Are Some CAs Too Big To Fail?

Trailrunner7 writes "In the wake of this weekend's revelations of the seriousness of the attack on certificate authority DigiNotar, security experts have renewed criticism of the Internet's digital certificate infrastructure, with some wondering if larger certificate authorities (CAs) might be too big to fail. Would Mozilla and Microsoft and Google have revoked trust in root certificates from VeriSign or Thawte had they been compromised? Unlikely. 'It's not a simple matter of removing certificates from a database, because they're not in any databases,' says researcher Moxie Marlinspike, who presented an alternative approach to the current SSL infrastructure last month at DEFCON. 'We may never track them all down.'"

User ignorance

[betterunixthanunix]

Maybe we should do a better job of teaching people about computers and technology when they are in high school. CAs are able to get away with poor practices and poor security because most computer uses have no clue what a CA is. If people would start disabling Thawte's certificates en masse, Thawte would be forced to protect its business by regaining the users' trust.

Re:User ignorance

[jellomizer]

The problem with CAs are that they never really do their job quite well. If you are paying hundreds or thousands of dollars for a Cert they really should do a lot more work to verify who you are and the browser should identify the level of security the Cert gives.
A cheap level (Under $50 per IP) for those B2B type of apps where you are connecting to a trusted source anyways but you don't want the error message or tell your customer to setup something new. A one note should suffice. Then you got a level good for online business (Under $500) this is for online stores, the CA needs to determine that it is a real store with the ability to sell the goods. However the browser should alert when ever there is a data stream that looks like a social security number or pushes a request for such non-merchant information. then you got the premium HIPAA level cert where it the CA needs to keep a close eye on its organization make sure the companies security is strong enough for the CERT this would be a full allow for the browser.

Re:User ignorance

[Bert64]

Self signed certs would probably be a better idea for businesses you already have a relationship with, like banks... You already have offline contact with the bank via mail or even walking into a branch, so they could use this to send you their certs and you won't have to trust anyone else.

Re:User ignorance

[geekmux]

Maybe we should do a better job of teaching people about computers and technology...

Sorry, had to stop you right there, because the only thing that is ignorant here is thinking that users will actually learn to use the very device they rely on for damn near everything.

Just saying, if users haven't learned by now, they won't. Period.

And while we're on the topic of ignorance, can we please get the hell away from this "too big to fail" crap? Do images of the Titanic at the bottom of the sea paint enough of a picture? Does the word "Rome" ring a bell? I mean c'mon, seriously, let's at least try and pretend we're actually learning from history here.

Besides, the only way to truly answer that question in modern times is to actually let failure happen. Seems we don't have anyone around with the guts (or brains?) to allow that to happen.

Too big to fail...

[houstonbofh]

Too big to fail means too big to give a shit. Failure is the motivator for performance. With no cost for bad performance, there is no incentive for good. Just ask the "big" banks, or better yet, ask the customers...

Re:Too big to fail...

[hierophanta]

Or our government, or better yet, ask the citizens.

F and i thought i was a dem

Re:Too big to fail...

Both Democrats and Republicans (and even Tea Partiers, from what I've seen....) are for big government. The argument is what part of the government should be big.

We compromise by making both sides big.

Good point

[houstonbofh]

Time for a new plug in. Cert Blocker Plus. Automatically updates with a list of certs know to be compromised, questionable, run by governments, or members of the opposing party. :) (Actually, I can see this coming out soon, and if someone patents this, I call prior art!)

Marlinspike's approach

[AceJohnny]

Marlinspike's approach, implemented in a Firefox extension presented at DefCon '11, is to do away with the notion of CAs altogether in SSL, replacing it with a distributed network that reports on the certificate they see. Basically, if the certificate you see agrees with the rest of the network, then you're not being spoofed.

He had previously explained the properties a replacement to the CA system had to demonstrate in order to be viable

Re:Marlinspike's approach

[OverlordQ]

That's not very useful if your ISP is doing the MITM, which is very much a reality in many places right now.

To add a notary you have to input the public cert for the notary, how do they MITM that without throwing warnings.

Re:Notary Servers

[AliasMarlowe]

The whole situation is a nasty, twisty problem...

...and it is dark. And I smell a Wumpus...

Re:CAs should have to post a bond

[vlm]

CAs should be limited to sets of domains, and this enforced in browsers. Country-level CAs should be limited to the country in which they operate. Government CAs should be limited to their domain (".gov", "mil.uk", etc.).

CAs for the open domains should have to post a big bond, which can obtained through a bonding agency if necessary, with a value of at least $10 million, to back up their "relying party agreement".

That's what "corporate responsibility" means - third party bonding.

Well, theres one thing I guarantee we are not going to do. Lets look at the american experience:

1) I trust my employer to give me a job for life in return for my loyalty. Whoops
2) I trust my bank to only loan me a mortgage I can pay off. Whoops
3) I trust my health insurance company to be there for me when I'm sick. Whoops
4) I trust my car insurance company to help me with my claim. Whoops.
5) I trust my hardware store (and China) not to sell me poisonous drywall. Whoops.
6) I trust my food store not to baby food full of melamine. Whoops.
7) I trust my toy store not to sell kids toys covered in lead paint. Whoops
8) I trust my gas station to sell gas that is free of sand and water. Whoops
9) I trust my govt not to sell me out for campaign contributions. Whoops
10) I trust my higher educational institution to train and/or educate me for a good paying job, so I can pay off spectacular student loans. Whoops
11) I trust my CA to operate securely. Hmm... I wonder how thats gonna turn out? Whoops

The business model of america for the past generation or so, is to find a trust, break it for profit, and move on to the next area.

If you're trusting a corporation, thats a pretty strong indication you're doin' it wrong. Come up with a different design.

Alternative improvement idea

[vadim_t]

So I've seen quite a few people wanting a switch to self-signed certs (who IMO mostly don't understand what making that secure actually involves), and an idea to check certs from different network paths (which doesn't work if your only path is compromised, and how do you secure the communication to the service that does the check for you?).

So here's an alternative idea: Require multiple CAs.

Instead of doing it the "extended validation" way which is more money for not a whole lot more service from the same provider, it'd be much better to have multiple CA signatures on a single cert.

Compromising multiple CAs in the same timeframe to create a cert would be considerably harder than creating one. More importantly, it'd make revoking large CAs much easier.

Let's say that the new norm is to have a site's cert is signed by 5 different CAs, and that the minimum acceptable amount is 3 signatures.

Then, if Verisign gets compromised there's no problem with pulling their cert: you're down to 4 valid signatures on your certificate, which is still fine. That should put considerably more pressure on CAs to perform better.

Even Verisign wouldn't be able to trust that their security problems would be let go due to their popularity, as even the largest CAs would be completely expendable without the end users needing to care much. The site would just go with a different 5th CA to return back to the full strength.

Re:Anything 'too big to fail'

[0123456]

should be nationalized.

Government-run CAs are the only ones you can absolutely guarantee will be used to issue fake certiifcates at some point.

Re:Downright scary

[roman_mir]

I am familiar with the forest fires coming back with vengeance after a while, it's a true problem that people create.

The prohibition of usury is more about unreasonably high rates charged for loans, but the religions are wrong. There should be a way to charge any amount of interest, but of-course the risk that comes with this is such that you should know, that many of the loans you make won't be returned. Some will be returned within a small amount of time, so even though the interest is very high, the absolute interest paid in money is really not that bad considering that the person really needed the money and couldn't get it from a different lender (maybe it was a very very risky thing he wanted to do, the collateral was non-existent, but the pay out was huge, so it makes sense to gamble), it is gambling - giving loans to people.

The problem with banks in the current financial market is the moral hazard provided by government, which guarantees depositors will be reimbursed, so bank depositors don't care to find out anything about the bank, they don't look at the business practice of the bank. Imagine that - they are loaning money to the bank (that's what a deposit is), but they don't check on what the bank is doing with the money. They don't care if the bank has private insurance and what the reserves are - government is going to take care of it.

Well CAs being 'Too Big To Fail' is exactly like that. Somebody is going to cover their problems, so why should we care about who we are using with part of our security procedure, an important, user facing part? Never mind, just do what everybody does.

--

Here is a good idea: whenever you find yourself in a situation, that the majority is agreeing with you, you need to reevaluate your own assertions and views, because it's likely you are on the wrong path as part of the herd.

Re:No...

[Rich0]

Yes - DNSSEC.

Right now if you lookup bank.com in DNS you get a bunch of records that are maintained by Verisign. With DNSSEC those records will be signed by Verisign so that you can be sure they aren't tampered with.

There is no reason that one of those records can't be an SSL certificate. There is also no reason that one of those records can't be an indicator of how much verification Verisign performed.

For 99% of intended uses just verifying that the domain owner uploaded the certificate should be adequate. Unless you actually read the certificates for the sites you browse you aren't getting more than that today anyway.

If verisign tries to charge to include certs it is a non-issue - just run the site off of a subdomain and then you can put the certs on your own DNS server. You still have a signed chain of trust protecting the DNS records due to DNSSEC so it is just as secure.

DNS is already scalable to the entire internet, and is designed to handle distributing arbitrary host records. SSL would only fail if DNS fails, and if DNS fails you're not going to be connecting to the server anyway.