Extended Validation SSL, More Secure or Just a Racket?

Nalfeshnee writes "The Register is reporting on the new 'Extended Validation SSL' cert currently being touted by Verisign. Vista and IE7 will be using this but not, apparently, Firefox anytime soon. For this the Verisign Product Marketing Director Tim Callan squarely blames the Firefox dev team for 'not keeping up' with their new technology. However, the whole thing just seems to be a way for Verisign to enjoy ridiculous markup on selling 'more secure' certs."

Re:Color coded?

Yes. Look at the screenshots and you'll see the organization name appears at the right of the address bar.

more info

Verisign used to call "Extended Validation SSL" "High Assurance SSL". A little more info here:

http://www.verisign.com/ssl/ssl-information-center /faq/high-assurance-ssl.html

This seems to be composed of two parts:

1. Some higher-level of SSL certificate for which Verisign will somehow verify the legitimacy of the company rather than just their domain, and for which they will presumably charge more $$$.
2. Visual indication in browsers that a site has such a certificate, and displaying who validated the certificate (i.e. Verisign.)

Yes.

[khasim]

IE 7 will have different icons on the location bar to indicate that a site has the "higher" level of "security" (translation: "bought the new certificate").

All the brower teams and SSL CAs agreed to this

[miller60]

The article is, not surprisingly, VeriSign's version of events. The Extended Validation standard emerged from talks among a consortium of browser makers (the IE team, Mozilla, Opera and Konqueror) and a ghroup of SSL certificate authorities, which includes not only VeriSign but also geoTurst (since bought by VeriSign), Comodo, Entrust and Go Daddy. The group is known as the The CA/Browser Forum, the group of certificate authorities and browser developers that is working with the American Bar Association's Information Security Committee on finalizing an open standard for the validation process, which is to be followed by all participating CAs. So this isn't just a VeriSign issue, but the culmination of an 18-month process.

The plan was for all the browsers to implement the color bar scheme, based on IE's implementation. There were optimistic announcements by all involved, but no final standard has emerged. VeriSign and other SSL certificate authorities are preparing to start selling these in January. It's not clear to me if Firefox/Mozilla has actually opted out or is just moving more slowly than MSFT in incorporating the changes in the browser. Mozilla tends to be deliberate about SSL-related changes in the browser.

Re:I don't get it

I used to work at a certain SSL place, so here's what I could gather.

Right now to get a cert it's a phone call verification or something else that can be done remotely.

For High Assurance CAs, the issuer has to fly a person out to the physical site, take pictures of the site, go inside, take pictures of at least two(?) employees, get names of workers, get signatures, and so on. At least that was the idea last I heard.

Rather than a remote validation, which I guess is easier to forge and easier to issue a mistake to by accident, this requires in person validation and lots of other crap you can't do without actually going there and checking it out. You decide if it's worth it. If not seeing that "special green color" stops just a few customers from using your site, it probably is.

Re:Secure?

[cortana]

If you read their terms of service you will see that they "guarantee" sweet fuck all.

On a related note, I was doing some poking around the other day and noticed this:

$ certtool -i < /etc/ssl/certs/Verisign_Class_1_Public_Primary_Cer tification_Authority.pem
 
X.509 certificate info:
 
Version: 1
Serial Number (hex): 00:CD:BA:7F:56:F0:DF:E4:BC:54:FE:22:AC:B3:72:AA:55
Subject: C=US,O=VeriSign\, Inc.,OU=Class 1 Public Primary Certification Authority
Issuer: C=US,O=VeriSign\, Inc.,OU=Class 1 Public Primary Certification Authority
Signature Algorithm: RSA-MD2
Warning: certificate uses a broken signature algorithm that can be forged.
Validity:
        Not Before: Mon Jan 29 00:00:00 1996
        Not After: Wed Aug 2 00:59:59 2028
Subject Public Key Info:
        Public Key Algorithm: RSA (1024 bits)
modulus:
        e5:19:bf:6d:a3:56:61:2d:99:48:71:f6:67:de:b9:
        8d:eb:b7:9e:86:80:0a:91:0e:fa:38:25:af:46:88:
        82:e5:73:a8:a0:9b:24:5d:0d:1f:cc:65:6e:0c:b0:
        d0:56:84:18:87:9a:06:9b:10:a1:73:df:b4:58:39:
        6b:6e:c1:f6:15:d5:a8:a8:3f:aa:12:06:8d:31:ac:
        7f:b0:34:d7:8f:34:67:88:09:cd:14:11:e2:4e:45:
        56:69:1f:78:02:80:da:dc:47:91:29:bb:36:c9:63:
        5c:c5:e0:d7:2d:87:7b:a1:b7:32:b0:7b:30:ba:2a:
        2f:31:aa:ee:a3:67:da:db:
public exponent:
        01:00:01:
 
Other information:
        MD5 Fingerprint: 97:60:E8:57:5F:D3:50:47:E5:43:0C:94:36:8A:B0:62
          SHA1 Fingerprint: 90:AE:A2:69:85:FF:14:80:4C:43:49:52:EC:E9:60:84:77 :AF:55:6F
        Public Key ID: 79:6F:71:F0:F5:FD:FF:F7:50:86:F5:B6:5F:5B:D7:CD:7F :C0:A0:CD
 
-----BEGIN CERTIFICATE-----
MIICPTCCAaYCEQDNun9W8N/kvFT+Iqyz cqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
BgNVBAYTAlVTMRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
    c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dG hvcml0eTAeFw05
NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5NT laMF8xCzAJBgNVBAYTAlVTMRcwFQYD
VQQKEw5WZXJpU2lnbi wgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp
bW FyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG 9w0BAQEFAAOB
jQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3 noaACpEO+jglr0aIguVzqKCbJF0N
H8xlbgyw0FaEGIeaBpsQ oXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR
4k5F VmkfeAKA2txHkSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2t sCAwEAATAN
BgkqhkiG9w0BAQIFAAOBgQBMP7iLxmjf7kMzDl 3ppssHhE16M/+SG/Q2rdiVIjZo
EWx8QszznC7EBz8UsA9P/5 CSdvnivErpj82ggAr3xSnxgiJduLHdgSOjeyUVRjB5
FvjqBU uUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/OJ0A NACY89Fx
lA==
-----END CERTIFICATE-----

Three things to be concerned about:

  1. It's only a 1024 bit RSA key. That is weak by today's standards.
  2. The signature algorithm is 'RSA-MD2'.
  3. Attacks against this certificate may only be theoretical today, but Verisign foresaw this, and saw fit to mark the certificate as valid until 2028!

Thank you, Verisign!

Re:I don't get it

[not-enough-info]

I went to verisign to get some facts direct. They have a "live chat" feature that pops up when you go to the faq.
According to their customer rep "Doreen", there's really nothing special about this.
What I got out of the chat session:

• The encryption is the same, or possibly the same, but probably not better.
  
• So far other CAs are not onboard with this (but "expected to follow suit" whoopee.)
  
• The only informational resources they give their people are the faq page and the MS blog.
  
• Doreen freely admits to knowing less about her own product than me, some interested schmuck.
  
• There aren't white papers available for me to peruse. (presumably because there's no actual new technology involved)
  

Now, I understand that this is pretty low on the totem pole, but still I think it's indicative enough to start throwing around some assumptions.

<assumptions style="raging">
From a technical standpoint, "High Assurance SSL" is functionally the same as vanilla SSL. The only difference is that for supported browsers, the cert holder and issuer will be visible in the URL address bar. (Oh, and you can toggle between them by clicking, whoopee.) The main draw is that it's "more visible!!!".

So functionally, if the FF devs want to counter this ridiculous load of crap, all they have to do is stick the plain old vanilla certs into the URL bar and maybe highlight weird characters to show phishing attempts. Certainly, a whole lot more paperwork isn't going to stop the phishers if they're going to the trouble of getting a cert anyways.
</assumptions>

Smells like a turd, looks like a turd.

Re:SSL and Extended SSL

You're missing the point of what a trusted CA is supposed to do. The point is that the browser makes trusts this CA to verify that a domain name has a legitimate owner. More precisely, the browser maker trusts the CR to verify that the person who applied for the certificate represents the owner of the domain name. If you create a CA that does no verification, how would you trust them? It would be a huge security hole for such a CA to be in Mozilla's list of trusted CAs. Somebody could register with this free CA as citibank.com, hijack DNS, and impersonate https://www.citibank.com with the users none the wiser.

Re:Certs are a joke

[rs79]

"paypal gets a lot right"

I have a screen shot on a computer around here someplace of a browser alert window pointing out the cert domain doesn't match the domain. It was about 2-3 years ago. I can't remember for sure but I think it was www.paypal.com (the cert) didn't match paypal.com (which is what I type in).

The points remain:
1) People don't care if the cert is valid or not or in many cases if it's even signed by a root auhority the browser knows about
2) There are lots of errors in certs the browsers ignore; if they didn't damn few, if any would work.

Re:CACert

[TheRaven64]

The Mozilla foundation did not have a good set of criteria for including a cert. Originally they pretty much just used the same ones as IE (pay a big heap of money). Now they do have a set of rules, and the CACert people are trying to prove that they comply with them. It should be done Real Soon Now(TM).

Re:Secure?

[TheSpoom]

GoDaddy High Assurance SSL.
Comodo Trusted SSL.
GeoTrust True BusinessID.

Business identity validation SSL certificates have been around for a long time. The only thing different about VeriSign's offering is that they're partnering with Microsoft to have the bar turn green if their more expensive cert is detected, to the disadvantage of all other SSL providers. This is an attempt by VeriSign to make it effectively necessary for businesses to use their cert so customers won't think that their site is insecure.

There's so much wrong with this attempt to gain a monopoly without adding anything of value to the market... but par for the course for VeriSign.

Re:Phishers can and do get certs

[AKAImBatman]

In the first link, they're self-signed certs that trigger the "Stop the World, something's wrong!" message. If consumers are ignoring this already, I'm afraid that a "green bar" isn't going to be much more effective.

The second link is more problematic, but the solution is simple. If a cert authority can't do proper due dillegence, then remove them from the browser's trusted list until they correct their procedures. They're obviously not trustworthy. Giving Verisign an artificial monopoly on something they should already be doing is not the way to solve the problem!