matter how much you want to.
- If you do get the ssl warning and the option to say "yes", how do you know you're not the victim of a man-in-the-middle attack?
Unless you actually control both endpoints (say you are setting up SSL using Stunnel on machines you run) then self-signed certs are not perfectly secure. Or, if you do verify everything as you should, you have introduced a huge hassle in performing secure SSL.For example the latest version of Blazer for my palm has no such feature, so I'm screwed.
In order to click "yes" you should verify that the SHA1 and MD5 fingerprints are correct. Do you carry a copy of these around in your wallet so you can use that web page when you're on the road? I didn't think so.
I only wish I had one.
I use so many SSL certs that I became a reseller for InstantSSL. It basically costs $200 and you get the ability to generate all the certificates you want without first providing business licenses. It also costs about $8 less, too. There's also zero turn around time...I get the completed cert immediately. It's *extremely* convenient but it kind of defeats the concept of a trusted source.
how does this prove the character of those running the SSL server?
I think you're thinking about SSL in slightly the wrong way. It's intended to guarantee that
1) The person you're talking to and who is talking to is precisely who they say they are
and
2) Nobody else is listening in to or interfering with the communication without the consent of either you or the other party.
Besides, it's widely known that proving oneself virtuous is an NP-complete problem, and therefore beyond the scope of SSL.
25% Funny, 25% Insightful, 25% Informative, 25% Troll
Why doesn't anyone question why almost all the browsers don't pull down and integrate the rejection list? Mozilla by default does not have an CRL's installed. Why not? Without the rejection lists, the certificates showing identity is USELESS! Right now I'm sure that my browser would still authenticate the fake MS cert simply because no one updates the CRLs. Until the CRLs are updated automaticly, we might as well not use SSL. Without CRLs every session is vunerable to the man in the middle attack.
Ahh, the fun of security.
freessl.com provides free ssl certificates. I use one on my site and you don't get the error saying its from an untrusted source. Pretty cool.
Indeed the US Postal Service CA was an actual project. The primary argument against was that it would drive competing private companies out of business (and thus, It Must Be Destroyed). There were also questions of how many people would be actually purchase their own personalized certificate as to make it, if not profitable, not lose too much money.
It did suffer a little from Underwear Gnomes Syndrome. Great idea, but no way to really make money from it without pissing people off.
You have been totally cheated. You actually don't need any of this. If you just get each user to load a Certificate Authority Public Certificate to there browser you could produce as many certificates a you wished, i.e you could change sites, issue user certificates, revoke old certificates. This is actually fairly easy. You have to give everyone the Certificate Authority Public Certificate and they need to import it into the browser.
In Mozilla
Edit->Preferences->Privacy & Security->Certificates->Manage Certificates->Authorities->Import
In Internet Explorer
Tools->Internet Options->Content->Certificates->Certifica te Authoritys->Import
I did this about 6 years ago for an intranet project I was working on. Look at
http://www.pseudonym.org/ssl/ssl_ca.html
This gives the details of doing it with openSSL
> If you just want to keep packet sniffing from being effective, self sign it.
This may work, if you routinely work with the same peers. It does not work, if you routinely communicate with unknown peers. For example, if my mail server had a self-signed cert, and another mail server sends me mail without ever before having done so, how can it know that the contacted server (supposedly mine) is really my server and no man-in-the-middle attack is taking place? DNS is *not* failure-proof.
Encryption doesn't make sense, if you can't be sure that you're talking to the right person.
Oh, BTW: That's also one (the?) big weakness of SSL: The US government probably controls VeriSign, meaning they can get technically valid, but faked certs, and maybe able to run man-in-the-middle attacks. This is way harder with the web of trust of GPG. (But you can have SSL-style CAs for PGP, as Thawte demonstrated.)
> GPG/PGP keys are always self-signed
And should be signed by others who verified your identity. Look up "web of trust".
I have a Thawte cert. They are free but don't include your real name, more like this:
You can get your name into your cert if you can find a Thawte "Web of Trust" Notary. You present your ID's, maybe pay a small fee, and you get notarized and can have your name in your cert.
The freebie certs work well enough for encrypted email anyways, the only annoying thing is that MSIE won't recognize Mozilla style certs, still, I have an Outlook cert for work and enables me to clearsign a message which gives it a distinctive looking red prize ribbon icon that nobody else has figured out how to get (going on two years now :-)
Note that these are only for email. You cannot use one of these certs for your SSL encrypted Apache server, for instance. I am not currently aware of a do-it-yourself SSL cert, but I'm sure such a thing exists. Unfortunately it will give a security alert as being from an untrusted source.
Clickety Click
Well you can always make your own certs, then make a .reg file (Windows Guys) that puts you as a trusted root and distrubute that to your customers.
Another little tidbit:
Even so we trust Verisign as a root CA. But Verisign themselves do not even keep up with their own certs.
What do I mean. Go on do netsol.com (networksolutions a verisign company). In your browser settings shut of the old "untrustworthy" SSL 2.0 and leave on only SSL 3.0 and TLS 1.0.
Now click on account manger and guess what you can not connect. Now turn 2.0 back on.... now you can connect.
I think it is wonderful that you have to go back to the old SSL 2.0 to make a payment transaction on Verisign/NetworkSolutions.
Dave
My first thought as to what you are buying is that Verisign has dealt with microsoft and netscape to make sure their root certificate is in the browser so you don't have to worry about users getting a popup.
What I would like to see (and never will because of profit) is for me to buy a SSL cert, have Verisign or whoever REALLY verify I am who I say I am. Then from my cert be able to generate as many as I need, and so on.
That way, say school.edu could buy a cert, then generate certs for www.school.edu, pop3s.school.edu, otherwww.school.edu, or even generate one for department.school.edu who could then generate one for www.department.school.edu
After all, aren't they supposed to be about a chain of verification up to the root cert?
If all you want is encryption then you *can* create your own certificates. Both IE and NS will accept them, though they may display a popup asking the user whether he will accept the certificate.
You can also set up your own CA provided that you can persuade the users of your certs to install your CA certificate as trusted.
I have recently had to get SSL certs for a couple of sites that i am admin to and decided to go with http://www.securessl.co.uk I did a check of the certs and they were just as accepted as the expensive Thawte/Verisign and the verification process is damn near identical. So more secure and excepted than FreeSSL/Entrust/Geotrust ETC. I know that this company is a reseller of InstantSSL but the staff were more efficent and friendlier with suppoer issues and the cost was the same so went for them. $49 for a year now that is a more realistic price for certs that are trusted and have a warranty which none of the other players offer.