Slashdot Mirror
Self-Regulating SSL Certificate Authority?
bcg asks: "It has come that time again to renew some of my SSL certificates and part with substantial amounts of cash. This has got me thinking - why should we pay large amounts of cash for authorized certs when so little is done by the companies issuing them? Sure they get you to send them a copy of a business certificate but how does this prove the character of those running the SSL server? What ideas can we come up with for a self-regulating certification authority? Could we set something up along the lines of the many free DNS servers around but use it to authenticate SSL certs?"
We last touched on this subject in October, when someone was searching for cheap
SSL certs. We've also discussed why certs are so expensive. Why not take it one step further and discuss ways of making and authenticating our own certs for free...or as close to free as possible?
>Sure they get you to send them a copy of a >business certificate but how does this prove the >character of those running the SSL server?
They aren't supposed to be verifying your character, they verify your identity.
Want them cheap? Let the GOVERNMENT handle SSL certs! After all, they're already handling drivers licenses, social security numbers, and ten kazillion other things that are supposed to prove that you are you, why not just give you a cert, too? For a small government fee, of course.
You call this a signature?
Hell, even Microsoft says that on their windows update site for the active X download it throws onto your computer during your first visit!
Someone should do a study on this, sounds like a great high school science fair project! I can see the display in the gym now, pasted on the cardboard display case "Are people idiots?" and have nice pie charts and tabular data from your research. It beats boiling something in a test tube to see how long it takes at different temperatures or testing the growth rates of different molds...
My standard rant about why I use my own certs:
Digital certificates are available, for a fee, from a commercial certificate authority (aka CA) such as Verisign. For about $15 a year Verisign will claim to know who you are though you provide no proof other than the grand American Dollar. If your credit card clears, then Verisign says email from you is from you. Why is this worth $15? If I send a signed email to someone and they verify that signature based on the cert I send them, then the only reason to trust that the cert is based on the trusting the signing CA. Verisign says that if I have a credit card with a name on it, then I am the person with that name. Unfortunately due to identy fraud, this is often not the case. In our family we have been victims both of simple credit card fraud (where are card number was stolen and the card duplicated) and full on identity fraud where our social security number was used to open credit accounts by people other than us. So merely the possession of a credit card number does not imply identity. By trusting Verisign you are trusting the US credit industry, which is corrupt and insecure.
Assume that you do trust that credit cards are valid identifications. Why would you trust the CA who took that as ID? How do you know who the CA is? CA's are identified by certificates just as users are. How did you get a certificate for the CA? Usually it is because Microsoft and Netscape include a set of certificates from trusted CA's in their products. If the cert comes from one of those CA's then Microsoft and Netscape say it's valid. Therefore you must trust that Microsoft and Netscape included authentic certs, and you assume that those certs have not been compromised since you installed the software. Maybe you think I'm paranoid. Really I just object to paying money for something I can do better myself.
I have created the Greenbaum.Org Certificate Authority to create digital certificates which are free and trusted. If you get an email from me, signed by a certificate issued by me, verified by the CA certificate you download from this site, then the email was from me. If you get an email from me, signed by a Verisign certificate, then it could have come from the gangsters who stole my credit card to buy Nikes and chinese food.
You could perhaps add the idea of a threshold -- once a cert is signed by enough well-trusted individuals, the cert becomes "good enough" to go public.
Of course, there might be an issue of startup time -- a requestor of a new cert wouldn't get one until it has had time to make the rounds and get signed by many trusted individuals.
There is also a bit of a seeding problem. How do you establish a large enough trusted community in the beginning, so that sufficient signings can be made on new certs.
Also, I would guess that one of the things that current commercial cert corporations provide is a source of culpability, should something go wrong with the cert they issued. With a public signing group, you might not have this same level of responsibiliy. This could be good or bad, depending on your perspective.
Basically the security behind SSL certificates (and all certification technologies) is that you trust the CA (the root of the certificate path).
Commercial companies are trusted because they would go out-of-business if they lost your trust. So basically you trust in the fact that they want to make money.
So here is my point, besides financing and all the other issues, how do we establish a chain of trust?
Why not have a self-regulating authority? Well, let me submit a request to sign my certificate saying I'm Amazon.com, hijack the domain and steal credit cards. The point of CA's is to do some background checking to verify you are who you say you are. Debatable, agreed, but is you're average script kiddie, cracker, etc. gonna shell out bucks to get a fake cert? Probably not. Not to mention once money is involved, there is an audit trail of some sort.
As for whether the prices are gouged a bit, I won't argue with you there. Seems that it shouldn't cost as much as it does, but at the same time I'd think most companies rack it up as a cost of doing business (just like rent, equipment leases, etc)
-- A computer without COBOL and Fortran is like a piece of chocolate cake without ketchup and mustard
Ladies and gentleman, a round of applause for the only Slashdot editor who reads Slashdot!
Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
I used to work on Microsoft's Public Key Cryptography QA team. We worked with Verisign to create fake certificates to test IE's SSL and Authenticode signed downloads. When we were done testing, someone on our QA team called Verisign customer service and said, "hi, I work on Microsoft's QA team. We are done using those fake certificates for our tests. Can you please revoke (cancel) them?"
Without any further verification, the Verisign customer service agent pushed a button and canceled the real Microsoft certificate, the one used to sign all of Microsoft's downloads, device drivers, and CDs. oops. Luckily, no one pays attention to Verisign's CRL (Certificate Revocation Lists) because certificate revocation is off by default in IE. Since no one really used the CRL, Verisign was able to the remove Microsoft from the CRL and reinstate the Microsoft certificate after a couple days.
So when you "trust" Verisign, think hard about what that really means..
cpeterso
My problem occured when trying to get a cert for a small group of alumni. We've got about 50 people in it. We're just trying to make it possible for us to discuss things on our bulletin board with passwords protected with SSL.
We payed our money to Entrust. We still have not gotten a certificate or a refund. They first required that we prove we have a relationship with the school. We aren't an official organization, don't pretend to, and don't use their domain at all. It's completely separate.
So next they required we show articles of our encorporation. Is this what's required to have a certificate? Why can't joe-random-webmaster have a valid certificate from the "big guys"? Sure, you can go with smaller outfits, but their certs aren't in older browsers.
IMHO, a cert should simply say "This cert was given to the folks who run www.this_domain.com." They can check and verify whois data and your ability to receive email. Any other requirements are just stupid. Just because you want SSL doesn't mean you want to be an e-commerce site.
TLS (SSL) does not need the ugly PKI technology to operate. SSL/TLS could very well use PGP keys. The difference is that PGP technology is more well designed and lends better to help building a web of trust.
Some people might say that newbies can't handle the complexity. Well it's the responsibilty of software developers to help them overcome this. Example: As the same PGP keys would be used for mail, the web of trust could be linked to the addressbook handling.
Besides, the current model gives a sense of security which is not real. Do we really trust CA's? When you go to an "internet cafe", do people check that the list of trusted CA's haven't been altered. In this way, PGP would bring the real sense of security/insecurity which is currently "masked".