Slashdot Mirror

← Back to Stories (view on slashdot.org)

Moxie Marlinspike's Solution To the SSL CA Problem

Posted by timothy on from the disaggregate-someone-today dept.

Trevelyan writes "In his Blackhat talk on the past and future of SSL (YouTube video) Moxie Marlinspike explains the problems of SSL today, and the history of how it came to be so. He then goes on to not only propose a solution, but he's implemented it as well: Convergence. It will let you turn off all those untrustable CAs in you browser and still safely use HTTPS. It even works with self-signed certificates. You still need to trust someone, but not forever like CAs. The system has 'Notaries,' which you can ask anonymously for their view on a certificate's authenticity. You can pool Notaries for a consensus, and add/remove them at any time."

11 of 189 comments (clear)

  1. Pooling Opinions... by mfh · · Score: 4, Funny

    I always trust what Blackhats tell me.

    --
    The dangers of knowledge trigger emotional distress in human beings.
    1. Re:Pooling Opinions... by Trevelyan · · Score: 2

      Well one interesting configuration is to use untrustable notaries (or notaries using untrustable sources), such PRC, DHS, FSB, etc. If any one is trying to trick you with a fake certificate for a MITM attacks, the others are not likely to agree that the certificate is genuine. Unless you believe such state powers would co-operate on getting at your encrypted sessions.

  2. Notaries... by Wattos · · Score: 2

    I havent watched the video, but my first question would be:
    How do you know the Notaries are who they say they are? How can you prevent a (wo)man in the middle attack?

    1. Re:Notaries... by Tribaal_ch · · Score: 3, Insightful

      You don't really need to: You are expected to have more than one notary, so you will only trust the certificate if a majority of your notaries say it's legit. It's actually user-settable: a certificate is considered valid if a "majority say yes" or "at least one say yes" or "consensus is required". Having many notaries reduces the probability of MITM attacks, since the paths from notaries to target certificates are multiple, it's very improbable to MITM all of them at once.

  3. It reminds me of Perspectives by tepples · · Score: 2

    The Perspectives add-on uses notaries scattered throughout the Internet to see if the certificate changes for different routes through the Internet, or if it has changed over time. This detects some man-in-the-middle attacks, but it doesn't detect what the Perspectives project calls the "Lserver attack": a man in the middle placed in the server's only upstream connection to the Internet. Users who have posted comments to recent Slashdot discussions appear to think that governments will mount an "Lserver attack" inside the country's firewall.

  4. Web Of Trust by hjf · · Score: 2, Informative

    Web Of Trust, really, are you fucking kidding me? This has been implemented for how long already? Thawte personal certificates for e-mail work like that, with "trusted" notaries and shit.

    And this is somehow a NEW AND REVOLUTIONARY idea, because it has a Web 2.0 name like "Convergence"?

    Sheesh, the shit one has to put up with.

    1. Re:Web Of Trust by sgbett · · Score: 2

      It's mainly because he's called Moxie Marlinspike.

      Only people with cool names can invent things.

      --
      Invaders must die
  5. Lserver attack by tepples · · Score: 2

    since the paths from notaries to target certificates are multiple

    Not necessarily. The server with the target certificate has only one path to the Internet proper, namely through its ISP. Compromising the ISP, which is trivial for a government that maintains a Great Firewall, allows what the whitepaper about Perspectives calls the "Lserver" attack: "A compromise of the server’s local link lets an attacker inject arbitrary keys when either clients or notaries contact the server."

  6. It's all very well... by Alioth · · Score: 2

    This project is all very well, but we want SSL to solve two problems today: prevent MITM attacks (which Convergence can do) and *also* identification (in other words, EV certificates) to prevent phishing or at least reduce the chances of phishing.

    Unfortunately Convergence only does one of them (prevent the MITM attacks). A much bigger problem, certainly in the west, is phishing rather than MITM attacks. I'd suggest for many people Convergence still needs quite a bit of work before we can start using it in place of the current method of CAs (which I agree is broken).

    --
    Oolite: Elite-like game. For Mac, Linux and Windows
  7. changes from Perspectives by schwaang · · Score: 4, Informative

    From the talk, Convergence is based on Perspectives, with some updates:
    - Once a client has confirmed a certificate through the notaries, it is cached locally. Future contacts for that site will not need re-notarization until the site's cert is changed. That way your browsing history is not exposed through your notary contacts very often.
    - Contact to the notaries can be done through a trusted proxy over SSL, to protect exposure of your browser history.
    - The user can choose one or more notaries, and choose to distrust any of them at any time.
    - Each notary can use any backend validation method it wants. It could check certs stored in DNSSEC, it could use the existing CA system, the EFF will have one that uses their SSL observatory, etc.

  8. Re:Notaries' public keys by Jeremy+Erwin · · Score: 2

    So someone would have to forge a certificate for addons.mozilla.org.

    Done!