Slashdot Mirror
Self-Regulating SSL Certificate Authority?
bcg asks: "It has come that time again to renew some of my SSL certificates and part with substantial amounts of cash. This has got me thinking - why should we pay large amounts of cash for authorized certs when so little is done by the companies issuing them? Sure they get you to send them a copy of a business certificate but how does this prove the character of those running the SSL server? What ideas can we come up with for a self-regulating certification authority? Could we set something up along the lines of the many free DNS servers around but use it to authenticate SSL certs?"
We last touched on this subject in October, when someone was searching for cheap
SSL certs. We've also discussed why certs are so expensive. Why not take it one step further and discuss ways of making and authenticating our own certs for free...or as close to free as possible?
It is a pain to go through these guys, especially when you can technically create your own. If there were one big central free place that monitored stuff it would work. But I guess it would have to be trusted like Verisign and the like presently are.
Just self-sign a certificate. Truly, if it's not signed by some big name registrar, most internet users (IE of course) will get messages notifying them that it's not a "trusted" certificate anyways.
the reason that we're shelling out big time bucks for these SSL certificates is because the certificates come from a "trusted" source which in turn means that the people using the certificates (i.e. customers, etc.) feel more comfortable accepting said certificate. I personally would feel more comfortable making purchases online if I knew the SSL certificate was from a verified source and not just some certificate that some Joe Schmoe created.
"Facts are meaningless. You could use facts to prove anything that's even remotely true!" -- Homer Simpson
Hell, even Microsoft says that on their windows update site for the active X download it throws onto your computer during your first visit!
Someone should do a study on this, sounds like a great high school science fair project! I can see the display in the gym now, pasted on the cardboard display case "Are people idiots?" and have nice pie charts and tabular data from your research. It beats boiling something in a test tube to see how long it takes at different temperatures or testing the growth rates of different molds...
My standard rant about why I use my own certs:
Digital certificates are available, for a fee, from a commercial certificate authority (aka CA) such as Verisign. For about $15 a year Verisign will claim to know who you are though you provide no proof other than the grand American Dollar. If your credit card clears, then Verisign says email from you is from you. Why is this worth $15? If I send a signed email to someone and they verify that signature based on the cert I send them, then the only reason to trust that the cert is based on the trusting the signing CA. Verisign says that if I have a credit card with a name on it, then I am the person with that name. Unfortunately due to identy fraud, this is often not the case. In our family we have been victims both of simple credit card fraud (where are card number was stolen and the card duplicated) and full on identity fraud where our social security number was used to open credit accounts by people other than us. So merely the possession of a credit card number does not imply identity. By trusting Verisign you are trusting the US credit industry, which is corrupt and insecure.
Assume that you do trust that credit cards are valid identifications. Why would you trust the CA who took that as ID? How do you know who the CA is? CA's are identified by certificates just as users are. How did you get a certificate for the CA? Usually it is because Microsoft and Netscape include a set of certificates from trusted CA's in their products. If the cert comes from one of those CA's then Microsoft and Netscape say it's valid. Therefore you must trust that Microsoft and Netscape included authentic certs, and you assume that those certs have not been compromised since you installed the software. Maybe you think I'm paranoid. Really I just object to paying money for something I can do better myself.
I have created the Greenbaum.Org Certificate Authority to create digital certificates which are free and trusted. If you get an email from me, signed by a certificate issued by me, verified by the CA certificate you download from this site, then the email was from me. If you get an email from me, signed by a Verisign certificate, then it could have come from the gangsters who stole my credit card to buy Nikes and chinese food.
I see several difficulties with a free SSL-CA (as I see with free DNS/TLDs/whatever):
:-)
It's a great idea, but... who will use them? To be more specific: Verisigns capital is that it's root-certificate is in every browser on this planet. I don't want to know how much cash they had to throw at M$ to get their cert. into IE, but I doubt that a free CA can come up with that amount. Sure, we can probably get the certs into mozilla etc. and joe-schmoe IE-user can add the root-cert to his known certificates, but question is: what impression will your trustworthy buissiness give him, if he gets lots of warnings when on accessing your gimme-your-visa page. 'It's the value of trust(tm)'
just my two cents...
You could perhaps add the idea of a threshold -- once a cert is signed by enough well-trusted individuals, the cert becomes "good enough" to go public.
Of course, there might be an issue of startup time -- a requestor of a new cert wouldn't get one until it has had time to make the rounds and get signed by many trusted individuals.
There is also a bit of a seeding problem. How do you establish a large enough trusted community in the beginning, so that sufficient signings can be made on new certs.
Also, I would guess that one of the things that current commercial cert corporations provide is a source of culpability, should something go wrong with the cert they issued. With a public signing group, you might not have this same level of responsibiliy. This could be good or bad, depending on your perspective.
The only reason the big companies charge so much (their claim, not mine) is the insurance they provide, and the fact that they are "trusted" by the various vendors.
Any new group wanting to be a trusted CA will face the liability issue -- if one of your customers sues you, even if you try to disclaim all liability up front, you will still face massive court fees. Even if you won in court, you would lose financially if not insured.
There is no technical or logistical problem with setting up a Free (and free) common-geek's CA, the problems are entirely legal ones. I know because I looked into it right after SSL came out. It looks like a good business plan, right up until someone takes you to court.
frob.
//TODO: Think of witty sig statement
Why not have a self-regulating authority? Well, let me submit a request to sign my certificate saying I'm Amazon.com, hijack the domain and steal credit cards. The point of CA's is to do some background checking to verify you are who you say you are. Debatable, agreed, but is you're average script kiddie, cracker, etc. gonna shell out bucks to get a fake cert? Probably not. Not to mention once money is involved, there is an audit trail of some sort.
As for whether the prices are gouged a bit, I won't argue with you there. Seems that it shouldn't cost as much as it does, but at the same time I'd think most companies rack it up as a cost of doing business (just like rent, equipment leases, etc)
-- A computer without COBOL and Fortran is like a piece of chocolate cake without ketchup and mustard
What I'm suprised to see is that no one has created an "Open Source Certificate Authority." Sign keys for a nominal fee ($5, 50% donated to FSF, EFF or something), and get this key published in OpenSSL and Mozilla (IE might be harder to do). The idea is simple, but would you be willing to bother?
Most of us just want the encryption features of SSL; most of us don't want it for authentication.
If you are a bank or something, then by all means authenticate your identity. If you just want to keep packet sniffing from being effective, self sign it.
GPG/PGP keys are always self-signed, yet no one complains about authentication of identity. Maybe we should all carry a compact flash card of our SSL keys!
You can't judge a book by the way it wears its hair.
The best way I can think of to do this is setup an infrastructure similar in principle to Google's PageRank. So, anyone can be granted a certificate, but the strength of that cert is based upon an index of reputation. Which to me personally, is somewhat more meaningful than any given company(TM) buying a certificate. What method you'd use to create such an index would require more investigation, with considerations for security and spoofing prevention.
At it's base though, I like the concept. And would like to hear some ideas on what we could use as "karma" *cough*... Realistically though, (and this is where I need help from those more familiar with SSL certificates than I...) is there a facility in the signing process which allows for extra certificate information at the time of request? To my memory, I think there is. For instance:
With the infrastructure already there, methinks the implementation is somewhat trivial. Can anyone help me refine the method?
Remember: umount it before you fsck it.
Any discussion of certificate authority isn't complete without a review of Schneier's view on security certificates.
http://www.counterpane.com/crypto-gram-9904.html
He goes into further detail in "Secrets and Lies," but the essential message is the same, need for a top-level authority basically debunks the notion.
This is evident in the legal mumbo-jumbo of the cert authorities and e-commerce in general. No one is selling non-repudiation with a certificate. The only way to achieve a truly legally-binding non-repudable(sp?) connection is to escrow it to a third-party. All the third party does is run the risks and shoulder the liability in case of a fraud. Thought this was straight crack the first time I looked at it, but my boss explained it very well, "encryption keys and trust chains have been broken."
Guess it would be nice to have a cheaper solution for matching certs to names, but I guess for me that is to self-sign the damn thing and tell my users to deal with it.
Have a ranking system that would base trust off the number of certificates, the age of the certificates and complaints from users.
So basically a centralized authority that gives out free or cheap (as in as cheap as domains) certificates.
You sign up with them as a reseller. All of your customers buy certs from you.
I'm thinking of this in terms of being a hosting provider as I am.
So I sign up with this centralized authority and purchase certificates for my customers.
Browsers could have a blacklist check on certs. So you try to hit one of my sites, it validates against your list of blacklisted sites that you updated last month and either:
A. Shows up with a good rating.
B. Doesn't show up because it's too new.
The user could then set a threshhold of trust and if the cert passed that threshhold it wouldn't warn them.
This idea isn't very thought out, just an idea I threw together. Run with it.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
"The Web of Trust is a unique, community-driven certification system based on face-to-face ID validation on a peer-to-peer basis. It's a "bottom-up" CA, compared to traditional "top-down" CA systems. You can be notarised, and then you in turn can act as a notary and certify the identity of your friends"
The trust model of X509 Cerifitates is fundamentally flawed, in that it does not mimic the trust model applied in "the real world", but an authoritarian one.
:)
In the real world, you trust someone if enough "peers" that you trust trust that someone, and probably a bit less
Hey wait, that's PGP's model!
SLOGEN [ http://ungdomshus.nu : Sebastian cover music]
Wasn't it Verisign's CA who gave out a cert to some guy claiming he was from microsoft giving him access to microsoft's vpn?
I'm not sure how you define trusted sources but I for one wouldn't rely on verisign to validate anything.
Some enterprising domain registar should start handing out free certs with domain registrations. It would be a good way to boost their domain registration business. If you trust the registar enough to handle your domain you should be able to trust them to handle your certificate too.
All the registar has to do is bribe MS into including their root CA in the next daily IE patch.
The short and the long of it is - there is no reason to have a free cert organization. They aren't going to be added to the major browsers by default because they can't really certify identities without some form of energy expended, which requires money. Therefore there is little reason to go with an 'organization' or follow the current top-down approach since each site is going to have to be clicked-through by the user anyway, or directed to add that org's top-level cert to their browser manually. How many top level certs can current browsers handle efficiently?
This is essentially the same problem as host name resolution, and more currently spam. Rather than rely on a few large organizations to provide credentials, there should be in place a 'web of trust'. I trust certian individuals and companies. These individuals, companies, and I have PGP keys. These people I trust are on my first level of trust. If you trust me, the people I trust are on your second level of trust, and I am on your first level. I would have a list of people who trust me. If you don't know me, you can check my list of people who trust me, then check their lists and find out, within a few mS, how far away I am from your first level of trust. This is a doubly linked list, and every list is signed by the list owner, and verifiable (ie, I may say that MS trusts me, but you can check their list of people they trust and find out)
The potential for abuse is high, though, so a rating system is used. If you get burned by someone you can 'negatively' trust them. This effectively pushes them further away from the edges of your web of trust, and everyone who trusts them will become suspect, and less trusted.
Verisign can continue its cert program, and you can trust them at the first level and have the same benefits you get now by default in your browser.
It's the beginning of an idea, anyway. Lots of issues yet to be resolved, but a lot of them have been tested on peer-to-peer networks, and it could easily be applied to those networks to improve them as a test bed before writing an RFC and moving forward with it.
-Adam
How about with modifying existing web browsers' dialog-boxes to make them less scary, and explain that an unknown root CA doesn't mean end of the world. Then a user could visit the free CA's site, decide if they can trust it, and add it to the configuration if desired.
Regardless whether it's a big known CA or not, people make mistakes, and a certificate signed by any CA still carries risk IMHO.
I've always thought some entity like the Apache foundation should get in the certificate business. They are already issuing the most Web server software, why not web site certificates as well.
Four fifths of all our troubles in this life would disappear if we would just sit down and keep still. -C. Coolidge
I used to work on Microsoft's Public Key Cryptography QA team. We worked with Verisign to create fake certificates to test IE's SSL and Authenticode signed downloads. When we were done testing, someone on our QA team called Verisign customer service and said, "hi, I work on Microsoft's QA team. We are done using those fake certificates for our tests. Can you please revoke (cancel) them?"
Without any further verification, the Verisign customer service agent pushed a button and canceled the real Microsoft certificate, the one used to sign all of Microsoft's downloads, device drivers, and CDs. oops. Luckily, no one pays attention to Verisign's CRL (Certificate Revocation Lists) because certificate revocation is off by default in IE. Since no one really used the CRL, Verisign was able to the remove Microsoft from the CRL and reinstate the Microsoft certificate after a couple days.
So when you "trust" Verisign, think hard about what that really means..
cpeterso
My problem occured when trying to get a cert for a small group of alumni. We've got about 50 people in it. We're just trying to make it possible for us to discuss things on our bulletin board with passwords protected with SSL.
We payed our money to Entrust. We still have not gotten a certificate or a refund. They first required that we prove we have a relationship with the school. We aren't an official organization, don't pretend to, and don't use their domain at all. It's completely separate.
So next they required we show articles of our encorporation. Is this what's required to have a certificate? Why can't joe-random-webmaster have a valid certificate from the "big guys"? Sure, you can go with smaller outfits, but their certs aren't in older browsers.
IMHO, a cert should simply say "This cert was given to the folks who run www.this_domain.com." They can check and verify whois data and your ability to receive email. Any other requirements are just stupid. Just because you want SSL doesn't mean you want to be an e-commerce site.
TLS (SSL) does not need the ugly PKI technology to operate. SSL/TLS could very well use PGP keys. The difference is that PGP technology is more well designed and lends better to help building a web of trust.
Some people might say that newbies can't handle the complexity. Well it's the responsibilty of software developers to help them overcome this. Example: As the same PGP keys would be used for mail, the web of trust could be linked to the addressbook handling.
Besides, the current model gives a sense of security which is not real. Do we really trust CA's? When you go to an "internet cafe", do people check that the list of trusted CA's haven't been altered. In this way, PGP would bring the real sense of security/insecurity which is currently "masked".
My uni does this internally... all the paranoid students complained about the untrusted certs when they tried to view their records, it took ages for everyone to have the uni installed as a root CA on everyone's machine (it took ages for people to be convinced the uni COULD be trusted) and you have to reinstall them everytime windows dies.
Most annoying.
-Mark
Why can't SSL support encryption without a certificate? I mean, how often do you really look at the certificate details to "make sure the website is who it says it is"? The whole point of SSL for me is to reassure the customers that their credit card details aren't going to be intercepted in some way en route from their browser to my server - so why can't I just offer them encryption without having to go through the expense and rigmarole of getting a certificate?
This is the problem with X.509 model. They have 2 different entities - certificates and certificate authorities. When you purchase certificate you could not use it to certify other entities, like people within your company. I think it is doene intentionally to keep revenue stream locked between selected few.
In this respect PGP model is way better. You can use your key to sign others.
The best solution would be for Goverments to start offering certificates. This would solve two problems.
* Legal juristiction over site.
* Verification of identity.
If the government recognizes the web site then it can verify it has a ligitimate legal entity in that country and in the case of fraud the countrys laws will have clear juristiction to prosecute the company.
Some ISP's make their own... Like zet.no (see cert author) They're a norwegian small isp, with a few hundred clients (mostly companies.).SO why not other could do this I wonder. What is wrong with making your own? At least it ensures that only the other end can read, not any sniffer, and at least for me it is the most important. Usually I don't think it is as easy to replace a entire site as to sniff. So for me it is most important to ensure that only 1st and 2nd part can read the message. However, I understand that some have a need for authentiacting that remote is the one it is claiming to be. But how many users would notice if it were zet.nu instead of zet.no? And how difficult would it be to replace the papers needed to get a VeriSign cert? Panaroid users could even request a mail (snail mail) with a floppy with the ssl pub cert on, so they could check! It would also not be a problem to enable something like the PGP keysigning, that sites sign each others certs. Then you, for example, would be pretty ensured that a site who had a cert signed by slashdot.org;) and Google you would be pretty ensured that it actually would bethe site it was claiming. I do not think it is right that you should pay for encryption. Encryption is a Human Right, it is a part of Freedom of speech, to be able to communicate without that 3rd part is reading!
Assembling etherkillers for fun an profit