Launching 2015: a New Certificate Authority To Encrypt the Entire Web

Peter Eckersley writes: Today EFF, Mozilla, Cisco, and Akamai announced a forthcoming project called Let's Encrypt. Let's Encrypt will be a certificate authority that issues free certificates to any website, using automated protocols (demo video here). Launching in summer 2015, we believe this will be the missing piece that deprecates the woefully insecure HTTP protocol in favor of HTTPS.

quick question

how can one verify that this future "certificate authority that issues free certificates to any website" hasn't issued a cert to the NSA for your domain? is it possible?

Re:quick question

[Peter+Eckersley]

Actually the US Department of Defense and dozens of other governments have their own CAs with which they could issue a certificate for your domain, if they wished to. Here's a map we made of them using our SSL Observatory datasets.

Nonetheless we should be able to use publication mechanisms such as Certificate Transparency to ensure that any compromise or compulsion of the Let's Encrypt CA could be quickly detected.

Re:quick question

[tignet]

How can one verify that a different CA doesn't issue a certificate for your domain name to the NSA? It's happened before (including sub CAs getting compromised so new certificates could be created at will).

In order for traditional PKI to work, there needs to be a point of trust -- the certificate authorities. That also means trusting anyone that controls the certificate authorities (who may have the power of secret laws, subpoenas, and gag orders). If you don't trust the authorities, then you cannot trust PKI.

There can be public/private encryption without a centralized authority (SSH keys, PGP, etc). However, then it's up to each person to individually verify the authenticity of every other key. The certificate authority performs that role, so long as you're willing to trust them.

Re:quick question

[ememisya]

I don't believe any "burried deep within your cables" type organization would require this sort of access. It's a lot easier to exploit some kind of a firmware vulnerability and download the private key to the CA, or simply VNC into the target user's machine to see the requested data before it was encrypted. This is to keep out private hackers, organized hackers, wealthy hackers etc. The government will always have access to your data, well since they tend to have tanks the persuation tends to be unmatchable. The turn of the tide for our century is to see if the governments who do have such access will show equal attention to everyone rather than be in favor of economics, lets be honest having access to all of someone's data immediately tends to reduce respect to that person, objectifying them. This is the culture which is really the root of all the privacy issues. I think ultimately we need to rebrand the NSA err I mean shut down the NSA. Because truly, nobody is watching your computer... O_O ... That's the point, when you KNOW someone is watching, it screws up the whole experience.

When something's strange, in your computer, who you gonna call? Momentarily the answer is, "Tough luck" We've been talking about a "government layer" within the network stack (jokingly at first) for decades. As it is however, the world has a major respect issue between authority and economically disadvantaged. It's really a very complex issue. But I'd say the only good way out is read-only access, which doesn't exist, by highly trained (and hopefully paid) employees who just don't exist.

If you're asking, isn't that the case today anyways? The answer is no, there are 0 checks and balances, apparently. In that, a family was raided (agents boxed in their cars), and interrogated because they Googled, "pressure cooker". Heads of such agencies lied to the Congress, in public, and nobody cared. There is this feeling that there are no consequences to invading people's privacy, whereas it should be jail time for the officials. You see? That's the issue with respect, the person who is watching isn't intimidated at all into peering over a person's private life.

Re:quick question

[phantomfive]

You can't. That gets at the root of the primary problem, and why web traffic isn't encrypted already.

There are two issues, encryption and trust. When you connect to Google.com, how do you know that you've really connected to Google.com? Right now, because Verisign (or somebody) has vouched that the certificate comes from Google.com (ip address by itself isn't enough). Without that vouching, there are all kinds of MITM/redirection attacks that can happen.

From a theoretical standpoint, encryption without trust is no more secure than plaintext transmission. However, from a practical standpoint, encryption blocks out a lot of script kiddies who sit on a wireless network with wireshark (incidentally, there is no way to verify that a WiFi SSID corresponds to a given base station, so if you're on WiFi you are almost always vulnerable to MITM attacks). The EFF, Mozilla, Cisco, and Akami are trying to raise the bar on the difficulty of the practical attacks.

So we're moderately reducing the ease of the theoretical attack, but the big problem is still there, "is this website trusted, or just encrypted?" Traditionally no browser has had a way to distinguish, but it looks like Mozilla is going to, so that's a good thing.

We still have the problem of trust though. It's probably the toughest problem in all of the fields of security and encryption.

Re:quick question

[userw014]

...

What might have been better is early on, have Web browsers accept self-signed SSL certs, and show some grey icon for that....

Web Browsers DID used to accept self-signed certificates (and certificates signed without a known CA - or cert-chain.) People just clicked through and accepted them willy-nilly. That was a poor security model. Although the existing security model of having a swamp of independent Root Certificate Authorities (per browser) is not too great either, but at some point you have to establish whom to trust - and for most of us, it's the browser vendor. (Some of us prune the Certificate Authority list and distribute the new list with software imaging technologies....)

Re:quick question

[Shakrai]

If you're engaged in activities that would place you on the radar of a major nation-state's intelligence apparatus you shouldn't trust anyone. The only truly secure way to use encryption is to exchange keys (or better yet, one time pads) in person with those that you wish to communicate with. The web of trust/certificate authority model was never intended to provide protection in life or death scenarios, rather it was intended to protect day to day web browsing and e-commerce. By definition it requires that you trust people you've never met and will never meet. This is sufficient when the threat vector is nosy network administrators and script kiddies sniffing hotspot packets at Starbucks.

The whole discussion here is laughable; there's probably a 10 to 1 ratio of people questioning this development vs. those welcoming it. I'm guessing that not a single one of the people in the former category is interesting enough to be on NSA's radar. Many of these same people were commenting in the stories about supercookies and condemning AT&T and Verizon for that behavior. Here's your solution to such shenanigans people....

Re:CAcert

[ememisya]

It really has much to do with the people involved in the security groups for the popular browsers. I have a feeling EFF, Cisco, Mozilla and Akamai are big enough names to push this through to production.

Fantastic.

[KermodeBear]

This is a fantastic effort that will help people such as myself. I run sites across a dozen or so hosts, but they don't generate income and I really don't want to drop all that money into certificates. If I can get free certificates from a good CA then I'll gladly bump all my sites over to HTTPS.

Thank you!

Re:CAcert

[Fnord666]

A lack of sufficient auditing capability is what has kept CACert out of most browser CA bundles.

Which is laughable considering some of the other CAs that are included.