Today I discovered how broken is the current situation for SSL, HTTPS and Certification Authorities (CA), thanks to a Reddit post about a “BlackHat USA 2011″ 48-minutes presentation that is very entertaining to follow:
SSL And The Future Of Authenticity
“too long; didn’t watch”
Here’s a quick summary. The speaker tells a story of a successful attack against a famous CA, that exposed anyone to “man in the middle” attacks, and then points out that in the current system we are forced to trust a CA forever, without having the “agility” to decide to distrust someone or beginning to trust someone else. He proposes a new distributed system based on “perspective”; basically when you want to access a site with HTTPS, you take the site’s certificate and ask someone else (servers called Notaries): “do you see what I see?” and if they see the same certificate that you see then you consider it valid. This system is called “Convergence” and we can already install a Firefox add-on to secure ourselves.
The presenter is very good at explaining technological problems from a human perspective. I have a feeling that I can trust him and trust his system, but the good news is that I don’t have to trust him. He doesn’t ask me to trust him, the only catch is that the default Notaries in the Firefox add-on are his own servers, but I can change them anytime I find a Notary that I can trust.
One small thing that I noticed is that if all Notaries are his own and I activate his Convergence add-on, it means he can record that I want to access, for example, Google or Paypal or WordPress in HTTPS; he can have a very incomplete and superficial history of my HTTPS web browsing. This issue is no big deal for me (thinking about what my ISP can sniff), and it will go away once I choose to trust different notaries.
Finally, he gains big trust points because everything is open source. He has a GitHub repository where any developer can see what this system is about in details, both for the client (browser add-on) and for the server (the Notary).
In order for Convergence to be successful, I think four main things need to happen:
- Trusted companies/celebrities (Canonical, FSF, ESR, Google …) begin to offer Notary services,
- Add-ons are developed for all major browsers, for desktop and mobile platforms,
- Users begin to get sensitive about this issue,
- No big bad company initiates a war against this system.
The first two points seem very likely to happen; the last two, I’m not so sure. In any way the system is very scalable, in the sense that even if a small portion of people adopt Convergence, it works anyway. It’s a system that doesn’t need to be pervasive on the network, doesn’t ask anything to the user, and doesn’t impose anything on the websites. It simply becomes theoretically more secure the more notaries are there. CAs could take a hit from this system since their authority could become less precious, but I think the bulk of the users (Windows + Internet Explorer ones) are still too many and too important for most websites, which will continue to pay CAs to provide certificates signed by them in order for their website to work for everyone.
To conclude, a quote popped into my mind, from the West Wing, season 6 episode 8 “In the room”:
Vinick: “The Founding Fathers didn’t set up a government based on trust. They could have designed a government based on trust in our ability to govern fairly but they knew that power corrupts so they invented checks and balances. That was genius. The Founding Fathers did not want me to trust you and they did not want you to trust me.”
Josh: “Well they must be very proud of us.”
Edit: see also his blog post: SSL And The Future Of Authenticity.