2010/Fixing SSL security: Supplementing the certificate authority model
The most common way of using SSL/TLS encryption relies on a public-key infrastructure that puts near-absolute trust in a large number of entities around the world, any one of which could accidentally or deliberately empower anyone to impersonate any site or service and spy on all of our communications. We’ve seen that these certificate authorities can make mistakes. We need new mechanisms to meaningfully double-check that they’re doing the right thing.
Speaker: Seth Schoen
Return to this session's details
Contributed notesGoogle search results now available in SSL. Twitter too. Not just for credit card numbers - software distribution, email Helpful for people behind repressive regimes. Created by Netscape to reassure users We have a big key distribution problem. The 301 redirect that is used to transform HTTP to HTTPS can be intercepted and proxies - SSLstrip attack. Attacker can keep proxying pages. Passive versus active adversaries - sniffers versus man in the middle. Diffie-Helman suffices for passive adversaries Active adversary requires secure verification of the remote key Active attacks are easier to detect - no widely used tool for this MITM attacks are easily automated. Simpler protocols tend to be adopted, but defending against active attacks make the protocol complicated. Decentralization, human-meaningfulness, security - pick two
About 40 root certificate authorities in Firefox including 6 national governments. Root CAs vulnerable to weak-link scenarios MD5 too weak to be secure - not all CAs picked up on this right away Some authorities allow null bytes in certificate domain names. Some authorities do not even verify ownership of a domain. Some authorities verify ownership by sending a message to certain email addresses. CNNIC, China Network something something applied to be a root CA and got into Firefox.
To sum up: CAs have a lot of power and little accountability.
Options: Strict Transport Security - formerly ForceTLS - a mechanism to avoid SSL stripping. Used in Chrome and soon in Firefox. Firefox extension from EFF to force HTTPS wherever possible - HTTPS Everywhere SSL Observatory - distributed effort to build SSL certificate blacklist. PGP web of trust for SSL - certs are signed by lots of people? Perspective - Distributed proxies to provide consensus that certain is valid SSH model - remember keys that have been seen before (TOFU or Observed Key History) - implemented as Certificate Patrol in Firefox Similar to above, but tracking whether CA changed. DNSSEC - signatures for DNS records Trustiness - in progress plugin to synthesize info from the above sources. IP AnyCast poses more problems - conditional routing for IP addresses. Standardized site security policies to provide hints about certain consistency and other stuff. Current fragmented approaches include robots.txt, cookie protocol, CORS, etc.
If you run a website please turn on SSL. If you write software please support SSL. In any case please help test stuff like HTTPS Everywhere.