Slashdot Mirror
New Extended SSL Certs Make Online Debut
An anonymous reader writes "The first of the new 'extended validation' SSL certificates
went live this week, signaling the latest effort by the browser makers and major Web sites to further verify the identity of SSL applicants and help consumers spot fraudulent Web sites, the Washington Post's Security Fix blog notes. The technology is pretty simple: Visit a login page for a site that uses one of these EV certs and the browser bar turns green; likewise, the browser's anti-phishing filters can turn the URL field red when the user is at a known phishing site. There is still quite a bit of debate over whether this whole scheme isn't just a new money-making racket for the SSL providers, and whether small mom-and-pop shops will be able to afford the pricey new certs."
It's whether they'll be allowed to purchase them.
Do we end up paying for new methods to make the Internet safe (supposedly) or should we spend the money trying to educate people to recognize when they are being sent to a phishing site?
I predict (brave of me, I know) that no matter what efforts are made to protect Internet users, there will still be phishing on the Internet.
I think we're better off with the training.
Support NYCountryLawyer RIAA vs People
Entrust plans to sell its EV certs at $499 apiece per year (and that's its "intro price")... Verisign, the world's largest and probably most recognizable SSL provider, has set its price for EV certs starting at a hefty $1,300 per year.
The smallest of legit web sites will not pay this, especially when they're just starting up. Add to that the requirements (what type of corporate entity the site belongs to) and you'll have few small takers. This is definitely going to hurt small sites as all of the medium and large sites will eventually sign up. Users will eventually expect the green bar on every site where they might do business. So I see this as merely a money making scheme. If they really wanted to improve security they wouldn't rely on the type of corporation or charge such high fees.
Developers: We can use your help.
Don't trust anybody - not even yourself!
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
The purpose of a Certificate Authority is to verify the identity of the person who requested the certificate.
Since they've done such a bad job of this so far (it was quite strict at first), they've now turned around and offered a more expensive certificate with the promise that this time they'll _really_ do their job.
I've no doubt they'll get away with it when all the big names buy the more expensive certificates and see an opportunity to squeeze out the smaller competition, and/or otherwise help to raise the barrier to entry for their market. Watch this get a lot of media attention and advertising.
Instead of relying on the trustworthiness of third parties issuing the certificates, one could easily verify the key fingerprints directly.
Unfortunately, browsers make this unnecessarily difficult, and few sites (even online banking sites) publish their fingerprints offline. Wouldn't it be easy for a bank to print the fingerprints in a letter sent to the customer, possibly together with his credit card etc.? If then there were an easy way to show this fingerprint in a web browser, without clicking through several layers of complicated 'key details' pages, people could actually be sure to connect to the correct site.
Additionally, I miss a feature to lock a site to a given key. Say, I'm regularly connecting to the same site, like slashdot. I don't care if the slashdot site is actually related to some company with the same name, or whatever CAs try to tell me with their certificates. All I want to know is if the site I'm sending my password to is really the one I have been visiting since several years, or a fake one trying to steal my password. So all I need is a big warning whenever the site key changes.
Both are not too difficult to implement, I guess, but users need a little more training than just telling them 'a green browser bar means secure'.
"should we spend the money trying to educate people to recognize when they are being sent to a phishing site?"
The Six Dumbest Ideas in Computer Security - See #5 - 'Educating Users'.
I don't know specifically which bit in the certificate makes the address bar green, but the idea of these certificates is that the CA took extra super care to make sure they weren't issued to some bum, but to the people the certificate says it was issued to.
The example in the article immediately points out a failure of this idea. Go to entrust.com and your address bar turns green. And who is the CA that has verified that this site is really operated by entrust? "Entrust or an independent local registration authority has verified that Entrust Inc is an existing business and owns or operates the domain name www.entrust.com".. Yeah. So, this is basically a self-signed certificate, but it turns up green, because you're supposed to trust entrust, because you're supposed to trust entrust, because you're supposed to trust internet explorer.
Meanwhile, their 'extra validation' CPS states that they offer no warranties or guarantees, nor any detail about what they DO do to make extra super sure they don't issue certificates to some random Joe.
SCO employee? Check out the bounty
We all know $$$ doesn't buy security. However I do think that Microsoft is open to a class action law-suite by treating none enhanced certificate holders differently.
So, the CA oligopoly is now going to be charging extra for doing the assurance checking they should have been doing all along but now admit they were not. And once they decide they need more money I am sure they will claim that they have been screwing up their assurance checking on these new ones as well but for a little bit extra, they will do SUPER DUPER identity validation. Then we can REALLY trust the certs.
Why are we paying and trusting them again?
Finkployd
I have one major gripe with HTTPS:
If you don't pay the Powers That Be, you can still make your site more secure, but it will appear to be less secure.
The way HTTPS normally works is that you create a key to be associated with your domain name. This key is then signed by some certificate authority (supposedly after verifying you are you). If the certificate authority is one of those trusted by your visitors' browsers, the browser will go ahead and use your site, as well as display some indication that it is secure. The security includes both encryption (confidentiality) and authentication (you're really communicating with foobar.com - VeriSign says so).
However, you have to pay the certificate authority to sign your key. If you don't, you can still sign the key, but it won't be trusted by browsers. So far so good. The problem is that browsers will scream bloody murder, because they can't verify that you are you, making at look like you're attempting some kind of scam, while, actually, you're offering your visitors encryption. It's not as secure as encryption and authentication, but it's still better than plain HTTP - a protocol which browsers will accept without a hitch.
As a minor issue, the SSL key is sent during the connection set up, before the client can send a Host: header. This means that each host wishing to employ HTTPS has to have its own IP address - otherwise, the server doesn't know which key to use. There's actually a way around this: HTTP 1.1 specifies how to upgrade a connection to HTTPS, which can be done after the Host: header has been sent. Unfortunately, a lot of software appears not to support this feature.
Please correct me if I got my facts wrong.
Just my 2 cents, I believe this "green bar in IE7" even if/when other browsers support it, won't matter. If I want to buy something I will buy it, with confidence.
That depends upon how you mean that.
If I get a certificate issued to server "apple" at "berry.com" with address 123.456.789.012, then that is all that you know from that certificate. The server's resolved name and address match the server name and address for which that certificate was issued.
But that is all you know. That means that that certificate cannot be moved to a different server. Even one owned by that same company.
But it tells you nothing about whether the site is who "it's claiming to be".
Example:
A phishing site can claim to be from Bank of America and have a legitimate certificate issued to server1.BoA-security.com. But it would not be a Bank of America site.
This new plan attempts to deal with that issue by making "green" certificates available
Now, whether that belief is accurate or not does not really matter. It just moves the goals AND causes concern amongst the mom-and-pop shops out there.
I thought it was obvious this was nothing more than a money-making scam. You know, like those "Privacy Certificates", where anyone with a privacy policy gets a cert. Even those whose policy says "we'll sell your info to anyone whose check clears"...
Learning HOW to think is more important than learning WHAT to think.
The user interface aspect of this is a good idea. One of the bad things about x.509 up to now is that it's all-or-nothing; the other side's identity is either completely trusted or not trusted at all. Real life isn't like that, as pgp took into account a decade and a half ago. Acknowledging that there is a degree to which the other side has been authenticated, and then showing this in the browser, is a step in the right direction. I enthusiastically approve of this change to browser UIs.
On the non-UI front, things are a little less encouraging, but it's still a slight improvement (but with a dark side). It is a fact of reality that an identity certifier has limited resources and no matter what they do, they can be fooled. Letting the certifier put something into the cert to indicate how hard they tried to authenticate, is a good thing. When I sign someone's pgp key, it's good that I can indicate degree of trust; casual trust if all I did was look at someone's government-issued photo id, and strong trust if I actually know the person I'm signing (i.e. a fake ID wouldn't be enough to fool me). I am pleased that the x.509 system now has some sort of way to do this.
It's still unfortunate that they left the biggest weakness in the system, though. An identity is still only certified by one certifier. That's really dumb. Verisign can be fooled, Thawte can be fooled, I can be fooled, but fooling all 3 of us at the same time is a bigger feat, so that would be a great way to improve the amount by which an identity can be believed. That's something that pgp also figured out a decade and a half ago, but x.509 hasn't caught up.
But that leads to the dark side. I think there is a reason the system doesn't support multiple signers: it makes it easier for new CAs to enter the certifying "market", and also could lead users to think about how much they trust the big brand name certifiers. Suppose I claim to meet Amazon's keymaster and I sign their cert. The issue that 99.99% of users would face, upon seeing my signature on Amazon's key, is that they don't have the foggiest idea of who the hell I am or why they should trust me, so they would go into their software and make sure their trust level for me is zero (or really really close to zero). Actually that would be the default. But then it strikes the user: "Wait a minute, how much do I trust Verisign? I don't know any more about them, than I know about Sloppy." So the user then goes into their software and also sets Verisign to a low value. The user should only really trust people they have reason to trust. They probably wouldn't really delete Verisign from their list, but they'd set the trust level to very low. Probably not zero, as there's some "sheep factor" faith level in a big brand name. But the whole issue of thinking about who you trust and to which degree, would be a major threat to the brand name CAs.
I understand why Microsoft is willing to play along with the big CAs. I don't understand why the Mozilla, Konqueror, Safari, etc teams do. Supporting a multiple-certifier system (e.g. OpenPGP) would improve those browers with no apparent downside.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Domain: www.entrust.com
Server identity:
CN = www.entrust.com
serialNumber = DOC:19961216
OU = it
O = Entrust Inc
jurisdictionOfIncorporationStateOrProvinceName = MD
jurisdictionOfIncorporationCountryName = US
L = Ottawa
ST = Ontario
C = CA
Issuer identity:
CN = Entrust Certification Authority - L1A
OU = (c) 2006 Entrust, Inc.
OU = www.entrust.net/CPS is incorporated by reference
OU = CPS CONTAINS IMPORTANT LIMITATIONS OF WARRANTIES AND LIABILITY
OU = AND ADDITIONAL TERMS GOVERNING USE AND RELIANCE
O = Entrust, Inc.
C = US Certificate has 10 extensions.
The CA Browser Forum has published a standard for these certificate. So that's what we go by.
How do you tell this is an Extended Validation certificate? That's not in the CA Browser Forum's standard. It's dependent on the certificate issuer.
It's documented, on Entrust's web site "Each EV SSL Certificate issued by the Entrust EV SSL CA to a Subscriber contains an Object Identifier (OID) defined by the Entrust EV SSL CA in the certificate's certificatePolicies extension ... which
by pre-agreement with Application Software Vendors, marks the certificate as being an EV SSL Certificate.
The following OID has been registered by the Entrust EV SSL CA for inclusion in EV SSL Certificates: 2.16.840.1.114028.10.1.2"
That OID number appears in the middle of a comment in the certificatePolicies extension. So, for each issuer, you have to look for something different.
The certificate checker has to be really careful. To verify that a certificate is an Extended Validation certificate, it's not enough to find that OID. You have to make sure that the certificate was issued by the issuer entitled to use that OID. Otherwise, it's easy to forge these certificates.
But if you're too thorough in the checking, the certificate bounces. The whole point of an Extended Validation certificate is to validate the company's identity. So we have the new fields "serialNumber", "jurisdictionOfIncorporationStateOrProvinceName", and "jurisdictionOfIncorporationCo
Good post; your analysis is spot on. If I had mod points, I'd mod you up. Alas, I've already posted in this thread.
Please correct me if I got my facts wrong.
It is far worse than that:
In the end, the benefit of SSL is that of encrypted traffic. The data goes from the client to the server, and nowhere else. That's what a certificate actually ensures. Nothing else. Not one blessed thing. The people who built this scam were either miserably uninformed and/or confused, or underhanded types who recognized the money to scooped up from people who could not afford to have a browser inaccurately claim that their business "might be a scam."
This is just one more case where superficial thinking about something is being used as an excuse to generate a large and healthy cash cow over and above the current certificate scam. Nothing can legitimately substitute for you checking for complaints, longevity, experience with the product(s) you are interested in, that sort of thing. Which in turn means that by definition, the foisting off on the consumer that the "browser bar turning green" means "shopping or interaction is OK" is outright illegitimate.
And will any of that stop this from happening? Not a chance. Because it isn't only the consumers that are failing to do due diligence here; it is the browser writers as well, and as per usual, we start with Microsoft who does not have the consumer's best interests at heart.
The attempt is being made here to do something that is impossible. Wy? Because an operation that was trustworthy yesterday can become untrustworthy tomorrow. Likewise, an operation that was controlled by scammers can replace those people. It is a matter of people and goals that no one can see through the veil of the Internet. This is aside from the creation of a "ghetto" of untrusted merchants who cannot get certified, or cannot afford to get certified.
I saw a comment elsewhere here by some moron who was pontificating about how "if some business cannot afford $500 for this cert, I would not trust them, etc. ad nauseam." The fact is, some businesses are striving on the edge and that money is important to them. Seeing as how it does nothing for them but keep them from being creamed by this new scam - meaning, it doesn't add value to what they do, just brings them back to a status quo
I've fallen off your lawn, and I can't get up.
Globalsign does this too already : http://www.globalsign.com/digital_certificate/exte nded_validation_ssl/index.cfm
SSL Certs should go hand in hand with domain registration and every domain registration should include a wildcard SSL Cert for that domain. A cert isn't a valid way to prove that John Smith or company x controls the site, it is a valid way to assure that the content you are viewing is coming from bla.com. There is no reason that every domain on the web shouldn't have the ability to give visiters that assurance. It uses what, about a penny worth of electricty to generate a cert? Wildcard certs don't cost anything more to generate then individual certs. This would drastically increase the security of the web and allow independently operated non-commercial domains the ability to secure content.
Right now SSL Certs aren't being used to make the web more secure. Certs are being used to gouge online commerce sites so that a few companies can exist selling them.
This is a thinly veiled protection racket. You're a sole proprietorship, general partnership or individual? You will be labeled as a possible phishing site, and lose potential customers. You are a small (or large) business? Pay up the $1300.00 per year, or you will be labeled a possible criminal and lose business too.
These certificates offer the business nothing of value. Pure racketeering.
This does little to actively protect the consumer, and once this gets hacked (my guess is sooner than later) it will do nothing to protect consumers. This only works in favor of large corporations by decreasing competition.
It has been claimed that the issue with small businesses & EV certs is moot, because Google checkout is getting more popular, paypal and ebay will surely get EV certs, and within a few years from now many online merchants will be providing paypal and Google checkout options.
Some small business prefer not to use third party 'shopping cart' services. This increases their overhead, and once again funnels money from the little guy into the pockets of corporations. Many small business owners are loathe to relinquish any control over their business. Also, some people find writing and maintaining their own (or FOSS) shopping cart to be just plain fun! Not to mention educational.
So, the solution for small business is to either PAY Entrust, or PAY Google et al? Not a solution, afaic. It's a scam.
I can't believe this doesn't violate anti-trust laws or racketeering laws. It's hostile to small businesses and completely excludes sole proprietorships, general partnerships and individuals, as they aren't even eligible for the green bar 'status.'
This causes far larger problems than it solves. This only marginally protects the stupid (who fall for phishing scams) and deals out serious punishment to the honest business owner. I predict we will see many small web-based business go under because of this. Another anti-entrepreneur blow from the capitalist elite.
Another way to look at this is 'Presumed guilty until innocence is bought.'
This all sounds well and good, until you are asked to deploy and support intreanet-based applications on private IP address ranges, like the company I work for.
The UI for our product is web-based, and of course we prefer it be SSL encrypted, as it can contain sensitive information. But because the product is always deployed AFTER sale by our customers on some private IP address, with god-knows-what hostname, there is NO WAAY for us to provide them with a valid SSL cert. that will not pop up these annoying warning dialogs.
The problem is exasperated even more by the new IE7, which doesn't just provide a warning dialog, but a full page near-error message.
There is no way around these messages, aside from ample documentation. This is where the SSL standard falls FLAT ON ITS FACE. It is only acceptable for PUBLIC FACING, INTERNET BASED SIDES. It is TOTALLY UNACCEPTABLE for intranet based solutions.
Now, this really is not totally an SSL problem. The browsers are to blame as well. There should be a simple setting you can enable (and I would even go so far as to say it should be turned on by default), that excludes the need for SSL authentication on the private IP address ranges (172.16/16, 192.168/16, 10/8, etc. ).
SRP would go a long way to prevent phishing more reliably, and you don't even need a trusted authority (though one is recommended).
SRP is a password-based system, rather than a key-based system. SRP validates not just that the client knows the password, but that the server knows the password (hash), all the while not revealing anything useful to an eavesdropper or a man in the middle. It uses the password to establish a shared secret (session key) between the client and server for further communication.
It would help with phishing, because if the server you're connecting to doesn't have your password (hash), the logon attempt will fail without giving the phisher anything useful. SSL isn't enough for this, because phishers just get SSL certificates.
The weak point of SRP is establishing the password at account creation, and here SSL is important. Banks would go further and use out-of-band communication (phone, etc.) to help with account creation.
Web browsers don't currently support SRP, but supposedly the Firefox team wants to add it. An important part of such a feature will be making unfakeable dialog boxes so that novice computer users understand when it is safe to enter an important password. UI design means a lot.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
To make sure I was safe I tried to go to paypal-reverify.com, but the page wouldn't load. Can someone check that's it's working correctly so I can make sure my account details are verified and secure? I'm pretty sure I'm safe since I recently went to https://www.visa-secure.com/ and changed my password from "password" by adding a number 1 on the end -- since I'm told that putting 1 on the end of a word hopelessly befuddles all those hackers.
Maybe I'll just verify my account details by responding to email. That way there's no chance that hackers at a web site will be able to steal my information. I won't have to worry about a green lock at all, or anyone making it green with a hacker thing, because it won't go on the web thus there won't be any chance to grab anything.
Since the web is so insecure, maybe someone should come up with an alternative...except we already have one. We can just use email instead. I can't believe no one has ever thought of this before. No one will be able to steal anything because there won't be a web site to fake, and there won't be all that confusion about locks and yellow things and green locks, and that technical stuff.
This orgnization represents what is wrong with the software industry today. On top of unfair business practices and anti-competative monopolistic bullying -- they:
* write insecure products that people cannot fix themselves
* delay patching their insecure products
* try to prevent SOA/REST from emerging quickly; relying on obscene vendor lockin for revenue
* build and use languages that promote and maintain poor programmming practices
They are the prototypical entrenched power monger, and they continue to pollute the industry with poor behavior, which is accepted only becuase they yield so much power with their cash.
Windows 2000 was their best product, everything else has just been a slow, painful death slide.
The purpose of a certificate is for a server (or less commonly a client) to "prove" that the public key it's presenting belongs to the entity that its peer intends to communicate with. If you don't know that you're using the right key, what's the value of encrypting? I agree that many CAs have weak verification processes, and since any CA can certify for any domain then the value of certificates is determined by the worst CA. However, a certificate by a known CA is still somewhat more trustworthy than a certificate by some random key about itself.
This is because x.509 was designed for the Directory Access Protocol (x.500) which is entirely hierarchical and has no room for uncertainty or rival authorities.
This still says nothing about trustworthiness, though.
It's also inherent in x.509. As I implied, it's designed to have only a single root. In reality we have multiple roots, but validation of a certificate still has to lead to a single root CA. Divergence or cycles in the "trust path" will cause existing x.509 implementations to explode.
I agree that this makes sense. But at present most users don't even understand the difference between the browser's security indicators (lock icon, yellow address bar, etc.) and in-page security claims (bullshit like Verified by Visa). I have no hope at all that users in general will be able to make sensible decisions about which CAs to trust.
The whole stupid system depends on global agreement as to which are the root CAs.
I don't know about others, but having a valid key from a CA doesn't make me trust the site any more. I don't care if they have "levels" of trust. I look for a CA to verify the site is who they say they are and there is no man in the middle attack (supposedly).
I trust the site based upon what I know about the company behind it. If I don't know anything, I'll try searching for info about them before I buy.
The issues for me are:
It can't "prove" any such thing. A simple security breach, or intended malfeasance on the part of the cert holder, and you're talking to someone else. The idea that it could prove such a thing more than half a second after it is issued is 100% illusion.
The same as it has always been: Limiting exposure of communications to the parties with the ability to decrypt the data. Nothing else. For instance, in the case of e-commerce, it limits the number of parties who get access of your credit card data.
How so? It doesn't mean the identity is correct; it doesn't mean the location is correct; it doesn't mean ownership is correct; so what does it add? Both get your data encrypted just as well.
Now, if you're talking about adding value because CA certificates aren't subject to the scam where the browser scares the heck out of the client, and where the client is deluded by the marketing of said scams by the CAs, then I agree. That's my point. It's a scam.
I've fallen off your lawn, and I can't get up.