LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Certificates and "authorities"

Certificates and "authorities"

Posted Sep 8, 2011 13:58 UTC (Thu) by Nelson (subscriber, #21712)
Parent article: Certificates and "authorities"

Why is it forlorn to hope CAs will keep their systems secured? With this current business model security is what they charge for. Not just that, you pay premiums for increased security. (if you want color bar or different authentication strengths they ask for more money!) The missing piece is the feedback loop, Comodo is big and widely used so when they screw up, nothing happens. Diginotar isn't so when they screw up they get the internet death penalty. More over the cost of the death penalty doesn't simply hurt Diginotar, it hurts their customers. This business model doesn't work. That's the problem. The protocols work, I even think the browser warnings work. Maybe the solution is to have a third party that assembles CAs, distributes them, runs OCSP services and the end users can pay a fee like with anti-virus or something.

(Log in to post comments)

Certificates and "authorities"

Posted Sep 8, 2011 15:07 UTC (Thu) by rgmoore (subscriber, #75) [Link]

Why is it forlorn to hope CAs will keep their systems secured?

Even if they manage to keep their systems technically tight as a drum, they can't escape social and legal pressure. Imagine, just for example, what would have happened if it had been the Dutch government that wanted to issue false certificates rather than the Iranian government. They wouldn't have needed to break into DigiNotar; they could just walk over and demand that DigiNotar issue them the false certificates. Do you really think the official Dutch CA is going to turn down a government request for a false Cert, especially if it's presented as being for some important and legitimate government purpose like tracking thieves or terrorists? Do you think any of the few CAs that Google uses to sign its official certificates would be able to escape from pressure from their national governments?

And it's not just a question of that kind of legal authority. What happens when organized crime decides that it's very valuable to be able to issue false certificates? There are all kinds of ways they could do it: using a mole to infiltrate an existing CA, blackmailing a CA employee into issuing them fake certs, or even setting up their own CA as a legitimate enterprise and sneaking out a few fake certs once in a while when their business needs them.

This is an inherent problem with the trust model. If you place a lot of trust in a specific authority, you greatly increase the value of suborning that authority. People who have skill at suborning authorities will be able to take advantage.

Certificates and "authorities"

Posted Sep 8, 2011 15:50 UTC (Thu) by mike.cloaked (subscriber, #63120) [Link]

Perhaps some accelerated effort would and could usefully be directed towards securing dns? Is it not the case that secure dns would sidestep the majority of the problem resulting from this CA problem? After all if browsers were only able to point at the "official" website instead of an illegal one, then the user would not need to check for fraudulent certs in the first place?

How are we doing generally in bringing in dnssec or a more advanced version of the same idea?

Certificates and "authorities"

Posted Sep 8, 2011 22:27 UTC (Thu) by tialaramex (subscriber, #21167) [Link]

DNSSEC is deployed. The root is signed, many major TLD registries are equipped for DNSSEC. However, registrars are mostly in a cut-throat price war. The customer service overhead of teaching customers about DNSSEC isn't paid for by the dubious benefits of offering it. So there's an excellent chance that if you have a domain in a popular TLD today via a registrar, there's no way to get DNSSEC working with that domain without changing registrar.

This will probably change gradually, with better tools and increasing customer awareness. Today example.com, and fedoraproject.org - tomorrow Google and your banks, some day your blog.

On the client things are similarly slow moving. Enthusiasts have working DNSSEC in their client software today, but the average person does not. In the medium term the goal is that most users will go via their ISP's DNS server, and the queries performed by that server will be secured with DNSSEC, but obviously if your adversary is the government, the ISP is probably compromised anyway, so this doesn't help you.

Technically it's a done deal. Typing "ssh foo.bar.baz" and knowing you're only trusting bar, baz and the root to identify this "foo.bar.baz" machine works right now, on the public Internet (though obviously not for that made up address). But translating that into an ordinary user typing "www.facebook.com" into their browser and definitely getting the privacy-infringing social network site, not an Iranian impostor, may be years off even if we get agreement that it's desirable.

Certificates and "authorities"

Posted Sep 9, 2011 0:07 UTC (Fri) by mtaht (✭ supporter ✭, #11087) [Link]

Getting your dns signed with dnssec has become easier and easier with the more current versions of bind.

In fact, both bufferbloat.net (running on a x86_64 box) and http://jupiter.lab.bufferbloat.net (running on a mips based cerowrt box) are now both signed, and the overhead seems non-existent.

comcast is running a set of dnssec enabled dns servers now, as well, which work great as forwarders.

dns.comcast.net

There is a tool for firefox that can validate if your dns signed, here:

https://addons.mozilla.org/en-US/firefox/addon/dnssec-val...

Perhaps one day this could be more effective than CAs.

Certificates and "authorities"

Posted Sep 8, 2011 17:41 UTC (Thu) by Nelson (subscriber, #21712) [Link]

Exactly, or maybe just offering the CA more money to produce a fake certificate. Not just that, but should a CA be compromised, either but hacking or political pressures or other, they have no insentive to disclose that fact. In fact they have every reason not to.

The solution would be to establish trust with maybe a half dozen CAs in different jurisdictions, or at least that would be a solution to some of those problems, but it's cost prohibitive with the current business model.

This isn't a problem with the technology...

Certificates and "authorities"

Posted Sep 9, 2011 0:22 UTC (Fri) by gerv (subscriber, #3376) [Link]

"Do you really think the official Dutch CA is going to turn down a government request for a false Cert, especially if it's presented as being for some important and legitimate government purpose like tracking thieves or terrorists?"

Perhaps not, but everyone who gets MITMed by it gets sent a copy of the certificate, which is non-repudiable evidence about what the CA did. Publish the cert, and the CA's untrustworthiness is exposed for all to see. A few tools so that some people are more likely to notice this, and suddenly it becomes a very business-risky thing for a CA to consent to do.

And if a government blows up all the CAs in its jurisdiction like this (and believe me, CAs 2-N will flee when they see what happened to CA 1) then the attack no longer works for them.

Certificates and "authorities"

Posted Sep 9, 2011 1:12 UTC (Fri) by Nelson (subscriber, #21712) [Link]

Unless the government request is accompanied by piles of cash, in which case other CAs might want in on the action.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds