Tag Archives: certificate authorities
Suffice to say, the Certificate Authority trust model seems to be fundamentally broken, and with increasing attention paid to it from numerous angles, it’s likely to need a massive overhaul before getting any better. However, there are efforts underway to change the way we think about trust in this capacity. Moxie Marlinspike, known for his contributions to (breaking) SSL and the CA system (among other things), recently developed an alternative to the traditional CA trust model. The project, called Convergence, pairs a Firefox add-on with a set of server-side components to help validate the authenticity and trustworthiness of a particular SSL-enabled site.
Although Moxie’s blog post (that led up to Convergence) and the video of his talk at BlackHat USA 2011 explain the rationale a bit more, the concept is simple: you visit a (SSL-enabled) site, let’s say SomeTrustedSite.com, and the Convergence add-on sees a certificate with a fingerprint FOO. The add-on asks a set of Convergence “Notary servers” what they see. If they see FOO, you can reason that SomeTrustedSite.com‘s cert is legit. If one or more of the notaries sees something that isn’t cert fingerprint FOO, something’s probably rotten (such as man-in-the-middling of your connection, or a notary’s connection, or some other network nastiness). Most importantly, you decide which notaries you want to trust, rather than relying on a browser-vendor defined list of Certificate Authorities. Convergence also attempts to anonymize inquiries to notaries so as to minimize the likelihood of a notary getting a bit too privy to your browsing habits.
Per the Convergence site, the installation process for the add-on is fairly straightforward: run Firefox, visit Convergence.io, click “Download”. After that, add any notaries you wish to trust — two Thoughtcrime notaries are enabled by default, and there’s an ever-growing list of additional notaries on the project’s Github wiki. As this project caught our eye, Intrepidus Group decided to spin up a notary server of our own, which can be added by loading our notary file (if you have Convergence installed, you can simply browse to “.notary” files/links to add the associated notary info).
And Intrepidus isn’t the only company to get on the Convergence notary server train. Late last month, Qualys announced their support of the project, as well as spinning up two notaries. We certainly hope to see more of this type of backing in the near future, and encourage others to run their own notaries as well.
A long, long time ago, on a not so distant blog, I questioned the manner in which we make trust decisions regarding HTTPS enabled web sites.
Yesterday, Sid Stamm and Christopher Soghoian published a very interesting paper that further explores problems with SSL PKI and the trusted CA model. Most recent SSL research has focused on exploiting technical, implementation specific flaws in various pieces of SSL PKI. Stamm and Soghoian instead discuss a much more esoteric threat: various government agencies strong arming trusted Certification Authorities into issuing valid certificates for nefarious purposes.
The authors describe a fictitious attack on Chinese dissidents where the Chinese government coerces a Chinese CA to issue a certificate for US based Google. By detecting a change in the country of origin for the signing CA of the Google certificate, the authors say that an otherwise perfect SSL MITM attack can be detected.
But with all this talk of the Google hack, APT, and various government and defense agencies being successfully attacked themselves, who is to say that the Certification Authorities are immune? Why strong arm a CA, when you can silently issue your own certificate?