Slashdot Mirror
SSL Certificate Authorities vs. Convergence, Perspectives
alphadogg writes "With all the publicity about breaches of SSL certificate authorities and a hack that exploits a vulnerability in the supposedly secure protocol, it's time to consider something else to protect Internet transactions. If only there were something else to turn to. Protecting SSL and its updated version TLS is vital because they support most e-commerce transactions by setting up end-to-end encrypted sessions that are authenticated, and that requires certificates that are verified by certificate authorities. One new model for authentication is called Convergence, and it similar to one being trialed at Carnegie Mellon University called Perspectives. Rather than trusted third parties whose trust can't be assured, SSL/TLS authentication would rely on a reputation system of verification."
It's not even worth getting the first post anymore. Slashdot sucks.
this story again.
"Ubuntu" -- an African word, meaning "Slackware is too hard for me". - stolen from Dan C alt.os.linux.slackware
So, botnets then weave a web of trust so their illegaol sites look more offical then the real ones?
Reputation systems seem to have worked quite well for eBay and other similar sites, I don't see why it can't work for some sort of SSL.
A reputation system is good if you have a distributed anonymous network of sites, and it will perhaps do a great job there. But it has the potential to be abused and it is way too complicated. Why not go with something simpler?
1. Use the DNS CERT record and ensure that we use dnssec with all zones up to the root signed (or another DNS security scheme).
2. Remember the last certificate and warn the user every time when it changes. Notify the user that he should signal for an issue if it changes too often.
Of course, that's vulnerable of the root servers are cracked, but if that happens, you're fucked anyway. It's much more difficult to exploit than multiple certificate authorities which sign certificates when you have *no* way to detect a failure on their part.
I heard that there could be issues with dnssec, but there are also solutions offered, so, why go with something far more complicated?
These systems depend on notaries, why do I trust them any more than the CAs? The Perspectives notaries are... AWS and a handful of servers from a single American university (MIT)
Not exactly diverse.
Any reputation system that doesn't rely on some central authority to issue it can and will be gamed by crackers. With massive botnets and the like there is simply no way to rely on any number of "individuals" to issue correct information. The only way around this is to have some central authority say "your opinion matters and yours doesn't." Voila, you have the present system.
For unimportant things or things so unimportant the difficulty makes the problem not worthwhile, a distributed reputation system works. Someone above mentioned Ebay. This system works because the rating of individual sellers, while important to them, isn't terribly important to all that many people, and the system is rather difficult for an individual to game. But for a distributed SSL certificate network, not only is the incentive there, but the people involved are massive and extremely technologically sophisticated.
Convergence is unfortunately not the answer. Sure, you can say "I only trust this Notary", but how do you know that Notary is even who you think it is? You can't. The only way is if you have centrally distributed root certificates... and again, same problem you have now. Ultimately, the only real way to get guaranteed SSL security is to call up the bank/ whatever and manually verify the fingerprint. Or get the key on a USB drive at the bank. There simply isn't an easy solution.
And you won't get your average Internet browser to change. People conducting MITM attacks generally aren't concerned with people who are really security conscious. If they actually are conducting targeted attacks against you, then you should have much better security in place. Since most people simply won't switch, even if Convergence was 100% effective it wouldn't matter. Most SSL attacks would still take place just fine.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
After the long string of submissions about Apple, cloud computing and disruptive innovation, this is actually extremely interesting.
What happens when you are a software company that will have at best 1000 clients?
That's the issue I am facing right now with Norton and SONAR. I started deploying with Clickonce since i needed to add SQLCE to our customers machines. Now SONAR pops up and deletes our software randomly. If you look at the logs, Norton actually says "YOU CHOSE TO DELETE THIS".
That's just an Antivirus company. How in the hell can I expect to be able to deliver product and keep it updated if I'll never have enough customers to "Trust" our software and build a reputation?
We cater to a pool of clients that will never go above 1100 customers. Does this mean that in addition to AV troubles, we will never get trusted because we cannot possibly get enough people to make the numbers to BE trusted?
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
I just came accross http://web.monkeysphere.info/why/, which looks to me like an interesting idea: delegate the trust issue to the PGP web of trust. Maybe this would be a sane alternative?
To keep saying only that the flaws in SSL/TLS protocols and trust infrastructure affect e-Commerce is untrue and trivialises the scope of the issue. And yet this seems to be the only example ever trotted out with these stories.
People need to realise that it's more than web sites that are affected, it's everywhere that SSL/TLS is used including secure e-mail, VPN infrastructure and the like. Start telling your CIOs and CEOs that their secure IMAP can be sniffed by NewsCorp so they can publish news of their office romances, or that the VPN tunnels between offices can be sniffed by competitors leading to the theft of billion dollar trade secrets and you might start to see some buy-in on the problem.
there is a philosophical divide here, across which some people have an almost religious faith in a lost cause: that a trustworthy system can be built amongst peer nodes
sorry, it can't. any such system can be spoofed and gamed
when it comes to trust, you need a centralized authority. you may feel something akin to an allergic reaction when i say those words, but this is because this simple truth may go against some loopy beliefs of yours, fed by romantic idealism, not realistic understanding
i'll say it again: when it comes to trust, you need a centralized authorit
this simple truth applies to a bazillion other issues in the realm of privacy, freedom, government, currency, financial accountability, etc. therefore, these simple words of mine will of course be attacked by libertarians and other loopy thinkers, but it is a simple issue of the way trust works in this world. trust is about a large, visible, slow moving repository that everyone knows and everyone sees. that's how trust is earned. trust is not possible between entities that do not know each other unless those entities submit to the authority of that third party, the centralized authority, for the purposes of certain transactions
sorry, but welcome to reality. fact of life: you need centralized authority in the modern world, in civilization. some of you loopy romantics need to make peace with this fact. there's no way around it, in terms of simple logic
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Maybe you could make a movie about trusting zombies. That would be great.
Could we implement one of these systems in such a way as to protect us from dupes (like this story)?
#DeleteChrome
I really love the idea of Convergence on the face of it, but I had one serious question:
/there/ since, if there are no other paths, all of the notaries would see the same cert, and pass it as "good". For instance, if you take the case of a large multi-hundred-million dollar website hosted in the middle of the ocean, with one pipe feeding that island, if the attacker places their fake cert and proxy at that link, then every notary in the US would agree to pass the false cert. Similarly, if, say, a major backbone carrier had a secret room, through which passed all their data, and in which sat the FBI, they could place a proxy and fake cert there, and all notaries would see that cert and pass it as real.
/not/ like the idea of on its face).
Convergence seems to solve the problem of a government (Iran) placing fake certs in front of their users and decrypting their GMail and FB SSL connections, and what have you. But what if the fake cert is placed much closer to the target website which is being spoofed?
If you have a bottleneck in front of the target website you want to spoof, can't the attacker take advantage of that and put a fake cert
That could be mitigated by having at least one notary running DNSSEC, but then you can't have a consensus, you have to have all notaries agree, and require the DNSSEC one to agree. This would work, but in that case, just use DNSSEC (Which I do
I like music
"when it comes to trust, you need a centralized authorit"
Probably you are right.
But then, when it comes to trust, you can never trust a centralized authority.
The short answer is, users want a binary answer. Can this site be trusted, true/false. Every system since the "web of trust" in the early 90s that has had a fuzzy answer of "somewhat trusted" has failed. And it stands to reason that when you want such a binary answer, you'll do the minimum required to satisfy it. There's nothing today that prevents your certificate from being signed by multiple CAs, it's just that it doesn't give you anything. The line will show up green in people's web browsers whether it's signed by one or five CAs, it just adds costs with no benefit.
I can sort of understand that, if I got a company's phone number I fully expect to call them and reach that company, not getting MITM'd to some scam center somewhere. Of course there's all the other scams involved but if I type [company].com I expect there to be some trusted index that makes sure I get to the right site. If that site has been compromised that's another matter, but the sites that need to be secured are usually very secure. I just need to be sure I'm going to the right place.
Another matter is client security, if your client is compromised then it can show you anything. That's why my bank texts me to confirm payments, giving all the relevant information in the text. Like are you sure you want to transfer X to account Y, if so text OK back. That's really the only way to be sure, otherwise it could authorize some completely different transaction than what it told me, for example through a fake error message. Oh, that must have been a typo let's try again. One fake payment and one real.
Live today, because you never know what tomorrow brings
Oops, I meant:
- The first problem is, [...]. Putting him in there and telling him to be a altruistic servant is the opposite of his character and won't work.
- As long as you don't trust me, that won't mean you trust him.
- They impose authority they never earned.
- But at least they can make that choice at all.
Yes, I proofread. I think... ^^
Cool. And we'll mark that centralized authority as "moderately trusted," but I still want two more just like it which will never have motivation to conspire with it.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I can register a domain, get a small server on the internet and serve malware. I can easily get a certification authority to give me a certificate.
All I've ever wanted a certificate for is so that users don't get the freak out security warning saying that "this certificate is not issued by a known certifying authority." I can just as easily self sign a certificate and get the encrypted link, but all the popular browsers will check their internal list of certifying authorities and show the warning.
The only reason I've wanted certificates is so that users can get a strongly encrypted link with the website and use it over wireless/sketchy networks. I really don't see the purpose of having the third party certifying authority in the picture, other than the browser warning.
Can't people start using names that MAKE SENSE again?
Who the hell cares how cool it sounds. It's a technical thing, the public doesn't care. Convergence. Perspectives. Seriously? How do one figures any of those name is related to security?
Heck SSL was called Secure Socket Layer. That makes sense. Computer, is a thing that computes. Make sense. :(
Keyboard is a board full of keys. TLS is Transport Layer Security. Goes on and on.
Then bang, now you get "convergence" and such crappy names that means nothing. Annoying
Most SSL sites require an account to buy stuff, move your money around, post rediculous comments..etc.
My advice use mutual knowledge of those credentials to establish trust between yourself and the ssl site using a technology along the lines of TLS-SRP.
Obviously this is not a replacement for SSL as it does little good if you have not already established an account. It would allow sites were you establish relationships in person or offline (Banks) to no longer have to depend on SSL certificates at all in any shape or form.
Most federated authentication systems MS passports, openid...etc will also need to be fixed to suck a lot less than they do now.
Browsers will need to be updated to support SRP there is native support or at least patches for all major TLS toolkits to make this happen and the RFCs have already been written. It is just a matter of browser vendors getting off their asses and committing the patches that have already been submitted.
Every system since the "web of trust" in the early 90s that has had a fuzzy answer of "somewhat trusted" has failed.
Right. "Web of trust" systems are vulnerable to all the attacks used for search spam - link farms, social spamming, and phony reviews. In any system where unique new identities can be created cheaply, "web of trust" systems are hopeless.
surely your powers would enable you to UNhide post #37959484
I generally like the concept and can think of times in the past when I've preferred to receive an SSL certificate from someone else's perspective, rather than one my browser is simply prepared to accept without warning as it has been "appropriately signed". Monitoring such a system of notaries seems fairly trivial (they could monitor each other?) and could well prevent against the most targeted of attacks.
I have some reservations about notaries being privvy to my browsing history, although I guess local caching goes some way to mitigate this and I believe there are plans in place (or already implemented?) to bounce requests between notaries to add a layer of anonymity.
The main issue however with SSL and trust is the user. How many people still click to ignore SSL warning messages?
Your three independently operated notaries form the core of your system of trust.
And you tell your clients to quit trusting Norton/Symantec and Microsoft. Re-write your stuff to run on Linux and get your clients to put your app on Linux boxes.
I mean, seriously, if your target customer base is so limited, moving them to a reliable system is not nearly as hard.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
I like the idea of centralized authorities better. Banks for example have doing essentially this sort of work for centuries and unlike peers can put their money behind getting it right.
But I'm not sure I buy that a decentralized system can't work. Say for example my browser looks at 3 authorities that I hand picked (possible defaults). Those 3 authorities are in a group of 100 authorities that they all query and require 5 to agree before passing it on. Each authority to register a business has to register physically with at least 5 of those authorities (i.e. going someplace and showing ID). How does that fall apart?
I agree that's what I would like to do. Pick authorities that hate each other.
A central authority doesn't need to be a fragile forest of fully trusted CAs like we have now. A much better solution would be for clients to have marginal trust in any individual x509 signature of a certificate, requiring at least N distinct signatures to validate the certificate, where N is great enough to significantly reduce the threat of enough compromised CAs signing an attacker's certificate to make it trusted. Inherited trust from an intermediate CA would only carry a portion of the trust placed in the root certificate of the chain so that each of the N signatures would have to come from independent organizations.
Basically, build a PGP-like web of trust out of the current CAs. It's even in the root CA's economic best interest because they'll sell N times as many certificates.
They aren't your clients, they're Microsoft's clients. You are a lowly 3rd party consultant, and your add-on is locked in to that dysfunctional segment of the industry.
Your trust level is not with the customers, it is with Symantec and Microsoft.
Your problem is fundamentally outside the scope of this solution.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Secure Sockets Layer Protocol (SSL) helps protect Internet Communications through server authentication, encryption and data integrity. All information sent over SSL (names, credit card numbers, private user information, account numbers, etc.) is encrypted so that it cannot be read or tempered with during Internet communications.
Secure Sockets Layer Protocol uses Secure SSL Certificate to verify the identities and establish secure connection between the Web server and the User's browser preventing crackers and other cyber crooks from phishing, pharming and otherwise jeoparding your secure areas.
Cheap SSL