Slashdot Mirror
SSL Certificate Authorities vs. Convergence, Perspectives
alphadogg writes "With all the publicity about breaches of SSL certificate authorities and a hack that exploits a vulnerability in the supposedly secure protocol, it's time to consider something else to protect Internet transactions. If only there were something else to turn to. Protecting SSL and its updated version TLS is vital because they support most e-commerce transactions by setting up end-to-end encrypted sessions that are authenticated, and that requires certificates that are verified by certificate authorities. One new model for authentication is called Convergence, and it similar to one being trialed at Carnegie Mellon University called Perspectives. Rather than trusted third parties whose trust can't be assured, SSL/TLS authentication would rely on a reputation system of verification."
It's not even worth getting the first post anymore. Slashdot sucks.
Reputation systems seem to have worked quite well for eBay and other similar sites, I don't see why it can't work for some sort of SSL.
Its all part of implementation. Look at how eBay has done it. There are Captchas and the like last I checked for this sort of thing.
A reputation system is good if you have a distributed anonymous network of sites, and it will perhaps do a great job there. But it has the potential to be abused and it is way too complicated. Why not go with something simpler?
1. Use the DNS CERT record and ensure that we use dnssec with all zones up to the root signed (or another DNS security scheme).
2. Remember the last certificate and warn the user every time when it changes. Notify the user that he should signal for an issue if it changes too often.
Of course, that's vulnerable of the root servers are cracked, but if that happens, you're fucked anyway. It's much more difficult to exploit than multiple certificate authorities which sign certificates when you have *no* way to detect a failure on their part.
I heard that there could be issues with dnssec, but there are also solutions offered, so, why go with something far more complicated?
These systems depend on notaries, why do I trust them any more than the CAs? The Perspectives notaries are... AWS and a handful of servers from a single American university (MIT)
Not exactly diverse.
Any reputation system that doesn't rely on some central authority to issue it can and will be gamed by crackers. With massive botnets and the like there is simply no way to rely on any number of "individuals" to issue correct information. The only way around this is to have some central authority say "your opinion matters and yours doesn't." Voila, you have the present system.
For unimportant things or things so unimportant the difficulty makes the problem not worthwhile, a distributed reputation system works. Someone above mentioned Ebay. This system works because the rating of individual sellers, while important to them, isn't terribly important to all that many people, and the system is rather difficult for an individual to game. But for a distributed SSL certificate network, not only is the incentive there, but the people involved are massive and extremely technologically sophisticated.
Convergence is unfortunately not the answer. Sure, you can say "I only trust this Notary", but how do you know that Notary is even who you think it is? You can't. The only way is if you have centrally distributed root certificates... and again, same problem you have now. Ultimately, the only real way to get guaranteed SSL security is to call up the bank/ whatever and manually verify the fingerprint. Or get the key on a USB drive at the bank. There simply isn't an easy solution.
And you won't get your average Internet browser to change. People conducting MITM attacks generally aren't concerned with people who are really security conscious. If they actually are conducting targeted attacks against you, then you should have much better security in place. Since most people simply won't switch, even if Convergence was 100% effective it wouldn't matter. Most SSL attacks would still take place just fine.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
So, you're frustrated that we are still talking about a serious issue that we haven't yet resolved? If it bugs you so much, do something that would help in solving it faster. The people who offer the solutions linked in the summary are doing something, and although I'm hesitant we should choose them, they have presented two options. What have you done?
What happens when you are a software company that will have at best 1000 clients?
That's the issue I am facing right now with Norton and SONAR. I started deploying with Clickonce since i needed to add SQLCE to our customers machines. Now SONAR pops up and deletes our software randomly. If you look at the logs, Norton actually says "YOU CHOSE TO DELETE THIS".
That's just an Antivirus company. How in the hell can I expect to be able to deliver product and keep it updated if I'll never have enough customers to "Trust" our software and build a reputation?
We cater to a pool of clients that will never go above 1100 customers. Does this mean that in addition to AV troubles, we will never get trusted because we cannot possibly get enough people to make the numbers to BE trusted?
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
No I'm not frustrated that people are still trying to solve this problem. I'm frustrated at the exact same topics showing up almost weekly on slashdot. As far as what have I done? I've done exactly what everyone else on slashdot as done, jack shit. If we're lucky we have 2 people that will even see this article and have any ability to influence any change. Even if we (slashdot) did have some sort of godly internet powers that let us (slashdot) influence changes on the internet we wouldn't even be able to agree on what to change.
"Ubuntu" -- an African word, meaning "Slackware is too hard for me". - stolen from Dan C alt.os.linux.slackware
this story again.
Indeed. It's time we moved to new stories. Why do we keep mulling these tired old ones and zeros with the algorithms and the networks and their mathematics. Hasn't Slashdot beaten this intercomputing story to death yet? What about homestyling? What about Riverdance? Do you know how hard it is on the toes and the knees to do that jumping and vibrating? Did you know that the dance is not called Riverdance, but that that is just the name of that particular theatrical show of traditional Irish jumping and vibrating?
I just came accross http://web.monkeysphere.info/why/, which looks to me like an interesting idea: delegate the trust issue to the PGP web of trust. Maybe this would be a sane alternative?
To keep saying only that the flaws in SSL/TLS protocols and trust infrastructure affect e-Commerce is untrue and trivialises the scope of the issue. And yet this seems to be the only example ever trotted out with these stories.
People need to realise that it's more than web sites that are affected, it's everywhere that SSL/TLS is used including secure e-mail, VPN infrastructure and the like. Start telling your CIOs and CEOs that their secure IMAP can be sniffed by NewsCorp so they can publish news of their office romances, or that the VPN tunnels between offices can be sniffed by competitors leading to the theft of billion dollar trade secrets and you might start to see some buy-in on the problem.
Could we implement one of these systems in such a way as to protect us from dupes (like this story)?
#DeleteChrome
I really love the idea of Convergence on the face of it, but I had one serious question:
/there/ since, if there are no other paths, all of the notaries would see the same cert, and pass it as "good". For instance, if you take the case of a large multi-hundred-million dollar website hosted in the middle of the ocean, with one pipe feeding that island, if the attacker places their fake cert and proxy at that link, then every notary in the US would agree to pass the false cert. Similarly, if, say, a major backbone carrier had a secret room, through which passed all their data, and in which sat the FBI, they could place a proxy and fake cert there, and all notaries would see that cert and pass it as real.
/not/ like the idea of on its face).
Convergence seems to solve the problem of a government (Iran) placing fake certs in front of their users and decrypting their GMail and FB SSL connections, and what have you. But what if the fake cert is placed much closer to the target website which is being spoofed?
If you have a bottleneck in front of the target website you want to spoof, can't the attacker take advantage of that and put a fake cert
That could be mitigated by having at least one notary running DNSSEC, but then you can't have a consensus, you have to have all notaries agree, and require the DNSSEC one to agree. This would work, but in that case, just use DNSSEC (Which I do
I like music
"when it comes to trust, you need a centralized authorit"
Probably you are right.
But then, when it comes to trust, you can never trust a centralized authority.
The short answer is, users want a binary answer. Can this site be trusted, true/false. Every system since the "web of trust" in the early 90s that has had a fuzzy answer of "somewhat trusted" has failed. And it stands to reason that when you want such a binary answer, you'll do the minimum required to satisfy it. There's nothing today that prevents your certificate from being signed by multiple CAs, it's just that it doesn't give you anything. The line will show up green in people's web browsers whether it's signed by one or five CAs, it just adds costs with no benefit.
I can sort of understand that, if I got a company's phone number I fully expect to call them and reach that company, not getting MITM'd to some scam center somewhere. Of course there's all the other scams involved but if I type [company].com I expect there to be some trusted index that makes sure I get to the right site. If that site has been compromised that's another matter, but the sites that need to be secured are usually very secure. I just need to be sure I'm going to the right place.
Another matter is client security, if your client is compromised then it can show you anything. That's why my bank texts me to confirm payments, giving all the relevant information in the text. Like are you sure you want to transfer X to account Y, if so text OK back. That's really the only way to be sure, otherwise it could authorize some completely different transaction than what it told me, for example through a fake error message. Oh, that must have been a typo let's try again. One fake payment and one real.
Live today, because you never know what tomorrow brings
Cool. And we'll mark that centralized authority as "moderately trusted," but I still want two more just like it which will never have motivation to conspire with it.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I can register a domain, get a small server on the internet and serve malware. I can easily get a certification authority to give me a certificate.
All I've ever wanted a certificate for is so that users don't get the freak out security warning saying that "this certificate is not issued by a known certifying authority." I can just as easily self sign a certificate and get the encrypted link, but all the popular browsers will check their internal list of certifying authorities and show the warning.
The only reason I've wanted certificates is so that users can get a strongly encrypted link with the website and use it over wireless/sketchy networks. I really don't see the purpose of having the third party certifying authority in the picture, other than the browser warning.
Can't people start using names that MAKE SENSE again?
Who the hell cares how cool it sounds. It's a technical thing, the public doesn't care. Convergence. Perspectives. Seriously? How do one figures any of those name is related to security?
Heck SSL was called Secure Socket Layer. That makes sense. Computer, is a thing that computes. Make sense. :(
Keyboard is a board full of keys. TLS is Transport Layer Security. Goes on and on.
Then bang, now you get "convergence" and such crappy names that means nothing. Annoying
this story again.
Yup, another summary that doesn't understand the difference between using a cert for authentication and using SSL/TLS to encrypt the connection. If using TLS with Diffe-Hilman key exchange, the connection is securely encrypted regardless of whether an attacker has the servers private key.
Every system since the "web of trust" in the early 90s that has had a fuzzy answer of "somewhat trusted" has failed.
Right. "Web of trust" systems are vulnerable to all the attacks used for search spam - link farms, social spamming, and phony reviews. In any system where unique new identities can be created cheaply, "web of trust" systems are hopeless.
Yup, another summary that doesn't understand the difference between using a cert for authentication and using SSL/TLS to encrypt the connection. If using TLS with Diffe-Hilman key exchange, the connection is securely encrypted regardless of whether an attacker has the servers private key.
Sure, but does your "securely encrypted" connection go to the server or a MITM the attacker has set up? When you've got no idea who's at the other end, it doesn't matter much that the line is encrypted. It would be a generally good practice to use SSL/TLS everywhere even without authentication because then you can't simply store traffic for later, you have to actively intercept and run a MITM attack in real time. It's better than nothing but is by no means secure and should not be treated as such.
Live today, because you never know what tomorrow brings
Yes, but it would be interesting to watch a "ratings" fight between 4chan and Google. Set them on each other and see which one gets red-flagged first!
I generally like the concept and can think of times in the past when I've preferred to receive an SSL certificate from someone else's perspective, rather than one my browser is simply prepared to accept without warning as it has been "appropriately signed". Monitoring such a system of notaries seems fairly trivial (they could monitor each other?) and could well prevent against the most targeted of attacks.
I have some reservations about notaries being privvy to my browsing history, although I guess local caching goes some way to mitigate this and I believe there are plans in place (or already implemented?) to bounce requests between notaries to add a layer of anonymity.
The main issue however with SSL and trust is the user. How many people still click to ignore SSL warning messages?
Actually slashdot people do have the ability to influence change. A huge percentage of e-commerce sites are written, managed or heavily influenced by people with at least one slashdot regular reader.
Your three independently operated notaries form the core of your system of trust.
And you tell your clients to quit trusting Norton/Symantec and Microsoft. Re-write your stuff to run on Linux and get your clients to put your app on Linux boxes.
I mean, seriously, if your target customer base is so limited, moving them to a reliable system is not nearly as hard.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
I like the idea of centralized authorities better. Banks for example have doing essentially this sort of work for centuries and unlike peers can put their money behind getting it right.
But I'm not sure I buy that a decentralized system can't work. Say for example my browser looks at 3 authorities that I hand picked (possible defaults). Those 3 authorities are in a group of 100 authorities that they all query and require 5 to agree before passing it on. Each authority to register a business has to register physically with at least 5 of those authorities (i.e. going someplace and showing ID). How does that fall apart?
I agree that's what I would like to do. Pick authorities that hate each other.
Sure, but does your "securely encrypted" connection go to the server or a MITM the attacker has set up?
True, but encryption of the connection versus authentication are still two separate issues. The value of certificates issues by "trusted" CAs is quickly diminishing for a number of reasons. 1) Those CAs are getting hacked. 2) CAs are being careless and issuing weak certs or issuing certs without proper verification. 3) Browsers are including all kinds of CAs that may or may not be trustworthy. 4) Some browsers don't check revocation lists by default. 5) People usually click through the warnings anyway.
A central authority doesn't need to be a fragile forest of fully trusted CAs like we have now. A much better solution would be for clients to have marginal trust in any individual x509 signature of a certificate, requiring at least N distinct signatures to validate the certificate, where N is great enough to significantly reduce the threat of enough compromised CAs signing an attacker's certificate to make it trusted. Inherited trust from an intermediate CA would only carry a portion of the trust placed in the root certificate of the chain so that each of the N signatures would have to come from independent organizations.
Basically, build a PGP-like web of trust out of the current CAs. It's even in the root CA's economic best interest because they'll sell N times as many certificates.
They aren't your clients, they're Microsoft's clients. You are a lowly 3rd party consultant, and your add-on is locked in to that dysfunctional segment of the industry.
Your trust level is not with the customers, it is with Symantec and Microsoft.
Your problem is fundamentally outside the scope of this solution.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Secure Sockets Layer Protocol (SSL) helps protect Internet Communications through server authentication, encryption and data integrity. All information sent over SSL (names, credit card numbers, private user information, account numbers, etc.) is encrypted so that it cannot be read or tempered with during Internet communications.
Secure Sockets Layer Protocol uses Secure SSL Certificate to verify the identities and establish secure connection between the Web server and the User's browser preventing crackers and other cyber crooks from phishing, pharming and otherwise jeoparding your secure areas.
Cheap SSL