Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Researchers Propose Plan To Fix CA System

Posted by Soulskill on from the put-a-plus-one-button-on-it dept.

Trailrunner7 writes "The security industry has no shortage of hard problems to solve, but the one getting the most attention right now is finding a way to improve, or ideally, replace, the CA infrastructure. The latest in what has become a series of recent proposals to help shore up the certificate authority system comes from a pair of Google security researchers who have laid out a plan for providing auditable public logs of certificates as well as proofs for each certificate issued. The system proposed by Google's Adam Langley and Ben Laurie (PDF) comprises three separate ideas, but relies on the creation of a publicly viewable log of every public certificate that's issued by a CA. There could be any number of public logs of these certificates, but the logs will be structured so that they are append-only. The entries in the logs will be the end certificates in the issuance chain. In addition to the logs, the proposal includes the use of proofs that are sent with each certificate to the user's browser. Laurie and Langley haven't defined exactly what the proof would look like, but suggest that it could be an extra certificate or a TLS extension."

16 of 91 comments (clear)

  1. Re:Something To Think About by kassah · · Score: 4, Informative

    No it doesn't, with ssh you're generally not logging into a system and expecting to trust the security of a system based on it's name. SSH trust is based on have you been there before, and it having the same identity as before.

  2. It's like that old saying about regexes... by Anonymous Coward · · Score: 5, Funny

    "Bob has a problem requiring secure communication. He decides to use certificates. Now Bob has two problems."

  3. True story by aBaldrich · · Score: 5, Funny

    The new certificate system will be invitation-only, and then will be shut down.

    --
    In soviet russia the government regulates the companies.
  4. Self signed certs. by syousef · · Score: 3, Interesting

    Let's all just give up and use self signed certs. Sure it's not secure but at least you don't have to pay for them then go through all the security theatre to pretend they are. You could change your web page to "Welcome. All our base are belong to YOU. We give up."

    --
    These posts express my own personal views, not those of my employer
    1. Re:Self signed certs. by Spad · · Score: 5, Informative

      Self-signed certs are just as secure as any other, they're just not much good for verifying the identity of the device you're connecting to unless they're your devices (or those of someone you know and trust); though given the laughable standards of proof required by most CAs before issuing a certificate for a given hostname (and yes, sometimes they *are* just hostnames that they're issuing for, for some stupid reason) it's probably not that big a problem even without the recent CA compromises.

    2. Re:Self signed certs. by complete+loony · · Score: 4, Insightful

      Solve that problem via DNSSEC. Publish your self signed key via DNS, and at least someone connecting knows that the server they are talking to currently owns the domain name and the connection is encrypted end-to-end, which is all that CA certs seem to have devolved to.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    3. Re:Self signed certs. by John.P.Jones · · Score: 3, Insightful

      This is essentially what I proposed in my paper in 2005, only it adds a level of indirection to reduce the amount and volatility of data being added to DNS.

  5. Re:Something To Think About by XanC · · Score: 4, Informative

    But that's exactly wrong. With DNSSEC (well, hopefully) becoming more popular, it WILL actually be possible to rely on DNS to store things like key fingerprints.

  6. Re:Not Impressed by korgitser · · Score: 3

    The UN is not some world government for some happy hippie peace dream. It is a machine to legitimize the ends and means of select superpowers. You certainly do not want any of them to have power over the internet.

    --
    FCKGW 09F9 42
  7. Doesn't Fix Anything by sexconker · · Score: 4, Interesting

    The CA system is set up so that you can be reasonably sure that the host you're connected to is who they say they are.
    You "trust" that a certificate they present is legitimate because it is cryptographically signed by a CA.
    You trust the CA because you have a root list of CAs to trust, typically fed to you by MS.

    The problem with the CA system is the fact that the CAs themselves are untrustworthy.
    They don't do their due diligence in verifying hosts they issue certificates to, safeguarding their private keys, or revoking certificates when keys get stolen.
    The entire idea is insecure because users want shit to work transparently, and CAs want to do shit as cheaply as possible.

    You can have all the logs and auditing that you want, but when some soccer mom can't buy something on Amazon, your system has failed.
    And when some CA fucks up and nobody knows because no one is actually monitoring those logs, your system has failed.
    And if you DO have dedicated groups that monitor logs and do audits, it becomes the same fucking game of knowing which monitoring group to trust, how far to trust them, etc. 99.9999% of users will just be confused, and will think their next computer crash has something to do with the internet hacks Wolf Blitzer told them about.

    The only way to trust a host is to verify their identity yourself. And if you're going to go and fucking verify the trustworthiness of CAs via analyzing their logs yourself, you may as well just verify the trustworthiness of individual sites yourself. Call up Amazon and ask them about their certificate. Maybe they should print it on the back of all their packing slips.

  8. Re:Not Impressed by masternerdguy · · Score: 3, Funny

    Age verification is censorship.

    --
    To offset political mods, replace Flamebait with Insightful.
  9. Not a fix by Todd+Knarr · · Score: 4, Interesting

    The proposed solution makes it easier to identify invalid certificates after a compromise is known. It doesn't do anything to stop the compromise, because the compromised certificates were issued correctly by the CA just like every valid certificate.

    The problem is that the CAs aren't completely trustworthy and aren't completely impervious to attack, and never will be. Any solution needs to permit a compromised CA's root certificates to be revoked without instantly invalidating huge swathes of issued certificates that weren't part of the compromise. I don't see any way of doing that that doesn't involve changing the basic approach from one of "a single CA issues a specific certificate" to "one or more CAs certify the authenticity and validity of a certificate'. In short, CAs cease being the sole issuers of documents and become the equivalent of notaries public certifying that the person who created the certificate is really who the certificate says they are.

  10. Re:Something To Think About by errandum · · Score: 3, Insightful

    How do you propose to verify someone's (or some site's) identity without having a trusted third party telling you that you should? What you say is kind of utopic, it might work to connect to somewhere you know, but it'll fail on a larger scale.

    And don't forget that it's not just you having to verify the website's identity, sometimes it is also the website asking to verify yours. Even if they used their own CA to hand you a certificate, they still needed a trust based system.

    Yes, I see your point, on a basic level ssh only relies on an asymmetric key exchange and sygnatures and not on CA's, but the problem is way bigger than that.

  11. An extra certificate sent to the browser by Megahard · · Score: 3, Funny

    So eventually it will be certificates all the way down.

    --
    I eat only the real part of complex carbohydrates.
  12. Re:Something To Think About by shentino · · Score: 3, Interesting

    DNSSEC is unpopular with governments because it breaks censorship.

  13. Maybe no Doctor in this world... by SkimTony · · Score: 3, Funny

    But that would admittedly be a pretty boring episode. And not the sort of thing he usually worries about.