The CA model is fundamentally flawed in the fact that you have CAs
whose sole "trustworthiness" is the fact that they paid for an audit
(for Microsoft, lower requirements for others), they then issue
intermediate certificates to other companies (many web hosts and other
minor companies have them) whose sole "trustworthiness" is the fact
that they paid for an intermediate certificate, all of those
companies/organisations/people are then considered trustworthy enough
to confirm the identity of my web server despite the fact that none of
them have any connection at all to me or my website.
There is already a chain of trust down the DNS tree, if that is
compromised then my SSL is already compromised (if they control my
domain, they can "verify" they are me and get a certificate), what
happened to RFC4398 and other such proposals? EV certificates have a
different status and probably still need the CA model, however with
"standard" SSL certificates the only validation done these days is
checking someone has control over the domain. DNSSEC deployment is
advanced enough now to do that automatically at the client. We just
need browsers to start checking for certificates in DNS when making a
HTTPS connection (and if one is found do client side DNSSEC validation
- I don't trust my ISPs DNS servers to validate something like that,
considering they are the ones likely to be intercepting my connections
in the first place!).
It will take a while to get updated browsers rolled out to enough
users for it do be practical to start using DNS based self-signed
certificated instead of CA-Signed certificates, so why don't any
browsers have support yet? are any of them working on it?
- Mike
There's an app^W^Wa Working Group for that.
<http://tools.ietf.org/wg/dane/>
I'm pretty fond of the idea proposed by gpgAuth.One key to rule them
all (and one password) combined with the client verifying the
server.It's still in its infancy, but it works.
-A
(Full disclosure: I work with the creator of gpgAuth in our day jobs)
https://bugzilla.mozilla.org/show_bug.cgi?id=647959
--- SNIP ---
This is a request to add the CA root certificate for Honest Achmed's
Used Cars and Certificates. The requested information as per the CA
information checklist is as follows:
1. Name
Honest Achmed's Used Cars and Certificates
2. Website URL
www.honestachmed.dyndns.org
3. Organizational type
Individual (Achmed, and possibly his cousin Mustafa, who knows a bit
about computers).
4. Primary market / customer base
Absolutely anyone who'll give us money.
5. Impact to Mozilla Users
Achmed's business plan is to sell a sufficiently large number of
certificates as quickly as possible in order to become too big to fail
(see "regulatory capture"), at which point most of the rest of this
application will become irrelevant.
--- SNIP ---
Yes, but it needs to be something that either (a) Joe Sixpack never
sees, or (b) Joe Sixpack actually understands. Are either of those
true?
Neither at the moment--but it's close.
-A
what's the real benefit of an EV cert? (to the service owner, not the
CA, the CA benefit is pretty clearly $$)
-chris
(I've never seen the value in EV or even DV certs really... so I'm
actually curious what the value other see in them is)
The benefit is to the end user.
They see a green address bar with the company's name displayed.
Yeah, company's name displayed -- individuals cannot apply for EVSSL certs.
With normal certs, the end user doesn't see a green address bar, and
instead of the company's
name displayed "(unknown)" is displayed and
"This web site does not supply ownership information." is displayed.
If you ask me, hiding the company's name even when present on a non-EVSSL
cert is tantamount to saying "Only EV-SSL certs are really trusted anyways".
So maybe instead of these shenanigans browser makers should have just
started displaying a "don't trust this site" warning for any non-EVSSL cert.
this isn't really a benefit though, is it? isn't the domain-name in
the location bar doing the same thing?
No. As a counter example... How may domain names do Wells Fargo and Citibank (Citi Corp? Citi Group?) operate respectively? I'm a customer, and I can't keep it straight.
Companies that wrap their services with generic domain names (paymybills.com and the like) have no one to blame but themselves when they are targeted by scammers and phishing schemes. Even EV certificates don't help when consumers are blinded by subsidiary companies and sister companies daily (Motorola Mobility a.k.a. Google vs. Motorola Solutions.)
NOTICE TO RECIPIENT: The information contained in this message from
Great River Energy and any attachments are confidential and intended
only for the named recipient(s). If you have received this message in
error, you are prohibited from copying, distributing or using the
information. Please contact the sender immediately by return email and
delete the original message.
So, part of my point here about ev/dv/etc certs is that in almost all
cases of consumer fraud and protection, HTTPS is never used. Hell,
half the spams I get are
http://IP_ADDRESS/somethign/something/something.php ... Falling back
on the 'well ev certs are there to provide protection to the consumer'
is just FUD (I think).
again, not seeing a benefit here...
-chris
Normally, I heart my Mac. But Apple in its infinite wisdom decided that
EV certificates are so much better, they refused to honor my edit of my
own system keychain!
So, negative benefit for the consumer.
Mike,
It will take a while to get updated browsers rolled out to enough
users for it do be practical to start using DNS based self-signed
certificated instead of CA-Signed certificates, so why don't any
browsers have support yet? are any of them working on it?
Chrome v 14 works with DNS stapled certificates, sort of a hack. (
ImperialViolet - DNSSEC authenticated HTTPS in Chrome )
There are other proposals/ideas out there, completely different to
DANE / DNSSEC, like http://perspectives-project.org/ /
http://convergence.io/ .
Regard,
Martin
I.e. instead of a set of trusted CAs there will be one distributed net
of servers, that act as a cert storage?
I do not see how that could help...
Well, I do not even see how can one trust any certificate that is
issued by commercial organization.
Gregory,
Mike,
> It will take a while to get updated browsers rolled out to enough
> users for it do be practical to start using DNS based self-signed
> certificated instead of CA-Signed certificates, so why don't any
> browsers have support yet? are any of them working on it?
Chrome v 14 works with DNS stapled certificates, sort of a hack. (
ImperialViolet - DNSSEC authenticated HTTPS in Chrome )
There are other proposals/ideas out there, completely different to
DANE / DNSSEC, like http://perspectives-project.org/ /
http://convergence.io/ .
I.e. instead of a set of trusted CAs there will be one distributed net
of servers, that act as a cert storage?
I do not see how that could help...
Well, I do not even see how can one trust any certificate that is
issued by commercial organization.
As I understand it the idea is that you would have the
power/capability to assign trust yourself to friends, CAs and your
cat. This then forms some form of (washed out word-warning) web of
trust, when you connect up with others and get their
one-step-away-trust imported.
Outsourcing trust is a pretty hard problem... there's no way to get
around it, really, so this approach (as per my limited research) at
least gives you some power to control it.
Regards,
Martin
There should be a government body to issue certificates then 
But Gregory is right, you cannot really trust anybody completely. Even the larger and more respectable commercial organisations will be unable to resist <insert intel organisation here> when they ask for dodgy certs so they can intercept something..
No, as soon as you have somebody who is not yourself in control without any third party verifiably independent oversight then you have to carefully define what you mean by trust.
GE Money Bank is notorious for this… from a retail store's main page they redirect you to https://www3.onlinecreditcenter6.com. (No-EV certificate, either.)
-cjp
But Gregory is right, you cannot really trust anybody completely. Even
the larger and more respectable commercial organisations will be
unable to resist <insert intel organisation here> when they ask for
dodgy certs so they can intercept something..
No, as soon as you have somebody who is not yourself in control
without any third party verifiably independent oversight then you have
to carefully define what you mean by trust.
i am having trouble with all this. i am supposed to only trust myself
to identify citibank's web site? and what to i smoke to get that
knowledge? let's get real here.
with dane, i trust whoever runs dns for citibank to identify the cert
for citibank. this seems much more reasonable than other approaches,
though i admit to not having dived deeply into them all.
randy
Randy Bush wrote:
But Gregory is right, you cannot really trust anybody completely. Even
the larger and more respectable commercial organisations will be
unable to resist <insert intel organisation here> when they ask for
dodgy certs so they can intercept something..
No, as soon as you have somebody who is not yourself in control
without any third party verifiably independent oversight then you have
to carefully define what you mean by trust.
i am having trouble with all this. i am supposed to only trust myself
to identify citibank's web site? and what to i smoke to get that
knowledge? let's get real here.
with dane, i trust whoever runs dns for citibank to identify the cert
for citibank. this seems much more reasonable than other approaches,
though i admit to not having dived deeply into them all.
It seems to me that this depends a lot on how much you can tolerate single
points of failure. The current de-trusting is certainly going to cause trouble
for whoever used that CA, but the internet didn't roll over and die either.
If the root DNS keys were compromised in an all DNS rooted world... unhappiness
would ensue in great volume.
Mike, poison and choices...
with dane, i trust whoever runs dns for citibank to identify the cert
for citibank. this seems much more reasonable than other approaches,
though i admit to not having dived deeply into them all.
If the root DNS keys were compromised in an all DNS rooted world...
unhappiness would ensue in great volume.
as eliot pointed out, to defeat dane as currently written, you would
have to compromise dnssec at the same time as you compromised the CA at
the same time as you ran the mitm. i.e. it _adds_ dnssec assurance to
CA trust.
randy