Fixing SSL

I’ve never been really happy about the way certificates are implemented on the Internet.
This was highlighted earlier this year with the hack against Comodo which led to the issuance of several fraudulent certificates.
Immediately after this was reported, I went into my browser settings to check the approved CAs (and remove Comodo). It floored me to see how many trusted authorities were in there.

Firefox defaults

Do I really trust all of these authorities?

So what can we do if we don’t want to blindly trust a centrally controlled list of corporations and government entities?

Enter Convergence.

A project by noted security researcher Moxie Marlinspike, Convergence removes the need for Certificate Authorities by giving the client complete control over who they trust to verify certificate authenticity.  Basically, anyone can set up a CA (notary in Convergence terminology).  Each client is able to choose which notaries to trust, and more importantly the client can configure Convergence to require a consensus amongst their notaries.  So, if a notary were compromised, as in the Comodo attack, the client would not be at risk since the notary with a mismatched certificate would be ignored.

In theory, this distributed trust system should work quite well, but the problem is getting a critical mass of support.  Currently, it is only available as a Firefox plugin which won’t attract widespread adoption.

Ideally this would be included in browsers by default, with a short starter list of notaries.

Enterprise IT could also be a great way to spread this.  Employee machines could be easily configured to trust the company’s notary in addition to any corporate partners.  End users would never have to be presented with warnings about self-signed certs for internal resources, which is another major problem with the current implementation of SSL.  Many users are accustomed to seeing certificate warnings that are benign and clicking through becomes a habit.

So, Convergence fixes both the problems with the CA system and the general ineffectiveness of SSL warnings.

It looks like a great idea, but the best solutions don’t always win.  We’ll see if this can gain any traction.

Advertisements

2 responses

  1. Pingback: SSL revisted. (Bonus item: Baselining) | Arboreal Security

  2. Pingback: The fragile, resilient Internet | Arboreal Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s