Slashdot Mirror

← Back to Stories (view on slashdot.org)

SSL Cert Revocation Lists?

Posted by ryuzaki0 on from the respect-mah-authoritah dept.

DA-MAN asks: "Browsers ship with a ton of different certificate authorities that provide 'trust' for secure sites that we visit. With all of these certificate authorities comes a certificate revocation list, which is to flag bad certs. Firefox, IE and Safari do not have an automated way to pull updated lists from all of the different certificate authorities, so one must download each CRL manually and import them into the browser. It occurred to me the other day that the only time I've ever seen this feature in use was when Microsoft inserted the CRL for a certificate that was mistakenly issued by Verisign with the "Microsoft Corporation" name. All that said, I was just wondering if anyone cares about this? Do you actually import updated CRL's into your browser? Why can't the CRL be signed by the Cert Authority and automatically imported?" What other browsers support automatic CRL updates?

59 comments

  1. Does anyone use them? by Threni · · Score: 1

    I see these things popup sometimes and I shrug and click `whatever`. Who cares? It's not like you can't popup a fake one anyway, and the average user doesn't understand it all anyway. Either this sort of thing works invisibly in the background, or just forget about it.

  2. CRLs = blacklists by Ant+P. · · Score: 1

    I do it the other way: delete all these default browser certs from companies I've never heard of, then only allow ones from websites I know and trust.

    1. Re:CRLs = blacklists by Anonymous Coward · · Score: 0

      There ought to be a combination of the two ways: CAs are good to have when you're visiting a new site and need some way of verifying the site certificate. But instead of blindly trusting all certificates that are signed by the CAs, the browser should present the CA chain and ask the user once for every certificate whether it is to be trusted or not. This way there's much less of a chance that a user is tricked into giving data to a fake copy of a site he uses regularly, even without CRLs.

    2. Re:CRLs = blacklists by joebp · · Score: 2, Informative

      And how do you know that the certificates "from websites I know and trust" are really from said websites? The simple fact is you don't, because you have no trust in the root certs that they present.

    3. Re:CRLs = blacklists by jaseuk · · Score: 2, Insightful

      Precisely. All SSL is really good for on the general internet is to prevent casual sniffing. You can sign up for a cert these days for $25 with very little clearance. The trust element has completely gone, if it was ever there at all?

  3. This would be nice by gcnaddict · · Score: 2, Insightful

    It would be great to see someone write a Firefox extension which merged the CRLs into Firefox, though I'm not sure how to pull that off in the first place :(

    Still, I'd love to see someone do it!

    --
    Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
    1. Re:This would be nice by grokster · · Score: 1
      It would be great to see someone write a Firefox extension which merged the CRLs into Firefox

      Firefox will download CRLs repeatedly, once you have already done it manually once. Go to crl.verisign.com in Firefox, and click on one of the CRLs. Firefox will import it for you and offer to fetch it periodically.

      What Firefox is not doing - yet - is to look for a CRL Distribution Point URL in a certificate and then automatically download the CRL from that location.

  4. Firefox supports OCSP by mysidia · · Score: 5, Informative

    Online Certificate Status Protocol.

    Tools > Options > Advanced > Security > Verification

    Verification that a certificate has not been revoked is not done in practice; however.

    • Extra time is taken for the request; or substantial disk space memory is used to download lists of revoked certificates -- slows down access to secure sites.
    • CRL lists can be out of date, if you importe an old list; a certificate you think invalid, may no longer be invalid -- CRLs allow a certificate to be blocked either temporarily (hold) or permanently (Revoke).
    • Online updates as to certificate status is something that would use a phenomenal amount of bandwidth, for any large CA; if all clients check status before allowing -- it would cut into CA profit margins if every web surfer insisted on downloading CRLs regularly for trusted CAs or before accepting a certificate. This would tend to discourage CAs from using CRLs, or justify even more extortionate rates to buy essential web server certificates.
    1. Re:Firefox supports OCSP by Anonymous Coward · · Score: 0

      For as much money as they cost they should have no problems getting the bandwidth and servers needed for online updates to certificate status. Certificates are WAY overpriced for what the CERT authorities do.

    2. Re:Firefox supports OCSP by geniusj · · Score: 1

      I'm pretty sure all CAs have OCSP servers. I know mine does.

    3. Re:Firefox supports OCSP by grokster · · Score: 1
      I'm pretty sure all CAs have OCSP servers. I know mine does.

      The SSL cert on secure.comodo.net does not have an AuthorityInformationAccess extension in it with the URI of an OCSP responder. Hence nobody can check it via OCSP. This may mean that Comodo does not have an OCSP server - on the other hand, perhaps they just don't put the URI in every cert.

  5. SSWHAT? by packetmon · · Score: 1

    A large majority of people don't understand what a Cert is, what it does and why it's necessary. Most still just click through without checking the credentials of the cert in fact for those who use Hotmail, many times you will note that - that site's cert has expired. Mozilla seems to have halted things as of 2003 so I wonder if only financial companies and companies making financial transactions are the only ones constantly pursuing certs. Who knows... I used to use a cert for a security/political site I had as a means of encrypting content on the wire. I don't think many are altogether concerned with who signed what...

    --
    Infiltrated dot Net
  6. Different protocol by Todd+Knarr · · Score: 1

    I believe CRLs have been superseded by OCSP (Online Certificate Status Protocol) for just the reasons you noted. OCSP doesn't require local storage of revocation lists and the synchronization issues that go along with it.

  7. Moot point by nagora · · Score: 2, Interesting
    The first thing I do with a browser is delete all the certificates and tell it to ask me on a case-by-case basis. Since I don't trust Verisign/Thawte at all the whole system is fairly worthless.

    At the end of the day, what has Verisign or anyone else ever done to deserve unquestioning trust from me, a person with no legal recourse to challenge their decisions about who to issue certificates to?

    TWW

    --
    "Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
    1. Re:Moot point by Anonymous Coward · · Score: 0

      Which tin foil hat store do you shop at?

      I need to find a trusted one.

    2. Re:Moot point by cos(0) · · Score: 1

      So what do you do instead? What advantage is there to having every HTTPS site interactively prompt you whether to accept the certificate or not?

      The only benefit I can see is if you telephone the administrator of every such site, have them read the certificate's fingerprint, and verify that the one you received in the browser matches.

      Since you don't do this, how do you know whether to accept or not?

    3. Re:Moot point by Anonymous Coward · · Score: 0

      Shhhh you'll scare him. He thinks he's a "power user", don't shatter the one thing in his life that gives it meaning.

      He knows what he's doing, all the cool people delete the root certificates.

    4. Re:Moot point by Trogre · · Score: 1

      "Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"

      I don't get your sig. Are you implying that consulting Wikipedia is like asking a group of people at a bus stop? So if I wanted to know about Quantum Mechanics I'd be better off going to the library and reading books by people who know about it rather than asking some random folks. Is that what you're getting at?

      Perhaps Encyclopedia Galactica versus The Hitch Hikers Guide to the Galaxy would be a better analogy.

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
    5. Re:Moot point by Lord+Ender · · Score: 2, Interesting

      Instead of jumping right to the tinfoil hat response, I'll give you a real reason to trust Verisign: It is in their financial best interest verify that they are giving certs to the right people. If they make too many mistakes, Microsoft might stop including them with Windows (due to customer demands).

      Reputation is everything in the cert industry. They won't want to lose it.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    6. Re:Moot point by nagora · · Score: 1
      So if I wanted to know about Quantum Mechanics I'd be better off going to the library and reading books by people who know about it rather than asking some random folks. Is that what you're getting at?

      Yes.

      TWW

      --
      "Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
    7. Re:Moot point by nagora · · Score: 1
      What advantage is there to having every HTTPS site interactively prompt you whether to accept the certificate or not?

      Well, firstly "every" in this case amounts to about three sites per year so it's no big deal. But in general I think I'm a better judge as to whether the site I'm on is the real thing than some distant CA.

      As I said in my original post, I have no reason to trust or believe in Verisign's (or any other third party) ability to accurately judge who they are giving certificates to nor do they have any legal responsibility to me to get it right. So what use are they?

      If I know I'm at play.com then all I want is: encryption for the checkout, and a warning if next time I arrive the certificate has changed. A certificate generated by play.com gives me both, so what care I for Verisign?

      The thing that seems strange to me is that there has NEVER been any reason to trust Verisign/Thwate and the rest of them. They're just a bunch of nobodies that came from nowhere and got a few deals signed in the early days. They have a licence to print money yet they do absolutely nothing for users as far as I can see.

      TWW

      --
      "Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
    8. Re:Moot point by Anonymous Coward · · Score: 0

      Seriously, keep fighting the good fight! I enjoyed being the man-in-the-middle the last time you went to play.com...

    9. Re:Moot point by nagora · · Score: 1
      OK, smart guy. Say I go to a new site that I don't really know (followed a link, say) and they have a certificate from Verisign. What use is that to me? What protection does it actually give me?

      TWW

      --
      "Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
    10. Re:Moot point by Anonymous Coward · · Score: 0

      From Verisign's SSL FAQ:

      What will I need to provide in order for VeriSign to verify my business identity?

      When you request an SSL Certificate, VeriSign must verify the existence of your business, the ownership of your domain name, and your employment status using 2- factor authentication. Likewise, every administrator receives full business identity authentication before gaining access to a Managed PKI for SSL account.

      We may require official government documentation proving your right to do business. These include, but are not limited to:

              * Articles of Incorporation
              * Business License
              * Certificate of Formation
              * Doing Business As
              * Registration of Trade Name
              * Charter Documents
              * Partnership Papers
              * Fictitious Name Statement
              * Vendor/Reseller/Merchant License
              * Merchant certificate

      If we cannot automatically authenticate your company's management responsibility for the domain name that will use the SSL Certificate, we will require an authorization letter from that domain's owner. This step prevents applicants from fraudulently or accidentally obtaining SSL Certificates for inappropriate domains.

  8. Self-signed Certs by Anonymous Coward · · Score: 1, Interesting

    It's somewhat off topic, but I have a related question. If all you want to do is encrypt traffic, and don't really care about the extra warning dialog, is there any disadvantage to using self-signed certificates?

    1. Re:Self-signed Certs by Anonymous Coward · · Score: 0

      Nope. I do that all the time for private server status sites. In fact, I think there is GREATER security in that if the certificate changes (man in the middle, hacked box) then I am only trusting the cert I previously saved on my client, not some (who really ever knows which?) random "certifying" company (where a bunch of kids probably work).

    2. Re:Self-signed Certs by Dagmar+d'Surreal · · Score: 1

      No problem at all, provided you make sure to memorize your key fingerprint. A self-signed cert can be used to encrypt just fine--you'll just need to tell your browser to trust it for however long you feel necessary. The problem comes when someone manages to hijack your DNS and *also* has a self-signed certificate with your site's name on it. The fingerprint being different is about the only warning you're going to get (because it will be trivial for them to tunnel the HTTP requests through their fake server to your real server so all the content will appear correct).

    3. Re:Self-signed Certs by Straker+Skunk · · Score: 4, Informative

      Don't use self-signed certificates. Create a private CA, generate a real root certificate, and then distribute that to all the clients that need it.

      That way, you don't get a warning dialog, and you get real protection from MitM attacks.

      Also: If you find the openssl(1) tool annoying, try certtool(1) from GnuTLS. I've found it a lot easier to work with.

      --
      iSKUNK!
    4. Re:Self-signed Certs by bucky0 · · Score: 1

      Is there a tutorial that lists some of the important steps? I'm using SSL to tunnel traffic within some servers I own (and an administrative interface) And I'd like to self-sign the certificates for myself.

      thanks!

      --

      -Bucky
    5. Re:Self-signed Certs by outcast36 · · Score: 1

      This link discusses self-signing in IIS, but the procedure for creating a root CA, and signing requests will be the same for whatever webserver you use.

      http://eal.us/blog/_archives/2003/6/2/25109.html

      --
      Technology Consulting & Free Downloads
    6. Re:Self-signed Certs by stuuf · · Score: 1

      There's a set of tutorials at http://sial.org/howto/openssl/ for things like making certificates, signing requests, and setting up a CA using OpenSSL. It has a makefile script to automate certificate signing.

      --

      Everyone is born right-handed; only the greatest overcome it

    7. Re:Self-signed Certs by jschrod · · Score: 1
      I'm late to this, but maybe you get a response notification.

      Check out TinyCA, at http://tinyca.sm-zone.net/. It is a GUI to ease certificate creation and management.

      --

      Joachim

      People don't write Manifestos any more -- what's going on in this world? [Frank Zappa]

  9. All the more Reason to Auto-Update by justanyone · · Score: 1

    Two ideas:
    • Have Firefox automatically update from a set of known sites at a configurable interval. An indicator, like the update-now exclamation point of up2date, which if clicked upon would get and install the latest CRLs from all the available authorities;
    • A Firefox Extension should be created (anyone? anyone? Buhler?) that does this automatically at a configurable interval.


    This would seem to solve this security hole nicely with minimal fuss. Normal users don't worry, they have a clear thing to do when the indicator changes, be it an extension or built into Firefox.
    --
    Unitarian Church: Freethinkers Congregate!
  10. CRL's by Kaenneth · · Score: 1

    It's my understanding that there is a mechanism to automatically get CRL's in IE, but not all CA's use the optional item in the relevant RFC. Verisign used a specific 'well known' URL to host their CRL; I've seen rants that Microsoft should have used that URL to get CRL's, however that seems like a bad idea to me for many reasons:

    What if the URL is hijacked; via DNS poisoning, HOSTS, a BHO, site hacks, proxy hacks... a URL is unfortunetly, not 100% reliable.

    Why should Verisign get special treatment?, because Microsoft used them as a CA? I recall recently a huge stink was made about Windows treating special URLs differently... what about the CA's used by Firefox, Opera, AOL... shouldn't those CA's get equal special treatment? (all URL's are equal, but some are more equal than others)

    Isn't it a bad idea to hard-code strings into software? does that same CRL URL apply world-wide and forever? imagine if between 2000 and 2007 Verisign went bankrupt, got bought by AOL/Time/Warner, or decided to change it's name to 'SuperAwesomeSign.com'? What if the nature of internet addressing chages? Unicode, IPv6, .xxx...

    1. Re:CRL's by DA-MAN · · Score: 1

      What if the URL is hijacked; via DNS poisoning, HOSTS, a BHO, site hacks, proxy hacks... a URL is unfortunetly, not 100% reliable.

      Presumably the hijacker wouldn't have a signed cert, which should raise red flags on your browser.

      Why should Verisign get special treatment?, because Microsoft used them as a CA?

      Verisign didn't get special treatment. Microsoft put out an update that put the revoked "Microsoft Corporation" certificates in the CRL. This is because IE can be told to always trust signed executables by "Company Name", people with the fake "Microsoft Corporation" certs could have signed executables and had Internet Exploder automatically install stuff.

      If anything it's Microsoft that got special treatment, since they are undoubtedly not the only one who has had certs issued in their name.

      --
      Can I get an eye poke?
      Dog House Forum
    2. Re:CRL's by Anonymous Coward · · Score: 0

      What if the URL is hijacked; via DNS poisoning, HOSTS, a BHO, site hacks, proxy hacks... a URL is unfortunetly, not 100% reliable. The CRL is digitally signed by the issuing CA - so the security or otherwise of the rest of the internet is irrelevant (apart, perhaps, from delaying verifications due to a very extended DoS)...

    3. Re:CRL's by grokster · · Score: 1
      It's my understanding that there is a mechanism to automatically get CRL's in IE, but not all CA's use the optional item in the relevant RFC. Verisign used a specific 'well known' URL to host their CRL

      X.509 v3 certificates can contain an optional extension called CRL Distribution Point containing a URL to the specific CRL on which that certificate would appear.

      VeriSign do use this - take a look at crl.verisign.com in your browser and see how many different CRLs VeriSign have. Each issued certificate points to the CRL where it would be revoked.

      a URL is unfortunetly, not 100% reliable.

      Agreed. However there are many more things that could go wrong - bad routing, internet traffic, load on the CRL web server, trying to fetch the CRL when you're on a LAN hitting an intranet when you have no Internet access, etc.

      Hence Microsoft didn't turn CRL checking on by default for SSL certs.

      imagine if between 2000 and 2007 Verisign went bankrupt, got bought by AOL/Time/Warner, or decided to change it's name to 'SuperAwesomeSign.com'? What if the nature of internet addressing chages? Unicode, IPv6, .xxx...

      Comodo's own certificate on their server https://secure.comodo.net/ is signed by the GTE CyberTrust Global Root. Geotrust uses the Equifax Secure root CA. Name changes are ugly, but they have happened.

      On the other hand, for CRL locations they simply need to put a new URL into new certs, and when the existing install base of certs expire, they can retire the old URL.

    4. Re:CRL's by Craig+Davison · · Score: 1

      What if the URL is hijacked; via DNS poisoning, HOSTS, a BHO, site hacks, proxy hacks... a URL is unfortunetly, not 100% reliable.

      If an attacker uses DNS poisoning or proxy hacks, the CN on the cert would not match the DNS hostname, which would cause an error, or the cert would have an unknown CA, which would also cause an error.

      An HTTPS URL is 100% reliable if the hostname matches the CN on the cert, and the cert was issued by a "trusted" CA. "Trusted" in this case means you have the CA's cert (kind of like a public key) bundled with your browser. If you have a way around that, you better alert the internet because you've stumbled upon something huge.

      Why should Verisign get special treatment?, because Microsoft used them as a CA? I recall recently a huge stink was made about Windows treating special URLs differently... what about the CA's used by Firefox, Opera, AOL... shouldn't those CA's get equal special treatment? (all URL's are equal, but some are more equal than others)

      Isn't it a bad idea to hard-code strings into software? does that same CRL URL apply world-wide and forever? imagine if between 2000 and 2007 Verisign went bankrupt, got bought by AOL/Time/Warner, or decided to change it's name to 'SuperAwesomeSign.com'? What if the nature of internet addressing chages? Unicode, IPv6, .xxx...

      IE doesn't hardcode strings, so much as it bundles certs from all the major CAs. These certs expire eventually, which is why, for example, Netcape 2.x will no longer work with HTTPS, and why Microsoft offers a "root certificate update" once in a while. The bundled CAs are the reason that SSL verification can be automated in the first place. Those certs never have to be transferred over the network, because they came bundled with your OS or web browser.

      --
      Hands in my pocket
  11. Uhh... by WalterGR · · Score: 2, Informative

    From here:

    Internet Explorer 6 includes support for server certificate revocation, which verifies that an issuing CA has not revoked a server certificate...

    To enable server certificate revocation, in the Internet Options dialog box, click the Advanced tab, and then select the Check for server certificate revocation check box...

    Internet Explorer 6 includes support for publisher's certificate revocation, which verifies that an issuing CA has not revoked a publisher's certificate. To enable publisher's certificate revocation, in the Internet Options dialog box, click the Advanced tab, and then select the Check for publisher's certificate revocation check box.

    The VeriSign screw up was made worse because their certificate didn't indicate a CDP (CRL Distribution Point) from which IE could have automatically downloaded the updated CRL. From Microsoft's security bulletin:

    Every certificate should provide a piece of data called the CRL Distribution Point (CDP) - this data indicates the location from which the CRL can be obtained. The problem is that VeriSign code-signing certificates don't provide CDP information. As a result, even though VeriSign has added these two certificates to its current CRL, it's not possible for systems to automatically download and check it. Our update compensates for this omission in the VeriSign certificates.
    --
    The Online Slang Dictionary
    1. Re:Uhh... by feijai · · Score: 1
      Grammar tip: "Effect" is a verb. "Affect" is a noun

      Grammar tip: you have it backwards.

      Formally, Effect and Affect are each both nouns and verbs. But the most common use of Effect is as a noun, and the most common use of Affect is as a verb.

      Common: The hurricane had a terrible effect on the New Orleans economy.
      Less common: Bush has effected a change in interpretation of privacy laws.
      Common: The hurricate affected the New Orleans economy terribly.
      Less common: Bush affected a strange indifference to their plight.

    2. Re:Uhh... by grokster · · Score: 1
      To enable server certificate revocation, in the Internet Options dialog box, click the Advanced tab, and then select the Check for server certificate revocation check box...

      And then REBOOT. *cough* How's that for good user interface design?

      The point is that it is off by default, and not trivial to enable.

      MSIE7+ on Windows Vista will have both OCSP and CRL functioning, and ON BY DEFAULT.

  12. Do you even know what SSL certificates are for? by brunes69 · · Score: 3, Informative

    The fact this guy is modded so high scares me, because his post is startlingly idiodic.

    The purpose of a certificate signed by Verigisn/Thawte is most certainly not to tell you that you should trust the site you are at with your data. And in no way do either of these companies make any claim to this.

    The only point of a third-party signed SSL certificate is so that you can say "OK, I am trying to connect to www.myfavoirtestore.com. Is the data actually coming from there, or am I actually getting data from www.hackersite.com that intercepted the transmission/hijacked the DNS/whatever?".

    Whether or not you actually trust www.myfavoritestore.com with your data is totally irrelevant, beside the point, and has absolutely nothing to do with Verisign, Thawte, or SSL certificates.

    It's up to the consumer whether or not to trust where they shop. In this sense the web is absolutely no different than the B&M world. The only job of Thawte and Verisign is to ensure you are where you think you are because unlike in the B&M world, you can't just look at the sign on the front of the store and trust it.

    1. Re:Do you even know what SSL certificates are for? by skiflyer · · Score: 1

      The only point of a third-party signed SSL certificate is so that you can say "OK, I am trying to connect to www.myfavoirtestore.com. Is the data actually coming from there, or am I actually getting data from www.hackersite.com that intercepted the transmission/hijacked the DNS/whatever?".

      I wouldn't say that's the only point... if you really trust the issuer, it's also supposed to give you some factual information, usually the company name, department name, phone number & address of whoever the cert was created for. However, as stated earlier in the discussion (and verified by my personal experience), there's not a whole lot of research from the issuers that this data is correct.

    2. Re:Do you even know what SSL certificates are for? by brunes69 · · Score: 1

      It doesn't need to be correct. The reason the certificate contains that information is so that you can vertify that it belongs to the site you are trying to connect to.

      I could issue an SSL certificate for a website claiming that my address was "On The Moon" - a totally invalid address. But if you through external means know from me that my address in the SSL certificate should say I live "On The Moom", then you know (or at least be that much more sure) it is me.

      An SSL certificate is nothing more than a type of digital fingerprint. Possible to forge but difficult to imitate. You still need the owner of said print to compare it to though, to validate identity. Same with SSL certs.

    3. Re:Do you even know what SSL certificates are for? by grokster · · Score: 2, Informative
      The only point of a third-party signed SSL certificate is so that you can say "OK, I am trying to connect to www.myfavoirtestore.com. Is the data actually coming from there, or am I actually getting data from www.hackersite.com that intercepted the transmission/hijacked the DNS/whatever?".

      Aah, but if you connect to www.paypa1.com, such a system would confirm that it legitimately has an SSL certificate for www.paypa1.com but you have no way of knowing who operates www.paypa1.com (assuming you noticed that it was not www.paypal.com). Ditto for www.paypal-secure.com or www.my-paypal.com or www-paypal.com or whatever variation I can think of.

      So your philosophy may work for you, but it doesn't work for the general public.

      SSL encryption without authentication is like talking to somebody in a private, dark, room where you are sure you can't be overheard - but you can't see who you are talking to.

    4. Re:Do you even know what SSL certificates are for? by Anonymous Coward · · Score: 0

      Right. Now I have some guys called "Thawte" or "Verisign" telling me that these other guys called "Paypel" are who they say they are. Great. What exactly does that buy me, a random person on the other side of the planet?

  13. It's not perfect by brunes69 · · Score: 1

    I never said the system was foolproof, and indeed, the root authorities are fallable and have mad ehuge mistakes in the past. I was only trying to accuratly describe at least the idea behind certificates. The GP poster was implying a totally different idea, that somehow Thawte/Veresign are somehow responsible for the content of the sites to which they issue SSL certificates. Nothing could be further from the truth. Any Joe/Dick/Harry can get an SSL certificate for any domain they can dream up. If you aren't trusting the root cert. authorities, then having SSL certificates *at all* is totally pointless. SSL certificates have nothing to do with the encryption cipher being used - they don't make the data secure. They just try to provide authority of the data. If you don't trust the root authorities then you might as well just call any company you want to connect to securely and rattle off the public key being used so they can confirm it, because that is basically what you are doing if you accept the untrusted SSL connection.

  14. My favorite line about this... by xxxJonBoyxxx · · Score: 1

    My favorite line about SSL Cert revocation came from a security presentation where a guy went through about thirty slides covering about 4 or 5 different ways people actually tried to make cert revocation work. At the end he said "and if you find a way that actually works 100%, see me after class."

    I think the point is: don't ever get caught in a situation in which you need to revoke certificates, because it's likely you'll never completely be able to revoke them for everyone. (i.e., protect your SSL cert backups)

    Also, people who are posting stuff about individually trusting new server certs are kind of missing the point; sometimes an issuer wants to revoke a cert you may have already individually trusted too.

    1. Re:My favorite line about this... by Anonymous Coward · · Score: 0

      Or just short timeouts and replace certs often.

  15. How Root CA Trust Works by Anonymous Coward · · Score: 3, Informative

    I've seen quite a few posts here decrying the root certificate authority "chain of trust" model commonly in use today, with drastic suggestions such as --deleting all of the root certificates that ship with the browser-- being made. This shows a general lack of understanding of how the chain of trust model works, and so I'd like to try to clear things up a bit:

    Your browser comes with a bunch of root certificates generated by high-level certificate authorities installed -- Companies like Verisign, Thawte, etc. These companies then use these certificates to sign SSL certs for websites that purchase them, allowing the visitors to that web site to enjoy some degree of verification that Versign, Thawte, or whoever says that "You are at the legitimate website for 'https://www.example.com'."

    How does Verisign or Thawte or whoever know that they issued the certificate to the real owner of "https://www.example.com"? Well, different certification authorities verify identity in different ways, and some even do different levels of verification depending on the certificate package purchased, or depending on how big (and potentially a target for fraud) the website that the cert is being requested for is. Generally speaking, at a minimum, they will do a "domain" verification. That means they will look up "example.com" in the whois database, find out who the administrative contact is for the domain, and send that person an email asking if the certificate request from "Some Person" is legitimate. Additional verification techniques may include publicly looking up a company based on the requested certificate domain name, calling them up, and asking to speak with the person who requested the certification, or, in some cases, requiring a request in writing from a company official authorized to request certificates in the company's name.

    So now, you may be thinking, "Well, why the hell should I trust that Verisign or Thawte or whoever properly verified the identity of 'example.com' before issuing a cert? How do I know that they are not just money hungry bastards that issue a cert to anyone that asks? How do I know that they didn't just get hacked, and someone signed their own cert using the root certificate authority's cert?" The simple answer is --- Because they are money hungry bastards! They are a business. They somehow managed to work out the necessary red tape to get their root certificates to ship with the major browsers. They make lots of money by selling and signing SSL certs. It is in their best interest as a business to do this right. These companies want to verify certificate requests right and protect their systems from hackers intensely because they want their root certs to stay in the browsers; they want people to keep buying certs from them. Think about it...If a company starts getting a reputation for issuing certs without proper verification, or if it gets public that their private signing key has been compromised, then their root cert will be pulled from the major browsers, no one will trust them anymore, and no one will buy certs from them anymore. They will quickly be gone. I know there have been a couple of high-profile fuck-ups that have happened with CA's issuing certs to fraudulent requestors -- But people will only tolerate so many of these until they simply don't trust that CA anymore, and their root cert gets pulled from browser packages.

    So, while the "chain of trust" does not inherently PROVE that Verisign correctly validated "example.com", and that they have not been hacked, it is most likely that Verisign DID do everything correctly to maintain their reputation and business model. That's why it still has the word "trust" in it. You are still "trusting" some things, but that "trust" is built up by a company over time by not fucking things up. Is the system perfect? No, of course not, but it does work, and it scales beatifully. If more stringent verification is needed, you can always create your own CA cert, install it on the necessary computers, and then issue certs signed by that cer

    1. Re:How Root CA Trust Works by rubato · · Score: 1

      Well, somebody should mod this up as informative, for those of us reading this discussion to try to learn a little about what this is all about. However, the post is a little confusing in that some of the advice is for browser users (So, I hope that my explanation has shown why you are not better off automatically "not trusting" the root CA's, and deleting their certs), and some of it apaprently is for website owners (All you can do is pick a company known for security as your domain registar and use a STRONG password for the account), without a clear distinction being made as to who is "you."

      As a browser user, the most common situation that comes up is that I visit some website and a "certificate expired" warning pops up. (Where does this come from?) Should I basically ignore this? (Most users do, I suspect.) If not, what should I do about it?

    2. Re:How Root CA Trust Works by petermgreen · · Score: 1

      certificates have a built in expiry date, the cynical would say this is part of a money grab, the less cynical would say its to stop certs with no longer acceptable encryption levels remaining in use and to reduce the lifetime of a stolen key.

      Either way if its just a community site or something i'd ignore it but if it was a merchant or worse a bank i'd be worrying about how well they are keeping thier house in order if they let thier SSL certs expire.

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
    3. Re:How Root CA Trust Works by Craig+Davison · · Score: 1

      Thank you thank you thank you. Hundreds of ignorant comments are posted in every SSL thread. It's amazing how little people want to learn about this. Your explanation was right on the money, and I hope everyone reads it.

      --
      Hands in my pocket
    4. Re:How Root CA Trust Works by Anonymous Coward · · Score: 0

      OK, but you still come out as saying "trust them, they know what they're doing". But what if I am mistrustful by nature, and don't wish to outright place my trust on some foreign company? I can see that the CAs can over long time prove their trustworthiness to me, by handling their signatures well and not fucking up. But ultimately, their signatures should be treated as advisory, and weighted by the amount of trust I place on the procedures of each CA, which may increase or decrease over time. As long as I don't get the key fingerprints in person from the site operator, there is always a degree of uncertainty that should be acknowledged, yet the current procedure is to take an irrational leap of faith at the point a site presents a certificate signed by a single company. Is there any software support for this kind of paranoia?

  16. Vista will also have OCSP by grokster · · Score: 1

    MSIE7+ on Windows Vista will have OCSP too, and it will be enabled by default. Most likely Firefox will turn it on by default at some point too if they are satisfied it will not "break the internet".

    If a CA's OCSP responder goes down, ALL sites using their certificates will be instantly knocked off the web as the browsers will refuse to connect to them.

  17. And if you turn it on, you find... by mengel · · Score: 1
    ...that your browser basically hangs several times a week if you go to secure sites, becuase the OCSP server is either down/not-reachable/overloaded. I don't know anyone who has ever left it turned on more than a month.

    I suspect this is why it is off by default in the release of the browsers -- it makes browsing secure sites far too painful.

    --
    - "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
  18. Short cert timeouts = good by xxxJonBoyxxx · · Score: 1

    Yeah, I agree. Ironically, short cert expirations tend to cheese off the "I must individually trust every cert for security purposes" people more than anyone else (because it's inconvenient for them). I wish more people read this thread...