Slashdot Mirror
Is It Time For an Open Source Certificate Authority?
cagnol writes "So far there are three free ways to get a free certificate to sign your email and receive encrypted communications: Thawte, Comodo and CAcert.
Thawte's root certificate is in mainstream browsers. Thawte's interface is good and the web of trust allows for increased security by verifying people's identity. However Thawte is not open-source; worse: it is owned by VeriSign. Comodo's root certificate is in mainstream browsers too but there is no web of trust and their forms are not always working.
CAcert is the closest to an open-source certificate authority but is not open-source and it seems that parts of the system are shaky. CAcert provides a web of trust. Unfortunately, CAcert's root certificate is not in mainstream browsers.
Don't you think it is time for a true open-source certificate authority? Should this community be related to the Mozilla Foundation and comply, since day one, with the requirements to get a root certificate in Firefox?"
That's a fantastic idea! Why don't you pay for setting up and running the whole company, then I'll go and use it! Oh and while your at it, can't you set up open source supermarkets too?
I've fell out of love with public-key signature schemes as a means of proving authenticity. There are a few problems with the idea in general:
I think Zimmerman, with his ZPhone program, has got it right. Really, all you're interested in for E-mail or VoIP is not whether the person really is Simon Johnson, of Widnes, based in the United Kingdom who is 23 years old with a pet dog called Thornton. You're actually interested in whether this Ckwop guy I'm speaking to now is the same guy as I spoke to last-time.
When you weaken your security requirement to this position, you can remove a staggering amount of complexity. You can cut out all the CAs, all the X.509 certificates and ASN.1 implementations etc. What you're left with is Diffie-Helman and AES in CCM mode. You can implement this in a couple of thousand lines of provably correct code and your done.
The real way to solve the "identification problem" with web-sites is to change the way credit-cards work. You have a secure token that outputs a different string every thirty seconds. RSA have made these but they're very expensive for no explicable reason, the banks would develop an open-standard in my model to drive down prices. When you pay for something, you submit your credit-card along with the token's value. The transaction will only be authorised if the token's value matches what the bank thinks that value should be.
That way, phishers only have one shot to take your money. Sure, they could make a mock payment page but the auth-code is only going to work once. I think this would destroy the cost effectiveness of phishing for credit-card numbers. That said, identity theft would still be an issue.
Simon
They shouldn't be issued by private corporations but instead by the man who issues the business licenses. Otherwise, it's meaningless. So I setup p4ypal.com, buy a cert and trick people to go there. Whoopy.
What do certs really mean anyways? Just because company.com has a legit cert from verisign doesn't mean they're a good company. It means that I'm talking with company.com. Big deal.
Tom
Someday, I'll have a real sig.
All of the current CAs seem to over emphasise the use of certificates for https servers and e-commerce. Their web sites mention this usage almost exclusively and if other uses of certificates are mentioned they are hidden away.
So if an open source CA is set up, it would be good for it to give more prominence to other uses of certificates, such as S/MIME, starttls for mail servers, for VPN authentication etc.
The question posed is "Is it Time for an Open Source Certificate Authority?" But the description does not address the question. Rather it addresses the question of whether there is an open source certificate authority. First: someone needs to define what it means for a service to be "open source". Second, they need to describe why anyone should care whether a service is open source. That would be a better start to the dicussion than a laundry list of certificate providers.
Having an open source CA is one thing. Having the root certificate included in major browsers is an expensive endeavor. The www.cacert.org site has an FAQ entry about this:
http://wiki.cacert.org/wiki/InclusionStatus
Summary: Lots of open source browsers already have the cert; Mozilla/Firefox will have it soon. Internet Explorer (and apparently Apple's Safari) won't have it unless they come up with a way to pay for the $75,000+ plus $10,000 a year for a AICPA WebTrust audit.
I've been saying for years that security certificates are a scam. Everybody knows it's a meaningless number. You can write your own security certificates. With the choice between paying $100s to some shady "security company" or generating your own for free what would you choose? Face it, certificates are another barrier to trade and security compaies are greedy mafia and nothing more. How can Thwarte or Verisign or whatever be at the root of a "web of trust"? Trust from whom. Not from me. And if I'm writing the system who gets to say what is and isn't trust? From the uend users perspective, the only person that matters, they never heard of Twarte or Verisign. How would they know a certificate from those companies from another you made up with an impressive sounding company name like UltraSecure or SafeClick? It's a meaningless game. And it's not like this "trust" gives any party some legal recourse or adds accountability to the operator. Yep, Open source certificates all the way. Anyone can set up a verification system selling zero cost numbers to strangers if they sign a form or show their driving licence or something, but it wont make anybody or anything more secure.
The site talks about doing paperwork for TTP. Yet I can find no link to the TTP paperwork.
Can someone post a link here, or edit the wiki so finding the TTP paperwork is simpler?
It's called GPG. It can be used with TLS as GNU TLS demonstrates. The one issue is making sure that GPG/TLS is implemented more widely.
Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
It's already possible to get SSL server certificates for a few dollars; these "work" in the sense of not triggering scary browser messages but are essentially worthless in the sense that they do not provide any further positive identification of site ownership. Unfortunately it's hard to see how anything "open source" could improve on this, unless the open source CA were willing to provide background-checking services for free.
It's also already possible to get high quality free/beer personal identification certificates for example the Thawte Web Of Trust who issue personal certs based on real-world check of national ID such as passport.
What we really need from an open CA is something you cannot to my knowledge get elsewhere which is reliable code-signing certificates without spending hundreds of dollars.
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
Right now there are plenty of free certificate authority programs out there. The only difference is that the authorities are not trusted by the browsers. If you could have every authority trusted, the certificates would mean even less than they do now. All we really need to do is take the methodology CAcert uses and add their authority to the browsers.
Talk about hitting the nail on the head; I couldn't have said it any better myself.
Personally, I think the submitter just wants free certs. Granted the prices the big boys charge are simply outrageous, but I don't like the idea of any random, anonymous asshat being able to get a free cert signed by a root CA trusted by the default operating system / browser installation. On the other hand, nobody pays any attention to certs anyway so maybe it wouldn't be any worse than it is now.
Sounds great, maybe one of the Ubuntu guys can help? How about that one guy?
"So far there are three free ways to get a free certificate to sign your e-mail and receive encrypted communications: Thawte, Comodo and CAcert."
I must be missing something, because the first thing I thought of was PGP that we've had for 16 years.
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
Thawte was developed by Mark Shuttleworth. He sold it for $560 million in 1999. He's now responsible for Ubuntu.
I thought the whole idea of trust certificate type things was because the closed source ethos means there's no way to know what's in the program you're installing, so it has to be certified as trustworthy?
I didn't think open source needed that kind of thing.
When it comes to installing things via browser I prefer firefox's 'authorise this domain' thing, which is independent of certificates.
perhaps the reason there's no open source equivalent of these certificates is that its never come up as a problem.
I may be missing the point, as I said, but I am a mere academic hacker type, all this buzzword filled security stuff tends to pass me by. The only security I have in my software is 'if you run this as root you're a dickhead', only not that rude.
Whatever people say about the market share about !IE, MS is still a signficant player in the browser market and will be for at least $\infty$.
I'm sure that the a hypothetical CA would more than happy to 'do a deal' with a hypothetical market leader on browsers to ensure the competition were locked out of mainstream acceptance.
You don't get your cert onto IE, you don't get your cert onto the net. Especially as so many high security organisations (like banks) stipulate (or used to until recently) that IE had to be used.
How long until this issue raises its head seriously and MS gets dragged through the courts over it?
-1 not first post
Two points.
1) To be a cert authority, don't you need at least a medium-sized farm of supercomputers to mine very large prime numbers [<=, say, 2^4096] from the greater ether of non-primes? And ain't that gonna require some pretty serious investment $$$'s?
2) A little off-topic, but what happens in RSA if you cheat, and use non-primes as your keys? [Often the math will still work, but sometimes it won't - and what goes wrong if it doesn't?]
"...an Open Source CA system to exist,..."
The problem is that if you want encryption, you either buy a certificate or you have the user presented with a misleading dialogue box that suggests that you are not trustworthy ... or rather the reverse is not true: just because you have a certificate does not mean that you are trustworthy.
Joe Sixpack does not understand the difference - which is only good for the profits of Versign and friends.
It would be nice if the two could be somehow unlinked.
The crux of the problem is that the CA's have a different view of what the certs are for then the end users. They also have a vested interest in viewing it the way they do.
The person sitting at the browser wants to know that the communications are secure and they don't want to see any scary messages. Most of them do not have any idea that the the certs are also supposed to confirm identity.
There should be room to allow for encryption only type certs.
Open Source CAs are pretty straightforward. All the code is available, and people are already doing it. The difficult part is establishing the trust model. The root CA needs to be well managed. But, more difficult is the process for issuing new certificates. If you just give cert's out without strong validation of who you're giving it to, your trust model is worthless. If anyone can go in and freely get a cert, what confidence do you have that the cert holder is not a "bad guy"?
That's why commercial CA's, like Verisign,cost money, and provide a real service. They do try to verify the organization they give cert's to. It may not be perfect,and many people complain about how strong that validation is. I can imagine what those people would think about an open source CA, and their level of validation before providing certs.
In order to do any sort of secure transaction on the web, you need SSL. If people don't see the little lock icon, they will be very unlikely to trust your website. To get that icon you need a signed SSL certificate. Sure, you can sign your own. However, if your cert isn't in the browser, then users will get a warning popup that your site might not be safe. That's worse than not having the lock in the first place.
Verisign, Comodo, and others have a big scam going on. Whoever wants to conduct secure business on the web needs to pay one of them a toll to get their certificates signed. There's no reason that this should cost money. Signing a certificate is such a trivial activity. It's more effort to write this post on Slashdot than it is to sign a cert.
We either need a new security mechanism for secure transactions on the web or we need a free and secure way to get certs signed. Without this, we will always have a few companies acting as gatekeepers deciding who is allowed to conduct secure commerce on the web. That is not cool.
The GeekNights podcast is going strong. Listen!
Thats really the reason why people dont use encrypted e-mail.. Nobody can make it free and simple without any hassle.
We already have a OpenSource friendly CA StartCom. http://www.startcom.org/ It would be nice is Mozilla included them and if Thunderbird automaticaly generate "Idenity unverified" certs for its e-mail users.
I dont know, maybe its not possible.. still it would be nice to shut down Verisign.
Bringing liberty to the masses. - http://freetalklive.com/
Along with secure shopping, we need a way to send email encrypted. When I click on the enable encryption under tools on my email program, it should tell me about generating a public key set. Then when I want to send an email to a friend, it would tell me about needing my friend's public key. The program should send off an email to that friend asking for his public key with my public key in-tow (or get it from a key server). Then the friend can click on a link that was in the email that I sent, and his key pair would be generated or simply send his public key to me if already generated. I get his public key and am notified that I may now send him encrypted messages. Simple as can be, Why has it not been implemented yet Seamonkey or Thunderbird?
"you have a play itself backwards, very sick and its it has to be fun it a break, if In addition, be a lot slower may weel remain Abysmal sales and a conscious stand survey which backward and said tangle of fatal obsessed - give continues in a its corpse turned subscribers. Please IS DYING LIKE THE Core team. They sales and so on, Munches the most Creek, abysmal users. This is get how people can up today! If you least I won't log on Then the [nero-online.org]. Gawker At most wasn't on Steve's"
My decoder ring says this tranlates to "Meet Grovneck at the embassy at midnight".
Need Mercedes parts ?
Certificate Authority:
...
secretaryofstate.state.us or departmentofcommerce.state.us
you should recognize who it is
Far more paperwork and verification is done to incorporate (business licenses.) They have to commit tougher crimes to sneak off with a corporation or LLC. You have multiple parties interested such as the IRS and secretary of state who look bad if dummy corps are floating around (you don't mess with the IRS gangsters.)
Certs allow for multiple signings if I'm remembering correctly. There is no reason freemarket freaks can't have their meaningless verisign certs or have verisign sign their government cert. There would still be a market for individuals and "high-end" additional verification but that would be just be for gullible people.
I've been saying this for a decade now. When will people come to their senses??
It wouldn't cost much. Local gov could source out the service for your irrational freemarket nuts.
My experience with government contractors:
1
politician X wants payoff for a friend
gov service is fattened up for the slaughter (sabotage or just talk)
politician X moves to kill
friend promises the world for half price and gets "special consideration" (for Bush skip this step)
friend doesn't meet obligations and/or goes over the bid (politicians in support cover their seat)
friend milks it for all its worth
Reformers kill contract or make it less profitable (friend moves to next city)
GOTO 1
Democracy Now! - uncensored, anti-establishment news
More often than not, when I go to install a new software into my Windows computer, I am presented with a warning that the software has not passed Windows Authentication. Usually, there is either printed documentation, or a window below the warning, telling me to ignore the warning, and Click OK.
I have done this enough times, that I now click through the warning without hesitation.
A visitor to your secure website could be likewise instructed to ignore the warning, and told to explicitly "add this Certificate" which will permanently dispose of the warning.
Seeing this warning once or twice, the public will become accustomed to adding Certificates, and the Monopoly of the CA's will be damaged or broken.
The answer, therefore, is to make liberal use of Independent Certificates, or use as your CA, a commonly used Open Certificate. For example FOSSCA.
The major Authorities will try to smear as untrustworthy the FOSSCA but eventually, people will click through it, just like they do with the Microsoft warning.
Running a certification authority has many, many responsibilities. Since open source and community related structures are handled most of the times by volunteers, such a CA is almost not possible. There are things at a CA which can't wait for some volunteer having the mood to do it. CA policies don't allow much playroom, but requires strict adherence to it.
StartSSL of StartCom is the closest it can get what pricing and openness concerns.
The whole point of Certificate Authorities isn't just to distribute certificates... it's to make sure that the certificates are valid and that they are giving them to the right people. Being able to make whatever certificates I want makes the entire thing meaningless. If there is an open source CA, I could create a certificate that says I'm Linus Torvalds or Bill Gates... who would make sure that I'm really who I say I am? If you can't guarantee that the cert is correct, then it makes the CA useless.
The only way you can make it meaningful is by having some type of investigation. Granted, most low-level certs are pretty much rubber-stamped however, there is the concept of higher-level certs that require more and more verification. For example, code-signing certs probably require a higher level of verification.
This costs money and there has to be some sort of financial interest to generate this.
The issue isn't the source code for CAs, Openssl has the code to generate certs, which makes it a valid CA, it's about making sure the certs are valid.
How can a certificate authority be "Open source?"
Maybe what the submitter meant to say is free (as in beer)?
I wish I could apply moderator points to articles so I could vote that part of it flamebait.
On day one, there were no requirements to get a root certificate in Mozilla. Mozilla essentially played a "me too" game in the beginning, putting in root certificates fairly willy nilly. It was only when CACert appeared on the scene that Mozilla magically decided on a set of standards. Not right away, of course. No, first they dragged their feet, then admitted it was an issue that needed dealing with, then created a policy and promised CACert would be added. That was three years ago.
I suggest the buzilla report on this issue as interesting reading. Speficially Frank Hecker's post is illuminating.
No one could have worked harder with the Mozilla foundation than CACert.
I think the OP is worded a little strange and but I think I understand what you are getting at. The problem here is, as others have pointed out, you would essential have a free service and you get what you pay for. Who is going to do all the identity vetting and verifications of those requesting certificates? Are you going to have a full time staff that is verifying who individuals are and that they're authorized to be making such requests? What are the odds tons of *.microsoft.com and *.whatever.gov certs get issued? My guess is this would either be an unusable service (extremely slow in turn around) or it would be absolutely useless.
Why would it be useless you ask? (two main reasons)
Reason 1: With this sort of poor service I highly doubt anyone would want to trust this root certificate in their web browser or anywhere else for that matter so it would really be no different than a self-signed certificate.
Reason 2: If this service was trusted, it would be a major security issue. I think the number of people getting certificates that should not have them would be 100x what it is now.
Yes as you can see by my last statement in 'Reason 2', I am aware that there are times VeriSign or others have fowled up and accidentally issued certificates to those they should not have. However, I guarantee you this would happen much more often with a service like this. Also, the number of times this has occurred is amazing low -- due to a good process. With these other CAs you get what you pay for.
Oh yea -- last comment which I know you guys will love. Microsoft will never put this into IE! What does that mean? It is borderline useless. IE still has the majority of the market share. You can argue with it all you want, but it is true. You can import any CA's root cert to your browser of course. However, we're looking at things here on a grand scale. Not just what a group of 20 nerds want to do.
Should this community be related to the Mozilla Foundation and comply, since day one, with the requirements to get a root certificate in Firefox?
Mozilla has an open policy. The problem is not Mozilla, but as in your suggestion Cacert, which in four years time failed to comply to the policy of Mozilla.
However there are essential problems running a CA by volunteers - which one of the reasons why there isn't any such volunteer CA supported by major software vendors.
I have used SimpleCA and it seems to do the job. I am thinking why not use simpleCA for a closed community. Of course, Internet is a different issue.
I think the whole certificate authority scam is a solution in search of a problem. Yes, there are useful man-in-the-middle attacks where a public key hasn't been independently validated. I won't claim otherwise. I will claim that for nearly every application there are so many avenues of attack with a higher probability of success that worrying about key validation is a little like digging a nuke bunker while terrorists buy plane tickets.
For one thing, you don't have the wherewithal to dig a nuke bunker than allows you to survive more than the most cursory nuclear exchange and you probably won't be near the bunker if it happens anyway. For another, the focus of the attacks which aren't just in your imagination is elsewhere.
Unless you demand perfect encryption in everything, you won't be ready if the attack ever does come. And you won't demand it because you're not prestigious enough for your field of contacts won't put up with your folly. Besides, its the buffer overflows and related software bugs that are going to get you. Until that starts to draw to a close, worrying about key validation is an exercise in futility.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
https://bugzilla.mozilla.org/show_bug.cgi?id=21524 3#c164
Pasting for those to lazy to follow the link.
Rich Freeman wrote:
>
> It just seems like as an organization we [The Mozilla Foundation]
> should be trying to foster open source projects.
Whoa, there. I'd just like to point out that CaCert is not an open source
project in any sense of the term. It uses open source software *internally* to
provide a free (as in beer) service, but CaCert distributes no free (as in
*freedom*) software, and no software that could even remotely be considered
open source. Just the opposite in fact, see the license here, on their site:
http://www.cacert.org/src-lic.php
It clearly states that you:
1. may NOT modify the source code [...]
2. may NOT make copies of the source code [...]
3. may NOT give, sell, loan, distribute, or transfer the source code files
to anyone else, an, my favorite:
4. may NOT use [CaCert] software created for any purpose or reason other than
verifying that there are no unknown vulnerabilities or the like or otherwise
making your own assessment of the integrity of the source code and the security
features of the CaCert software
Furthermore, below it goes on: "All rights not expressly granted to you
[editorial comment: which would be "none"] in these license terms are reserved
by CAcert. CaCert retains ownership of all copyrights and other intellectual
property rights throughout the world in the CAcert source code and software.
You agree that CAcert will be given a perpetual non-exclusive rights to any and
all derived code, and you hereby assign rights in any modifications you make to
the source code and in any bug reports you submit to CAcert."
This just may be the single most disgusting and ill-advised hybrid software
license I have ever read. The author apparently seeks to keep the software
100% proprietary, guarding it from "competitors", and protecting potential
future licensing revenue, while simultaneously benefiting from the efforts the
open source developer community to fix its bugs, and attest that it is not
malware, for free.
Although I wrote an impassioned comment (#12 above, of 161 so far!)
https://bugzilla.mozilla.org/show_bug.cgi?id=21524 3#c12 in *support* of
CaCaert, uh, 4 years ago now, and was a CaCert user and Assurer, I discontinued
my involvement because the source code was released by the founder only months
later, after much prompting and delay, and when it was finally unveiled, these
onerous licensing restrictions were "slipped in" with zero community
discussion.
When I asked why the code was not made open source, the founder described his
perceived threat that if it was made open source, then other free CA's would
start popping up out of nowhere to run our code and to compete with CaCert and
he felt that this would decrease CaCert's chances of getting its root cert into
Mozilla, and then IE.
This seemed a paranoid and protectionist attitude and I've no longer
participated in the Assurer program or the CaCert community since, though I
have monitored the mailing lists. After the founder's recently announced
resignation, perhaps the new board of directors (or whatever governing body
structure they adopt) will revisit this anti-competitive, closed source
position.
I had though a free CA would be a good thing, and if one is good, then two is
better, and hundred would be fantastic! So if they all *do* pop up, and share
code and development effort, I believe that all will benefit and perhaps,
someday, all will be accepted by all the browsers, and Verisign and the sma
My Hello World is 512 bytes. But it's also a valid Fat12 boot sector, Fat12 file reader, and Pmode routine.
What I am really interested in is whether or not the person I am talking with is real and accountable. I do not want to talk with some ficticious identity multiple times, as Zimmerman would proffer as something beneficial.
Thawte's interface is good
Clearly the author of that quote hasn't actually tried to use Thawte's site much. Cumbersome and arcane are better descriptions...
Ok, since you don't like to visit links when they are handed to you on a platter, not even when the relevant message is directly linked, I'll quote the whole thing here: My sincere apologies. I suspect that I may have been the bottleneck here -- I'm the person tasked with developing the mozilla.org policy on inclusion of root CA certs, and with approving noot root CAs for inclusion. Unfortunately between work, my wife's back surgery, and caring for a 17-month old child I have fallen badly behind on both getting the policy completed and approving any new CAs.
In any case, I have looked over the documentation provided for CAcert, and I approve of including their root CA cert in Mozilla. I'm not the person who does the actual work, but I'll send that person an email to tell them to go ahead and include the cert as soon as possible.
Again, I'm very sorry for the severe delays in getting this issue resolved.
[italics added] This was posted February 2nd, 2004. More than two years ago. That looks to me to be exactly what I described - a promise by someone at least claiming authority to do so to add CACert's root certificate to Mozilla.
the point of having the card in the first place then? Maybe I'm mistaking your suggestion for something else, but what role exactly is the actual card playing here?
Relax I just want some peanuts.
CA Cert gets much of the attention in the discussion of open source CAs, but StartCom has made more progress in gaining browser support (and hence market acceptance). StartCom certs are supported by Firefox 2.0. CACert has been working on inclusion in Firefox for several years, and appears to be getting close. Mozilla has stepped up its staff effort to review certificate authorities for inclusion in Firefox/Mozilla, including CACert.
RichM
Data Center Knowledge
Go to http://cert.startcom.org/
that many slashdotters here make a good point about it really not being necessary to have an open source CA. CACert does the job really well and I use it for internal communication security. If you really need your own CA, it is not terribly difficult to put together a very rudimentary one. In fact OpenSSL provides just that, a very simplistic, basic CA that is not terribly user friendly at all. See the man pages for openssl ca and openssl.cnf.
Open Source Authority = biggest oxymoron of the decade! :)
A true "open source" CA is almost an oxymoron. You want a CA that you trust enough that you put its cert in your browser and let introduce you to people to do the following:
1: Screen companies/people. If an applicant out of nowhere says they want a cert saying they are bigcompany.com, they better have proof of this that can stand up in a jury trial, or your CA will immediately lose trust, get hit by civil/criminal charges, and be an avenue for phishers.
2: Store the CA signing certificates in a hardened FIPS 140-2 level 3 or so HSM. The CA's private key, because its so critical to everyone in the infrastructure will end up being a big fat juicy target for hackers and physical thieves around the globe. You can't just stick it in your Windows keystorage and call it secure, you have to have hardware which is physically tamper resistant that meets up to very strict standards. Smart cards do have protection, but attackers will have enough money to throw to be able to find a way to physically decode each cell's contents on the card. Also, the private key will be used a lot, so the HSM will have to be very fast for all the transactions.
3: Browser vendors, to have a root cert, will demand auditing by an independent third party annually or semi-annually. This is expensive, in the five digit range.
Since all the above are expensive, this is why CAs have to charge, as the capital for the hardware and internal audit processes will easily top six figures, possibly seven if you factor in bandwidth, hosting, physical secure location (building with access cards).
There's no big problem running a certificate authority at a moderate cost per transaction. It could probably be done effectively for about $10-$20 per certificate.
If you want to buy a certificate for an organization, identity has to be verified. The way to do this is 1) look up the organization in corporation or d/b/a name records, as appropriate, and 2) send a letter or FedEx envelope (extra charge) to the address for service of process listed therein. You'd order a certificate on line, but it's not enabled until the letter is received and the code in the letter is entered. Disallow P.O. box and PMB addresses. This provides reasonably good address checking.
Generating the mailing pieces can be outsourced to a direct mail company. There's a whole industry out there that will print stuff, put postage on it, and get it into the postal system at very low cost. (Typical cost for this is about $0.47 per envelope sent.)
For an individual, require purchase with a credit card, and send the letter to the billing address of the credit card, which can be verified during credit card verification.
This yields certificates that provide solid address information, but without manual processing.
It's not free, but it's definitely possible to get the cost down.
I'd like to see this done for domain registration. The domain doesn't go live until the WHOIS information has been verified in this way. That would solve the junk WHOIS info problem.
Similar arguments could apply to an open-source encyclopedia:
- There is a need to screen Articles/People who write articles
- Equipment needed to run an open-source encyclopedia costs big bucks
But wikipedia is a success.
Thanks for proving a key point:
Thwaite
Thawte
The entire idea of these companies is that they present a publicly viewable, *SUE-ABLE* name to ensure a path to the company applying for the certificate. An "open ca" would be utterly useless in accomplishing this.
The idea is that verisign and pals spend a non-zero amount of time verifying you are who you say you are. Such a non-zero amount of time costs money. Hence the certificate costs money. Whether it is priced right or not is driven only by demand and production. Deal with it, or make your own.
What the hell is an open-source CA???
That's two different thing :
PGP (and GPG) are systems using public/private key pairs. They are used to encrypt/decrypt or sign data from one point to another in a transmission.
The thing that you are sure is that given one public key, only the corresponding private key in the pair could process the data in the opposite direction. (Completely independent of where that other key is).
CA are certificate. They certify that the person using a given key IS a person with characteristics specified in the certificate. For example, a CACert certificate always certifies that a given key was issued to some specific e-mail (and if you follow the correct procedure, you could also certify other verifiable informations like you name, etc.)
The thing you are (somewhat) sure is who the person with the other key is supposed to be.
PGP are about making key pairs, CA are about knowing who is (supposed to be) who.
The current problem is that, with most current application, you can only use keys issued by CA's for web site, mail servers and similar, and you have only 4 options : 3 of them being the 3 listed companies, the 4th being being your own CA and signing and certifying your own keys yourself (but in that case, it's difficult to trust the signing because no browser has a corresponding CA key to check your CA certificate. Whereas keys issued from Thawte, Comodo and CACert could be checked against the their key that a browser comes with)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Uh, yeah.
Analogously, Slashdot could be seen as being a little like a website for other cultural groups using the tag line - "New
TLS and SSLv3 are cryptographic protocols which provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. (Thanks, Wikipedia).
The interesting thing is that they can operate using certificate issued by a CA just like their predecessors (SSLv1 and SSLv2). And thus, you can just do HTTPS as before, only with a slightly more recent protocol.
OR, you can use OpenPGP keys (PGP, GPG, etc) instead. Thus bypassing the whole CA stuff, and using PGP model of trust (1. Same key = same person as last time, who ever it was - 2. Web of trust though signing of keys. You signed it ? It's a key you trust. Some of your friend signed it ? It's maybe a friend's friend. Etc.)
No need to check it against a CA key, instead you check if it is inside you keychain and if so, with which degree of trust, or if not, ask you if you want to accept a new key (that you have to verify by some means).
Thus, small users that aren't interested in paying for a CA issued key (for Thwate or Comodo) or don't want to go trough the whole hassle of verifiably certifying who they are (for anything more than an email with CACert), can just use an OpenPGP key pair, and maybe sign their key with a couple of other source, or do some other stuff, in order to make their user sure that no spoof has happened.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Verisign may well revoke it, but do any browsers pay attention to revocation lists?
Besides, if you were being fraudulent you'd have probably moved on by the time the chargeback goes through.
I think you would have a very difficult time using registration details to track down someone interested in fraud, they don't tell you that a business is trustworthy.
Certificates are only really meaningful when you already have some trust in the business in question, such as your bank or some other big name.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
OpenPGP lets you have multiple certs for a given identity. This makes it practical for anyone and everyone to be a CA.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Maybe we should have some like RBL for CACert? As the blacklist builds up, the end users will benefit from it by knowing which CAcert is not trustworthy.
The fundamental goal of CAs is to build a web of trust.
At least I don't want free certificates to be available that are pre-trusted in a browser.
Before I conduct a transaction that requires trust, I need some level of assurance that the other end of that transaction is who they say they are.
You need some barriers for people to prove they are who they say they are - otherwise the bad guys will take advantage of it - and the situation would be akin to spoofing email addrs and SPAM - arguably with more on the line like your identity or credit card info.
No thanks.
why does this need to be 'open source'?
So I look up SRP on google and it looks like you're talking about the stanford remote password protocol.
/etc is your friend. Near as I can tell without taking more time than I want to, the only advantage they can claim for srp is the lack of fallback.
So I look on the competitive analysis (or something) page and I read something about Arcot Systems offering a software based multifactor and it seems to be recommended as stronger than ssh.
Red flags.
Any cryptographic key is subject to the physical possession vulnerability _by_ _definition_. Trying to handle parts of it in software just drops the bar. There are two problems with the hardware token.
One is that, just like a lock is pickable, hardware tokens can be analyzed.
(One advantage of tumblers is that picking a lock requires a certain amount of expertise to perflorm without being obvious. Electronic keys can be analyzed, well, electronically.)
The other is that the token is subject to the man in the middle. (The collars on card readers at ATMs in the UK, are one example, MSWindows 'bots are another.)
If a bot has a an encrypted software token on it, it has the library to read it, the library can be used by the parasite as easily as by the host. Anybody recommending a protocol that is supposed to be better than ssh who doesn't recognize this can't be trusted.
Their characterization of SSH as a "pseudo-strong" method (ergo, inferior to srp) seems to be entirely based on SSH's ability to fall back. If falling back is a problem,
is actually the only solution.
People who (emotionally) need faceless on-line shopping should pay extra service charges and put up with some extra steps for the authentication.
Alternately-abled individuals should be able to get the extra fees waived.
The rest of us can jolly well take a walk to a local authentication center where someone who probably recognizes us our face can check the photo-id on the card, log into the appropriate merchant network, and put an ack signal on the purchase we've just made on-line. Could be a convenience store clerk or somebody at the [insert-name-of-superstore] service desk, or a postal clerk. (And keep Microsoft software and any general-purpose web browser, including Firefox, well away from the authentication network. In fact, the authentication network should not be visible from the web.)
What about the faceless on-line shopping?
Dedicated software browsers, one for each of your financial institutions. They are programmed with one-time pads and asymmetric authentication, so they just won't even connect with anyone but the financial institution they are programmed for. You go to your brick and mortar local office when you need a new one-time pad and when you first get the client app.
And they do not run on any general purpose PC or PDA. They run on a (probably somewhat standardized) $100 box that has a smallish, cheap LCD (type) screen and a smallish keyboard and plugs directly into your hub or router, not into your PC. (Yeah, I know the router is still a weak point, but we can work on that as well, once everyone realizes just how much of a mirage the junk Microsoft has been selling is.) You can browse the shop with your general purpose browser, and set up the cart, but you have to use the dedicated box to authorize the purchase.
everyone has to be their own first CA.
In the real world, we have multiple roots of trust. It should be the same in the networked world.
Just because the guys who thought up X509 couldn't wrap their heads around a plex, doesn't mean that we should turn back to that single-rooted single hierarchy. (Actually, they did understand it, sort of. Just all the people who stopped after the first chapter in the book that are stuck in the hierarchical sewage plug.)
Dedicated browsers are necessary. I little bar in the browser will eventually be faked, and there will be a lot of Joe Sixpacks who ignore it and finance the cracker while he's figuring out how to fake it.
A dedicated browser simply refuses to connect. You get the browser and the CD with the current one-time pads and the bank's asymmetric keys from the brick-and-mortar local office of the financial institution.
Other than that, yeah, the user should be in direct control of the trust structures he builds. Otherwise, he can't trust it. The best the automated stuff can do is help the user make the distinction between the several webs of trust and their meanings.
joudanzuki
If your financial institution builds its own browser (or contracts it out) it can put whatever certificate in it wants. In fact, if the dedicated browser does nothing but authorize a shopping cart previously filled on an unsecured web page, the dedicated browser doesn't even need a certificate. All it needs is one-time pads and an asymmetric key to talk to the bank. The bank could then talk to the vendor and verify some stamp on the cart, with the amount.
Certificates in a dedicated browser could perhaps make it possible to help a financial institution and a vendor who don't know each other get along, I suppose.
How do you establish reality and accountability in real life? By meeting someone many times (OK, one is probably enough for establishing reality), and entering into various relationships with them. Say I want to buy something off someone on the net. Do I care who they really are, if I know that my friends has done business with them before, and that they have a public, verifiable history of honest dealing?
I think what you really want is accountability. Who cares about reality if you have accountability? And you can establish accountability in a Zimmermann-style system --- indeed, most accountability systems are based on Zimmermann-like systems in the end.
xkcd is not in the sudoers file. This incident will be reported.
them?
I know people who say they do and then behave like they do, for some limited definition of trust.
But the truth is, no, you don't. Not really.
There are multiple roots in every one of your multiple real-world webs of trust. None of the real roots got to be roots by either taking your money or giving money to you. Some of the near-roots may have, and that can be confusing.
Well, you may have a single, ultimate root of trust, but that would by definition be your God. And, by definition, it would be hard to pin down, and hard to prostitute to the service of financial transactions. Unless you just have a pathologically low level of self-confidence.
Trust is not really something that can be automated. We can make an automated database of trust information, but when we try to automate the handshakes of trust, we are operating counter to reason, and counter to our own best interests.
All for the little convenience of on-line transaction. (Or something similar.)
joudanzuki
Only the attachment containing the information you don't want made public needs to be encrypted.
It would be "nice" if the browser could automatically read the attachment, but think about it. If you get a pin number in the mail from your bank, do you open it up out by the mailbox, or do you take it inside and open it up at your desk? (Inside so you can control the amount of observation, at your desk so you don't lose the letter.)
Here in urban Japan, yes, there will almost always be someone who passes close enough by as you are looking at the letter that they could catch a surreptitious glance if you look at it outside. Some places, you really would even want to draw your drapes before you open the envelope.
Why not encrypt the whole thing? Specifically because you don't really want your MUA decrypting it, even if you think it's inconvenient that it doesn't.
joudanzuki
and a user interface that allows (requires!) the user to control the trust structures built and accessed by the clients.
No closed-source company will do this. Not so much because the PHBs won't allow it, but because closed source will always end up hiding something that shouldn't be hidden. Open source teams will (eventually) get the interface right and get the internals matching the interface.
I think you misunderstand identity. That's not surprising. Many people do.
Something you have, something you know, something you are.
Huh? That's really just three things you have. A fingerprint is something you have until that finger gets cut off (either by accident or by someone bent on stealing your luxury car that uses fingerprints to open it). Something you know is just a bit of knowledge you have stored in your brain. An intangible possession, but a possession, nonetheless.
It's a little clearer if we say it this way:
(1) A tangible easily alienable possession, some sort of physical key;
(2) an intangible but easily lost possession, some sort of password (OK, passphrase);
(3) a tangible and difficult-to-alienate possession, basically a part of the body.
And when you say it like that, you see how ridiculous it all is. Three keys. Redundancy. That's all it means, except that the CAs managed to use the idea for a while to sell their product for more than even they claimed it was.
The current PKA is all upside down. Thawte should be sumbitting their certificates to us for arbitration, not the other way around. And that's why it should be open source, so that we control it.
joudanzuki
is any less of an oxymoron?
the AC parent mentions wikipedia.
I'd mod him/her up, but I decided to comment instead of using mod points.
"Hi, I'm your local bank representative. Mr Jones has called from Burundi, claiming to be a prince in exile, and saying that you want to give him the entire contents of your bank account. I'm not convinced about the prince thing, but that's between you and him. So you want me to authorise this?"
"Oh, it's another card auth call? Sure, go ahead, I'm watching the game..."
It seems that the discussion poster is mixing a few things. Being a CA is a full time job, not just the role of a program. Signing certificates and such is the easy part, the hard part is verifying the identity of the people asking for the certificates. Open source or close source is really an insignificant part, considering all CAs use open protocols.
If you wanted to get certificates for open source programs, it is very possible that the process would not be free (as in beer), or the process would not be trustworthy (because money is needed to make the investigation, possibly a global one). That does not mean that you should pay USD1000 for a thawte cert (that's armed robbery). But it means that an "Open source CA" is out of the question, unless someone with resources (EFF, FSF) steps in and does it.
The open source model is more adapted to a chain of trust organization. If I know someone I would certainly certify his identity, but if I did for any stranger, I would probably do a crappy job. Same applies with everyone else in the open source world.
GPG 0x1B479C78
Odd. My ring says "carne debajo del caballero medio embarazado"
VbyV is not quite right. In my experience VbyV and I have a single shared secret which must be completely uttered as verification. One phish and you are lost.
HSBC has a much more robust method for using a shared secret. They ask for three digits of our shared secret number, as in "enter the second, fourth, and last digits of your pass number". They change the digit selection every few minutes, so any man-in-the-middle or key-logging phish is almost immediately useless. A minimum length secret of 7 digits allows 35 different challenges. This is sufficient for even a very simple backend process to detect attempted misuse.
My experience is limited to the UK. HSBC is not the most joined-up outfit I ever dealt with, so YMMV.
--
Never build a computer more wicked than yourself.
I looked very seriously into doing this back in the 1999/2000 time frame. First I looked into doing it as an open, free system run by a group of ACM and LUG chapters. We had large scale commitments for donated hardware and hosting, but we ran into the problem you describe. The fees necessary to be included in popular browsers are too high. So then we planned on charging a minimal amount for the certificates in order to cover those costs...
It turns out that those fees you list are nothing compared to the costs of running a CA correctly. Even charging the same as what the "big guys" charge for certificates, you can't make enough money to properly validate the identity of a certificate applicant. Verisign and the like can charge as little as they do and still post the huge profits that they do because they don't do the work required to prevent the acquisition of fraudulent certificates. There is no way to undercut them on price if you want to provide a quality service. If you figure out a way, they'll buy you out to protect their revenue.
For the system to change, there needs to be a way to have the established vendor's authority revoked if they issue more than a set number of bad certs over a specified period of time. They shouldn't have a license to print money. They should have to actually provide the service they claim to provide.
"Oh, it's another card auth call? Sure, go ahead, I'm watching the game..."
No system protects against absolute stupidity, and if you try, you end up with broken systems that punish reasonably intelligent users with multitudinous dialog boxes and warnings that just waste their time.
Remember: a fool and his money are soon parted; no technology developed now or ever is going to change that.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
> Credit cards? 30 seconds windows during which my money is accessible?
> We already have things that are better than this.
I think the only thing that's really needed is some kind of mechanism that ensures the merchant only gets info that's good for the particular transaction. so it should be a mechanism that replaces the credit card that receives info that includes things like amount, merchant code, time+date, unique transaction id created by the merchant (can be sequential number, random, doesn't matter), adds the customer's info (CC number + internal code not available to the merchant) and creates a hash that is then included with the transaction record.
No need for complete security. Just to eliminate the current situation where using a credit card for purchase means the customer has to provide the merchant with info that can be used by whoever has that info to impersonate the customer and make other transactions. Anything that avoids this can then be insured against fraud at rates that are negligible compared to what is happenning today.