Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Standard For Issuance of SSL/TLS Certificates

Posted by Soulskill on from the new-model-new-flaws dept.

wiredmikey writes "In light of the many security breaches and incidents that have undermined the faith the IT industry has in Certificate Authorities (CAs) and their wares, the CA/Browser Forum, an organization of leading CAs and other software vendors, has released the 'Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates,' an industry-wide baseline standard for the operation of CAs issuing SSL/TLS digital certificates natively trusted by the browser. The CA/Browser Forum is requesting Web browser and operating system vendors adopt the requirements (PDF) as part of their conditions to distribute CA root certificates in their software. According to the forum, the Baseline Requirements are based on best practices from across the SSL/TLS sector and touch on a number of subjects, such as the verification of identity, certificate content and profiles, CA security and revocation mechanisms. The requirements become effective July 1, 2012, and will continue to evolve to address new risks and threats."

7 of 62 comments (clear)

  1. Or by Spad · · Score: 5, Insightful

    In other news: Certificate Authorities who were already half-assing their verification processes, hiding their security breaches and not bothering to secure their internet-facing phpmyadmin installs will continue to do exactly that under the new regime right up to the point that they get caught, just like now.

  2. Re:What? by jd · · Score: 4, Informative

    There was an agreement, way back when, which involved multiple levels of certs and a general understanding of what level of integrity each level of cert offered. It wasn't hard-and-fast, certainly no standard, but it was generally accepted and generally used. Then people wanted certs cheap and now, not something high levels of integrity checking really allow for, so what agreement did exist simply went up in smoke as vendors pandered to customers over and above common sense.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  3. SubjectAltName and internal names / reserved IPs by nullchar · · Score: 4, Insightful

    It's great the CA/Browser Forum, made up of the most prominent Certificate Authorities, is taking steps to standardize their rules for certificates. Many rules in the PDF are technical and exact, which will help with software enforcement.

    However, even this necessary step of not issuing public certs for non-FQDN hostnames and reserved IP addresses won't take effect until late 2016!

    As of the Effective Date of these Requirements, prior to the issuance of a Certificate with a subjectAlternativeName
    extension or Subject commonName field containing a Reserved IP Address or Internal Server Name, the CA
    SHALL notify the Applicant that the use of such Certificates has been deprecated by the CA / Browser Forum and
    that the practice will be eliminated by October 2016. Also as of the Effective Date, the CA SHALL NOT issue a
    certificate with an Expiry Date later than 1 November 2015 with a subjectAlternativeName extension or Subject
    commonName field containing a Reserved IP Address or Internal Server Name. Effective 1 October 2016, CAs
    SHALL revoke all unexpired Certificates whose subjectAlternativeName extension or Subject commonName field
    contains a Reserved IP Address or Internal Server Name.

    If we're going to spend time and resources updating our browsers and operating systems to enforce some of these requirements and properly query certificate revocation lists, we may as well throw out the entrenched CA model and try something else.

  4. Don't baby security companies by thegarbz · · Score: 4, Insightful

    These are companies in which we should place our full trust. There shouldn't be standards, codes of practices, or anything else which could let an idiot with a computer become a root CA.

    Instead the requirements should open them up to vigorous external audits. The auditors should be security experts and should be able to look at every part of the internal and external infrastructure owned by the CA. Any CA that fails should be kicked off the list.

    Maybe then we'd weed out the incompetents from the companies with which we trust our security.

  5. This is a step forward by Animats · · Score: 4, Informative

    This is a step forward. Not a huge step, but a step. There's a standard, and although it's weak, it's at least there. And, importantly, there's a list of who's signed onto complying with it. The CA Browser Forum says that 94% of the issued certificates were issued by their members, and there's a list of all 40 members. All root certs from non-Forum members should be removed from browsers. Some browsers now recognize as many as 200 CAs. A purge is in order.

    There's now a way to check whether a CA claims to comply with these rules. If the cert contains OID 2.23.140.1.2.2, the identity of the business behind the cert has supposedly been validated. If the cert contains OID 2.23.140.1.2.1, only the domain behind the cert has been validated. If it doesn't contain either of those, after July 2012, it's worthless. Browsers should be adjusted accordingly. Note that, for the first time, there's an actual verification process for business identity for non-EV certs. This is a big step forward.

    I'm very interested in the validation process for business name information, as described in section 11.2.1 of the specification. We use that info in SiteTruth, and we'll be tightening up our cert validation, now that there are standards.

    It's not clear how this will interact with Akamai's practice of issuing secondary certs for their customers, so that Akamai's caching servers can present SSL certs from companies Akamai represents. Akamai isn't a CA itself, and isn't a member of the CA/Browser forum.

  6. Sure you can. by khasim · · Score: 4, Interesting

    You can't have encryption without authentication, ...

    Sure you can. Encryption by itself does not mean secure communications. Bruce Schneier has a great book on the subject, "Practical Cryptography".

    ... otherwise anyone can stand between you and the endpoint and impersonate the other end.

    That does not mean that the transmissions are not encrypted. Just that the communications channel is compromised. But transmission between you and the MitM are encrypted. As are communications between the MitM and the site you think you're connected to.

    Which gets to the core problem. The way it is currently set up depends upon too many points of failure with no way to validate any of the connections.

    How do you KNOW that the site you've connected to is your bank in the USofA? Are you going to check to see that the CA issuing that certificate is not based out of Romania?

    And the reason that it is set up this way is because it is EASIER for the banks to pass on any losses to the customer or business. Change that and you'll see fixes happening.

    Right now your computer accepts a SINGLE source for encryption and "authentication". There should be at least 2 or 3 different checks.

  7. Re:Why so complicated? by mhogomchungu · · Score: 4, Informative

    Why aren't SSL certs only to encrypt the transmission so data can't be packet sniffed? Why must the cert also certify that foo.com's owners paid $X for a cert?

    SSL uses PKI(public key infrastructure). PKI provides two things, authentication and encryption. Authentication is critical because it proves the encrypted message is going the the recipient and there is nobody in the middle.

    Why must the cert also certify that foo.com's owners paid $X for a cert?

    It only certify that foo.com owns the certificate, it says nothing about how much the certificate costs.A certificate is a signed public key.

    If I connect to mybank.com, can't I clearly tell from the URL that I'm going to where I think I'm going?

    If you type "mybank.com" on your browser, your browser will make DNS request to get "mybank.com" IP address. Somebody could high jack the DNS request and return "iownyou.com" IP address and all of your data will send there instead of "mybank.com". Here is the part where the authenticity of the connection comes in.

    In contrast, when I ssh between computers, I don't need any certs for that. Assuming I typed the host's name correctly, I'm going to where I think I'm going. Right?

    When you ssh to a new computer, you will be presented with the other computer signature and asked if you trust the connection is coming from where you think its coming from and it is your responsibility to authenticate the connection. The CA system puts the responsibility on somebody else. The way ssh works is equivalent to self signed keys online. They will give you encryption but not authenticity. If you go to "mybank.com" and they say "we are mybank.com, trust us,we are who we say we are, here is an encrypted connection, use it to send your bank info", would you proceed? i hope you wont.