Fixing SSL security: Supplementing the certificate authority model

*
Accepted Session
Short Form
Scheduled: Tuesday, June 1, 2010 from 1:30 – 2:15pm in Steel

Excerpt

The most common way of using SSL/TLS encryption relies on a public-key infrastructure that puts near-absolute trust in a large number of entities around the world, any one of which could accidentally or deliberately empower anyone to impersonate any site or service and spy on all of our communications. We've seen that these certificate authorities can make mistakes. We need new mechanisms to meaningfully double-check that they're doing the right thing.

Description

The most common way of using SSL/TLS encryption relies on a public-key infrastructure that puts near-absolute trust in a large number of entities around the world, any one of which could accidentally or deliberately empower anyone in between us and our communication partners to impersonate any site or service and spy on all of our communications. We’ve seen that these certificate authorities can make mistakes. CA mistakes, or collaboration with attackers, can expose us to undetectable man-in-the-middle attacks, so we need new mechanisms to meaningfully double-check that they’re doing the right thing.

I will discuss a whitepaper and research collaboration that are exploring the available sources of information that could help address this problem.

Speaking experience

Speaker

  • Seth Schoen

    Electronic Frontier Foundation

    Biography

    Seth Schoen is a Senior Staff Technologist at the Electronic Frontier Foundation. He has worked at EFF for eight years, helping other technologists understand the civil liberties implications of their work, EFF staff better understand the underlying technology related to EFF’s legal work, and the public understand what the technology products they use really do. He helped create the LNX-BBC live CD and has researched phenomena including laser printer forensic tracking codes, ISP packet spoofing, and key recovery from computer RAM after a computer has been turned off.

    Sessions