×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Does SSL Validation Matter?

timothy posted more than 2 years ago | from the your-boy-zoolander's-on-the-move dept.

Networking 243

An anonymous reader writes "Right now, in an email list excluded from the public eye, some bright people are discussing the future of SSL. Under debate is (a) do they allow DV (domain only validation) certificates to continue to exist (exist for e-commerce use? only encryption use?) or do they require a higher degree of certificate validation? (b) Do they allow certificates to be issued with non-unique common names (certificates used on internal networks, think your exchange server) or do they ban the practice? If this were 'hypothetically' a heated debate going on right now and you could chime in, what would you say?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

243 comments

I'd say (2, Informative)

Anonymous Coward | more than 2 years ago | (#37009130)

Ask the Chinese. They've been pwning our ass for so long, they know what's secure and what isn't.

The scam will always win -- its all about the scam (5, Interesting)

fyngyrz (762201) | more than 2 years ago | (#37009970)

1) Stop selling the idea that certificates "verify" who you're talking to. They don't. They never did. As soon as I compromise your server -- easily done, as history shows -- I have your certificate. If it is remote across your network, a little more work, but still, soon I'll have it. Now you have still encryption of the intermediate channel, but the wrong person is catching the data.

2) Tell the truth for once, and let people know that certificates provide encryption of the intermediate channel, hardening ONLY that channel against interception (but NOT proofing it.) ID is NOT provided, only an invalid assumption of ID built out of the lies of Verisign and its co-scammers.

3) Stop "allowing" certificates at all. We can easily make them at zero cost, and we should. The whole "Verisign" thing is a complete and utter scam, and always has been, one with the collusion of the browser makers with the fake warnings and "scare the user" policies. Giving ownership of the encrypted data channel to profit making operations was a stupid, stupid move, and has served only to cripple e-commerce from the day it began -- it's one more useless and endless cost for the small entrepreneur to have to absorb, and therefore in the end, the consumer. Further, it has evolved into a higher stakes / cost game of buying that little green verification bar in some browsers. Scams upon scams.

...but of course, this will never be fixed, because the whole "that's who you're talking to" scam is big, big money (extorted from merchants and others who want to provide encryption to the general public), and big money wins out over reality every bloody time.

Doesn't matter how "smart" the people are working on this. They'll go with the money.

SSL decisions in secret? (3, Insightful)

Anonymous Coward | more than 2 years ago | (#37009150)

What's disturbing is that whoever is allowed on this mailing list imagine that they can make decisions out of the public eye and in secret. I call for them to make their discussions public immediately, with their list open to subscriptions and posting, and all past messages archived on the web for all to read. Failing that, we must ensure that no one respects the decisions of any committee operating in secret, for if they hide from the public, they don't have our interests at heart.

Re:SSL decisions in secret? (1)

Anonymous Coward | more than 2 years ago | (#37009802)

Failing that, we must ensure that no one respects the decisions of any committee operating in secret

How arrogant of them to think they could "disallow" me installing unvalidated SSL certs for use at client sites. I think we can guess at the parties that may have a vested interest here. If we can't trust the certificate authorities [btsecurethinking.com] why would we trust their validation? A self-signed, unvalidated key is more secure for many purposes than compromising security by trusting a 3rd party.

Re:SSL decisions in secret? (3, Informative)

Olmy's Jart (156233) | more than 2 years ago | (#37010170)

Well... The fact that it became known does not speak much for their secrecy, and secrecy in this regard is a very relative term, even if the group ever intended it to be a "secret society Illuminate". Sometimes (and I've seen it happen all too often) someone accuses people of discussing things "in secret" only because they weren't a member and the membership signup was not obvious to a 3 year old. Without knowing more about the specific list and group, it is impossible to judge their motives based on an unsubstantiated claim of a "secret mailing list".

I've been a member of "closed" mailing lists before and continue to be to this day. It's generally a question of someone vouching for you. Example... In the dark early days of the Internet and the Robert Morris Worm incident, we had two parallel security lists. To get on the Zardoz list, you merely had to sign up. To get on the ISIS list, you had to have some vouch for you in the "bang path" (uucp notation) between you and them.

More recently, certain mailing lists, such as the recently defunct VendorSec mailing list,. required a discussion amongst the members for you to join. Especially, in security circles, there's a matter of trust and reputation and the very real problems of disruptors , some of whom are "state sponsored" (the government really doesn't like it when you can protect your privacy and your security - you should depend on them for that, right? They long for their good old days of ITAR). Sometimes (SERIOUSLY) some of those lists are there discussing things of a serious enough nature that we don't want the "bad guys" to have a heads up. Some of us have to collaborate in a trusted manner somehow and, yes, we're going to get accused of "operating in secret". But it's just a matter of knowing who you are communicating with and can trust them. This doesn't sound like that kinda list but I would love to know what list it was. There are probably a dozen or more lists on the net right now discussing this very issue, probably including one or more IETF lists. It's generally not a "cabal" and I've never found it hard to join one if you have the reputation to be trusted.

All about money not security. (4, Interesting)

TheLink (130905) | more than 2 years ago | (#37009172)

From my cynical POV, the industry is all about money and little to do with security. From the browser makers to the CAs.

The browsers by default won't warn you if say your US bank's server cert is one day signed by CNNIC (China) while you're in China. Or vice versa.

The CAs (Verisign, Comodo etc) have been known to sign certs that they shouldn't. And the browser makers don't kick those who repeatedly screw up.

Re:All about money not security. (2)

gl4ss (559668) | more than 2 years ago | (#37010252)

exactly.

the few industry experts, who are thinking of how their CA could get more signs will propose the solution where you need to create a cert from their service for every sub domain, and if they could have it per port.

because it's pretty easy to order a cert. all you need is a phone number(and photoshop).

also applies to signed programs, btw, a huge scam on security level - it's just about money, money to CA's to wash some hands.

Re:All about money not security. (1)

u38cg (607297) | more than 2 years ago | (#37010310)

The economics of certificates is fundamentally broken. The person who uses the certificate is not the person that pays for it. Users should pay for access to a CA's certificate, making the CA responsible to the user for the certificates they issue.

Get DNSSEC hosted SSL-keys working (4, Informative)

Anonymous Coward | more than 2 years ago | (#37009174)

When SSL keys can be distributed through DNSSEC, there's no need for CA-granted domain-only certificates. Then you can have just "extended validation" certificates from CAs.

Re:Get DNSSEC hosted SSL-keys working (1)

Anonymous Coward | more than 2 years ago | (#37009542)

Yes, this absolutely the way to go. Really all I care about with SSL authentication is that my communications are being encrypted and going to the machine I think they're going to. DNSSEC is totally sufficient.

Re:Get DNSSEC hosted SSL-keys working (2)

tepples (727027) | more than 2 years ago | (#37010142)

DNSSEC is totally sufficient.

Provided all clients support DNSSEC, which probably won't happen for several years.

Re:Get DNSSEC hosted SSL-keys working (1)

Olmy's Jart (156233) | more than 2 years ago | (#37010200)

Yeah, especially when you have clowns like OpenDNS saying they won't support, or even pass through, DNSsec because they like DNS Curve better. The two standards (and I say that loosely because DNS Curve is NOT a standard and no where close) solve different problem sets but OpenDNS is too dense to realize that.

Re:Get DNSSEC hosted SSL-keys working (3, Informative)

RocketRabbit (830691) | more than 2 years ago | (#37010274)

OpenDNS lives in it's own little ghetto and can be safely ignored as usual.

Re:Get DNSSEC hosted SSL-keys working (3, Insightful)

Anthony Mouse (1927662) | more than 2 years ago | (#37010232)

There is nothing that says you can't use DNSSEC for any clients that support it and certificates signed by traditional CAs for those that don't, until such time as there are so few non-DNSSEC supporting clients that you can do away with the CAs.

You can even put a scary message on web pages for non-DNSSEC supporting clients saying (truthfully) how their computer is insecure and pointing them to a place where they can update their software to support DNSSEC.

They'll just visit your competitor (1)

tepples (727027) | more than 2 years ago | (#37010370)

[Use DNSSEC and CAs in parallel] until such time as there are so few non-DNSSEC supporting clients that you can do away with the CAs.

There are a lot of things that I'm waiting for "until such time as", but I don't foresee "such time" happening within one investment horizon.

You can even put a scary message on web pages for non-DNSSEC supporting clients [...] pointing them to a place where they can update their software to support DNSSEC.

They won't follow that link; they'll just visit the site's competitor. This is true especially in cases where no update to support DNSSEC is available at all for a given platform.

Re:Get DNSSEC hosted SSL-keys working (3, Interesting)

d3vi1 (710592) | more than 2 years ago | (#37010222)

As you pointed out, it's not a fault of TLS as a protocol. TLS is a decent protocol, but the trusted roots part is not the best approach. I really have much better trust in DNSSEC as an approach. I just wish there was a generic way of publishing all keys over DNS (instead of LDAP) for SSH, PGP, S/MIME, SSL and anything else.

Like all One-Size-Fits-All approaches.. (2)

sstamps (39313) | more than 2 years ago | (#37009214)

It needs to go away.

SSL has numerous applications and needs that it serves. What we really need is a graduated system of "validity" which allows for things that don't need the "uber-valid" level of certs to operate.

Secondly, the long-standing ripoff in terms of costs extracted from this system are a symptom of this problem, creating and maintaining a monopoly-level stranglehold on doing things that don't need to cost nearly as much as they do.

Personally, I would prefer a decentralized web-of-trust kind of system for all but the highest level of confidence (maybe even for that, too, but I can envision a necessity to still centralize the absolute top layer).

Web of trust enriches airlines (2)

tepples (727027) | more than 2 years ago | (#37009238)

Personally, I would prefer a decentralized web-of-trust kind of system

Which means that instead of CAs making money, the airlines will, as people will have to fly to key signing parties in order to get their public keys into the global web of trust as opposed to a local one.

Re:Web of trust enriches airlines (0)

Anonymous Coward | more than 2 years ago | (#37009828)

Personally, I would prefer a decentralized web-of-trust kind of system

Which means that instead of CAs making money, the airlines will, as people will have to fly to key signing parties in order to get their public keys into the global web of trust as opposed to a local one.

What part of "web of trust" do you not understand?

Re:Web of trust enriches airlines (2)

tepples (727027) | more than 2 years ago | (#37010106)

What part of "web of trust" do you not understand?

The part where there have to be edges between people in different cities. Otherwise there are multiple disjoint webs, one for each city, not one global web.

Re:Web of trust enriches airlines (1)

sstamps (39313) | more than 2 years ago | (#37010004)

I don't think so. I can easily arrange a secure backchannel method with those I would sign for, free from MITM attacks, where I am as 100% certain as I would be if I were doing it in person with them.

Re:Web of trust enriches airlines (1)

tepples (727027) | more than 2 years ago | (#37010164)

Google backchannel mitm or secure backchannel doesn't appear to turn up anything relevant that I've heard of. Would you please describe in more detail to which method you refer?

Re:Like all One-Size-Fits-All approaches.. (1)

Animats (122034) | more than 2 years ago | (#37009292)

decentralized web-of-trust kind of system

Won't work, as long as spammers and scammers can cheaply create phony entities in the web of trust. It's exactly the same problem as link farms.

Re:Like all One-Size-Fits-All approaches.. (1)

rawler (1005089) | more than 2 years ago | (#37009396)

Could you please elaborate on this?

I'm no expert on the subject, but intuitively it seems like a system where the trust of X is calculated as some kind of aggregation (simple sum?) of the product of all trust-factors, in all the lines between you and X (how much you trust your closest friend, how much he/she trusts the next friend in the chain and so on), including negative trust (banning) could work fairly well?

How would one attack Advogato? (1)

tepples (727027) | more than 2 years ago | (#37010118)

Won't work, as long as spammers and scammers can cheaply create phony entities in the web of trust.

Can you think of a practical attack against, say, the trust metric used on Advogato.org [advogato.org] ?

Re:How would one attack Advogato? (0)

Anonymous Coward | more than 2 years ago | (#37010138)

A practical web of trust is likely to fail if the majority of its members are scammers, and remember scammers are likely to create multiple identities.

Re:How would one attack Advogato? (1)

tepples (727027) | more than 2 years ago | (#37010240)

So in terms of the proof on the Advogato page that I linked, I guess you're saying far more nodes would be confused than good.

I want my free encryption (1)

frooddude (148993) | more than 2 years ago | (#37009308)

I want my free encryption because I don't trust some 3rd party to tell me whether I should trust the web site that I am visiting. Encryption and identity should never have been tied together in the first place. It's unfortunate that this business method has succeeded as long as it has.

Re:I want my free encryption (4, Informative)

SuricouRaven (1897204) | more than 2 years ago | (#37009390)

Encryption and identity have to be tied together. It's a fundamental aspect of the mathematics. If you can't verify identity on an insecure channel, encryption is useless, as you could be taking to a man-in-the-middle who just takes the traffic from each end, decrypts it, snoops, reencrypts with another key and sends it on. The only way to ensure non-modification without a cryptographically authenticated identity is with quantum encryption, and that can only be done if you've got a single continuous strand of fiber from one end to the other. Good for inter-office links, but not for e-commerce.

Re:I want my free encryption (1)

Anonymous Coward | more than 2 years ago | (#37009494)

There are better ways to establish identity than the "word of (a fallible) God" model, though.

A simple and extremely useful variant could simply ensure that the person on the other end is the same one that were on this address the last time.

Another is a net of trust-like model where you ask one or more trusted third parties to confirm that they're seeing the same guy that you are, like the Perspectives [perspectives-project.org] extension does. If done properly this is infeasible to execute a local man-in-the-middle attack against.

Re:I want my free encryption (0)

Anonymous Coward | more than 2 years ago | (#37009586)

> A simple and extremely useful variant could simply ensure that the person on the other end is the same one that were on this address the last time.

This is what ssh does. It's useless for when you have millions of different clients on different nodes, all of whom are very much indeed speaking to the other end for the first time. You could have those clients ask each other, but that question could be intercepted too. And what happens for a new site where there is no P2P network of other clients to ask? You could ask a trusted third party that was pre-seeded, which sounds a whole lot like a CA.

Re:I want my free encryption (1)

Anonymous Coward | more than 2 years ago | (#37009874)

It's useless for when you have millions of different clients on different nodes, all of whom are very much indeed speaking to the other end for the first time.

Which isn't the case here at all. A large part of internet traffic, in particular the one with sensitive information, will be with domains a person has visited earlier.
A MITM has no way to know in advance if the client will recognize that the certificate is fake, which makes it likely that his active attack will be detected. Even the ones that don't immediately notice him will detect that something is up when they later connect to the same domain over a different network.

You could ask a trusted third party that was pre-seeded, which sounds a whole lot like a CA.

Maybe except for the part where site owners have to pay a fee for the privilege of encrypting their users' communications with them, which is a barrier that means a lot of web site owners, in particular people who aren't running their sites for a living, just won't bother.
Security should be by default.

Need an IP per certificate (1)

tepples (727027) | more than 2 years ago | (#37010194)

Maybe except for the part where site owners have to pay a fee for the privilege of encrypting their users' communications with them, which is a barrier that means a lot of web site owners, in particular people who aren't running their sites for a living, just won't bother.

Even if add-ons like Perspectives make use of self-signed certificates practical, there's also the problem that Internet Explorer on Windows XP and Android Browser on Android 2.x don't support more than one server certificate per IP address. This lack of SNI means each domain needs its own IP address, and now that all /8s have been allocated, such hosting is substantially more expensive than bargain basement name-based virtual hosting.

god validation v. group validation (4, Interesting)

Onymous Coward (97719) | more than 2 years ago | (#37009674)

I've been using the following to help me validate certificates:

http://perspectives-project.org/ [perspectives-project.org]

They have a bunch of systems that monitor SSL certs for changes. They call them "notaries". You can run a notary, too.

It helps to make sure the cert you're seeing is what everyone else is seeing and no one is doing a man-in-the-middle attack on you.

MITM between the server and a backbone (1)

tepples (727027) | more than 2 years ago | (#37010208)

Perspectives fails if the server's only connection to the Internet backbone is through a MITM. In this situation, all notaries would see the same MITM'd certificate. It also fails if you're trying to host more than one unrelated HTTPS site on port 443 of the same IP address, as the server won't know which hostname's certificate to present to clients running SNI-less browsers (Internet Explorer on Windows XP or Android Browser on Android 2.x).

Re:MITM between the server and a backbone (1)

Onymous Coward (97719) | more than 2 years ago | (#37010400)

Perspectives fails if the server's only connection to the Internet backbone is through a MITM.

Perspectives alerts you to the changed cert in this scenario. Have you tried it?

It also fails if you're trying to host more than one unrelated HTTPS site on port 443...

Why? I expect the notaries make HTTP requests with the "Host" header.

Re:I want my free encryption (2)

sjames (1099) | more than 2 years ago | (#37009580)

By the same token, If I don't personally know the CA, then nothing they say about identity is at all meaningful. I care very little what random XYZ corp in China says about the holder of key 0xFD5645EB78. What I care about is that that's the same entity I successfully did business with before, whatever their name is.

Frankly, it's just not all that helpful to know that some random entity had the wherewithal to send Verisign a fax with a letterhead (perhaps theirs, perhaps not) on it.

That is, what matters oin encryption is that the entity you're talking to now is the same one you talked to last week.

Re:I want my free encryption (0)

Anonymous Coward | more than 2 years ago | (#37009770)

The idea is you trust the Browser or OS with everything else you do online. So you trust them to make good decisions about which CA's they trust.

To bad the browser makers you want to support as many CA's as possible to make sure you don't get any warnings/errors about unknown-CA.

Doing business for the first time (1)

tepples (727027) | more than 2 years ago | (#37010218)

What I care about is that that's the same entity I successfully did business with before

So when you do business for the first time with a given entity, whom do you trust?

Re:Doing business for the first time (1)

sjames (1099) | more than 2 years ago | (#37010304)

Possibly nobody (leap of faith, start with a small transaction). Possibly a friend who has done business with them. Perhaps some other entity that has a good track record for correctly identifying others. Not some company I've never heard of before in a country I know little about.

It might even be a business that a friend vouches for that itself cannot afford to lose face by referring people to scammers.

One problem is worldwide trust of regional CAs (1)

tepples (727027) | more than 2 years ago | (#37010420)

Perhaps some other entity that has a good track record for correctly identifying others.

I have a name for such an entity: a "certificate authority".

Not some company I've never heard of before in a country I know little about.

Then your problem is with browsers accepting certificates from too many CAs and providing no way to restrict which countries' businesses a given CA is allowed to certify. For example, a CNNIC cert on a business serving the U.S. market should raise a red flag.

Re:I want my free encryption (1)

fyngyrz (762201) | more than 2 years ago | (#37010028)


Encryption and identity have to be tied together. It's a fundamental aspect of the mathematics. If you can't verify identity on an insecure channel, encryption is useless

No. Your base assumptions are wrong. The thing is you can't verify identity. I break into your server. I take your cert. I throw it in my apache directory. I pwn your nameserver. Now, I am you. None of these steps take a rocket scientist.

Or, I break into the user's computer, even less to do. Now I compromise the browser end. It says its talking to party2 --- but it isn't, because I rewrote the browser code; or maybe you're not even actually running the browser, or maybe I'm just stealing your keystrokes, or maybe I physically stole your computer, or I have a gun to your head.

If identity and authority on either end is compromised -- which certs CANNOT protect against -- the channel is equally fouled up. But they can STILL ensure that the intermediate channel itself is free from onlookers, even if one or both ends are wearing bad hats.

What encryption does -- ALL it has EVER done -- is secure the channel between the two servers from INTERMEDIATE spying; it has never secured either end as to identity or authority. The identity function of certs is 100% bullshit -- and it's always been bullshit. No matter what lengths you go to. It's a scam, lies by people whose goal is scamming money from cert users, and you, sir, have been scammed at the most basic level, that is, you're deep into trying to understand the tech when the entire concept was dysfunctional before it even got out the door.

Re:I want my free encryption (1)

Vellmont (569020) | more than 2 years ago | (#37010144)


I break into your server. I take your cert.

It shouldn't come as a surprise to anyone with more than 3 brain cells that if someone breaks into your server, then you're no longer secure.

The identity function of certs is 100% bullshit -- and it's always been bullshit.

If by "identity" you mean that with a moderate degree of reliability that the cert claiming to come from www.johnsonandjohnsoncorp.com was actually issued at some point to the legit owner of www.johnsonandjohnsoncorp.com, then I have to disagree with you completely. It's not perfect though. Cert issuers have issued certs to the wrong entity. There's been bugs in browsers, etc. I'm sure you could smash down my locked door, or pick the lock, but nobody would say locks are "100% bullshit", and merely marketing from lock makers.

If by "identity" you mean that that same cert actually came from Johnson & Johnson, the people who make band-aid brand band-aids, then you're completely correct.

Re:I want my free encryption (1)

Vellmont (569020) | more than 2 years ago | (#37010078)


If you can't verify identity on an insecure channel, encryption is useless, as you could be taking to a man-in-the-middle who just takes the traffic from each end

Useless is a strong word for it. In practice, performing the man-in-the-middle attack is far more difficult than simple passive listening on traffic. So I'd say even an unauthenticated encrypted channel is preferable to one in the clear. Hardly useless.

Re:I want my free encryption (0)

Anonymous Coward | more than 2 years ago | (#37010190)

users of sslstrip would like to have a word with you...

performing a MITM on HTTP SSL traffic is nearly as simple as running Firesheep

Re:I want my free encryption (1)

Vellmont (569020) | more than 2 years ago | (#37010380)

To perform a MITM attack you have to be able to send out data on the channel, and not just be passively listening. This isn't always possible, and represents a higher degree of risk of being caught than a passive listening attack.

You can also buy automated lock pickers that make lock picking relatively easy. Battering rams, crowbars, and bricks through windows are cheap too. Does that mean doors and locks are useless?

Re:I want my free encryption (1)

aaaaaaargh! (1150173) | more than 2 years ago | (#37010378)

Encryption and identity have to be tied together. It's a fundamental aspect of the mathematics.

That's an urban myth that has perhaps been popularized by government employees who have an interest in limiting the use of encryption on the Net. In practice, only a limited number of people can successfully launch a man-in-the-middle attack and an SSL encrypted connection without authentication is more secure than a completely unencrypted connection in almost all usage scenarios.

Also, centralized CAs are themselves relatively untrustworthy.

Re:I want my free encryption (2)

agurk (193950) | more than 2 years ago | (#37009430)

I want my free encryption because I don't trust some 3rd party to tell me whether I should trust the web site that I am visiting. Encryption and identity should never have been tied together in the first place. It's unfortunate that this business method has succeeded as long as it has.

I dont see how you can separate encryption and identity - if you do not know who you are talking to then encryption has no value?

Lets say a man in the middle says - Im your bank, please talk encrypted with me. Then the man in the middle just repeat what you say to your bank until you are logged in.

The download certificate on first meet might provide some security, but would make it difficult to do business with unknown entities.

Re:I want my free encryption (1)

John Hasler (414242) | more than 2 years ago | (#37009588)

Authentication is not identification. In order to trust me to withdraw funds my bank need only know that I'm the guy who opened the account. They have no need to be able to connect my account with my entire life history and all my other accounts. It's the government that wants that.

Re:I want my free encryption (1)

agurk (193950) | more than 2 years ago | (#37009700)

Say you want to check your mail at https://mail.google.com/ - if you do not know if you talk to the entity owning real google.com, then you risk talking to a man in the middle attacker - which may snatch your password pretending to be mail.google.com. So with encryption without identity you end up talking encrypted to anyone wanting to pretend they are mail.google.com.

Or do you have a solution for preventing man in the middle attacks?

Re:I want my free encryption (1)

fyngyrz (762201) | more than 2 years ago | (#37010066)

Certificates in NO way prevent the problem you describe. They simply provide encryption.

The "middle" is anywhere between your fingers and the desired target. I can get in the "middle" with a brain dead keyboard scanner, and steal your stuff, fake your browser, etc, etc. Or at the other end and simply steal the cert from the target server and then spoof the DNS, either in your machine or elsewhere. Certs do NOT provide assurance that you are only (or at all) speaking to who you think you are. They provide, IF actually used (also cannot be guaranteed) encryption of the intermediate channel. That's all they can do, that's all they've ever done, that's all they ever will do.

The idea that the "middle" must be out on the net is misleading and deceptive, does no one any good except those who charge money for a fake service, claiming to provide authorization and ID when in fact, they cannot do so.

Re:I want my free encryption (0)

Anonymous Coward | more than 2 years ago | (#37010266)

That's a very disingenuous argument. Certificates prevent many mitm attacks. There are free CAs if you so despise the ones that charge money (and based on how certificates currently work, it makes little sense to spend any money on one).

Can someone mitm you with a keyboard scanner? Yes. Can someone on he Internet do it without access to your machine? No.

A simple solution is storing certificates, and notifying the user when the certificates change. This means that a mitm attack has to either happen on your first connection, and be ever present to not be detected, or otherwise, you will be notified when something changes.

Re:I want my free encryption (1)

Vellmont (569020) | more than 2 years ago | (#37010410)

You have a ridiculously high standard for protecting against MITM attacks.

What you need to understand is that security has always been, and always will be about making attacks harder to do, not impossible.

Fancy label (1)

TheGreatOrangePeel (618581) | more than 2 years ago | (#37009354)

I like to think of it in the same way that fancy labels like "fair trade" and "organic" make it onto coffee packaging. Coffee growers with money buy the labels so that it is easier to sell to soccer moms who think they're doing good when in reality, they're giving money to people who already have it.

Signed SSL certificates are a fancy (albeit invisible) label that gets slapped onto your encryption so that a silly warning message that doesn't mean much won't appear in the web browser of a soccer mom. She sees the little "lock" icon, doesn't get a confusing certificate warning message, and is happy to make her purchase on the scams-r-us website because, "Golly-gee! It's $800 less on THIS website!"

Granted I only have a fundamental understanding of signed certificates (this is me admitting that my understanding might be flawed), but unsigned, unique private/public keys are just that, unique. Not any more or any less difficult to crack given the equivalent level of signed keys.

I guess the point I'm trying to make is that (tying my thoughts back to the topic) I can't give a damn. I'm going to have to buy the certificate to appease buyers anyway, so debating the future is moot and I might as well put up with whatever changes they decide to make in the future.

Re:Fancy label (1)

Vellmont (569020) | more than 2 years ago | (#37010206)


She sees the little "lock" icon, doesn't get a confusing certificate warning message, and is happy to make her purchase on the scams-r-us website because, "Golly-gee! It's $800 less on THIS website!"

SSL certificates aren't intended to ensure that you're running a legitimate business. How could they? The only function of an SSL certificate is to provide a decent amount of assurance that the cert being presented to you is actually coming from the website displayed in your browsers address window. That in turn means the communication between you, and that server has a high degree of protection from being intercepted by a third party. That's it.

I can't give a damn. I'm going to have to buy the certificate to appease buyers anyway, so debating the future is moot and I might as well put up with whatever changes they decide to make in the future.

What they're debating would likely affect both the price you pay, and the number of certs you'd have to buy. The summary (and no article) doesn't provide much detail. If you believe the summary, then I'd expect prices to rise for a cert, since the "domain only" validation is cheaper. WIldcard certs allow a domain to have only one cert and use it in multiple places rather than having to be issued multiple certs for each subdomain, or differently named server.

SSL (1)

Oxford_Comma_Lover (1679530) | more than 2 years ago | (#37009374)

SSL is useful for defense in depth, but should not be used as a catch-all.

What *should* happen is that a minimum level of certificate should be available, and cheap, that allows secure connections to and from a particular site. A medium level of certificate should be available for e-commerce, and cheap enough for mom-and-pop e-commerce, and should require that all information necessary to identify and report fraud or theft be displayed--even if in small writing--together with a link to reporting instructions on a government website. A high level of certificate should further require the electronic signature of the seller's bank and of the insurance company, at which a seller should be required to maintain a dollar amount of insurance to cover damage to the purchaser due to shoddy seller security or fraud.

Banks which routinely allow fraud use should have their access to the monetary system revoked.

In addition, any company that claims your transaction is secure because of SSL should have their SSL certificate revoked by the certifying organization. SSL makes the connection more secure; it does not make your credit card transaction necessarily safe--but the latter impression is what millions of e-commerce sellers effectively claim.

Non-SNI-savvy clients (1)

tepples (727027) | more than 2 years ago | (#37010398)

What *should* happen is that a minimum level of certificate should be available, and cheap, that allows secure connections to and from a particular site.

Such a certificate is already available. It's called "Go Daddy Standard SSL with a promo code". The problem here is web browsers that don't support more than one distinct certificate on port 443 of a single IP address. These non-SNI-savvy clients include Internet Explorer on Windows XP and Android Browser on Android phones and pre-Honeycomb tablets.

should require that all information necessary to identify and report fraud or theft be displayed

The SiteTruth search engine already requires that businesses display their street address.

Allow multiple signatures! (2)

amorsen (7485) | more than 2 years ago | (#37009402)

Allow a single site to have either multiple certificates or multiple signatures from different providers. This means that important sites could be signed by e.g. both Verisign and Globalsign, so it would be possible for users to remove trust of a provider without losing the TLS protection. Without this, there will never be a free market for certificates and browser makers will have to include root certificates from even the least trustable providers, so it simply HAS to happen. Fortunately it is relatively easy to implement.

For extra points, implement support for off-site certificate stores so third parties can attest to the validity of a particular key. Groups of users could collaborate to verify the certificates of sites, which could create a level of protection against fraudulent certificates from the primary providers. This proposal is much harder to implement securely.

Re:Allow multiple signatures! (1)

guruevi (827432) | more than 2 years ago | (#37010416)

Just because you don't trust a CA doesn't mean you can't build up a TLS/SSL connection. It will just throw a tantrum that the CA is not trusted and ask you if you want to continue. But for most sites that is simply unacceptable so they'll just go ahead and buy a cert from a generally trusted CA.

SSL certificates are not meant to verify identities. They're meant to authenticate hostnames and secure links. If somebody hacks the server and gets the keys to the certificate or replaces the hosted content with something else you still can't blame the CA or SSL.

Governments and banks should take care of it. (1)

Ami Ganguli (921) | more than 2 years ago | (#37009420)

These are oganizations that we already deal with and are in the business of establishing our identities and securing transactions.

When you're paying money on-line, you (or your browser) should sign the payment authorization using your own bank account's private key (provided for free with your account) and the encrypted with the public key for the destination account. The recipient will submit the signed authorization to his bank for payment.

For SSL protection of your web site, the government should issue SSL certificates as a free option whenever they are confirming your identity anyway. For people the obvious touch-points are when you get a social security card, driver's license, passport, or birth certificate. For companies, the certificate should be part of your company registration.

Re:Governments and banks should take care of it. (1, Insightful)

interval1066 (668936) | more than 2 years ago | (#37009504)

For SSL protection of your web site, the government should issue SSL certificates...

Yes, because as we all know governments are the end all of sweetness and light. (Hint, I don't trust my government. I hope you are happy with yours.)

Re:Governments and banks should take care of it. (0)

Anonymous Coward | more than 2 years ago | (#37009938)

Issuing a certificate that can be relied upon as proof of one's identity is very much like issuing a passport or identity card. Perhaps your government can't be trusted to issue passports that correctly identify the bearer, but I'm quite confident that passports from my country are far more reliable than SSL certificates.

CAs have already demonstrated they are not reliable. They invented extended validation to make it appear that the original SSL certificates were never meant to be reliable, but that is nonsense, they weren't reliable because the CAs weren't reliable. Not only governments are able to create a mess. A government can probably be reliable for a lower cost than a commercial entity in this case.

A few countries already integrate digital certificates [wikipedia.org] in their identity cards. Those are for natural persons, of course. In my country proving your corporate identity is facilitated by chambers of commerce. The government assigned the task of keeping the official registry of busineses to them, and every business is obliged to register. It would seem a natural choice to have them handle digital proofs of identity for businesses as well. It's the same task in a different domain.

non-unique common names? (1)

Anonymous Coward | more than 2 years ago | (#37009432)

Of course not. Internal SSL certificates should be what they are, internal. Manage your own CA with WS2K8's CA role or with openssl, and distribute your certificates internally. You do not want hackers to get their hands on a certificate that can be used to breach multiple internal networks that will trust other CAs.

Create a system of "Identity Bonds" (0)

Anonymous Coward | more than 2 years ago | (#37009526)

The capitalist approach : create a system of identity bonds, similar to performance bonds.

Link a bond to a cert or set of certs. Create a cryptographic methodology (easy) to ensure the bonds are in force (through typical issuers).

If the identity of the party is disproven, the bond and linked certs are nullified, and the discoverer is paid.

The greater the bond, the more assurance you have that the identity is real. E.g. MSFT might have a $10M bond, whereas a spammer might have a $10,000 bond.

Etc.

Can it altogether. (4, Informative)

Jane Q. Public (1010737) | more than 2 years ago | (#37009554)

A recent evaluation showed that 80% of sites with certificates did not have them set up properly anyway.

As someone else already pointed out, browsers by default do not even warn you if a site's cert is invalid. Why? Because so many sites had invalid certs that people became intolerably annoyed at the constant warnings and just shut them off anyway.

That same study concluded that there are too many Certificate Authorities today, and they do an inadequate job of validating their customers before issuing certificates. Some CAs issued multiple certs to the same party, others actually issued the same certs to multiple parties! (Definitely a no-no.)

It's a broken system. Not because of bad design, necessarily, but because of the failures of people who administer it.

Re:Can it altogether. (1)

Acheron (2182) | more than 2 years ago | (#37009914)

Just to clarify, multiple certs to the same party is not a problem: as certmaster for a university, hundreds of certs for different CNs have been issued to me.

And yes, I agree it is a broken system: it's a protection racket variant as it currently stands.

Re:Can it altogether. (1)

Jane Q. Public (1010737) | more than 2 years ago | (#37010366)

More accurately, I meant multiple certificates to the same domains. Which I agree is probably not a real problem, except I suppose for keeping things organized.

But a single cert to multiple parties... now that is another matter.

Re:Can it altogether. (1)

tokul (682258) | more than 2 years ago | (#37009974)

As someone else already pointed out, browsers by default do not even warn you if a site's cert is invalid.

And you believed it. Check first. Browsers do warn, if site certificates are invalid. Invalid as in "not signed by trusted authority" or "expired".

Re:Can it altogether. (1)

Jane Q. Public (1010737) | more than 2 years ago | (#37010386)

"And you believed it."

I believed it because it's true. Not absolutely, of course, but it is true for some browsers under some circumstances.

The browser I use most often will warn once, then ask you if you want to be warned again for the same domain.

In most versions of IE, it depends on what "trust" level you have assigned to a particular domain.

And with nearly all browsers, it is common for people to turn those warnings off. Because in fact they are frequent, and they are annoying.

Re:Can it altogether. (2)

Bloodwine77 (913355) | more than 2 years ago | (#37010022)

I use self-signed certificates on pages hosted on my intranet and all the major browsers throw a major fit about them. If I ever have guests over that want to utilize my intranet web apps then they have to approve and add exceptions for my self-signed certs. The browsers act like my certs are shady or suspicious and if I didn't re-assure my guests then they wouldn't have added the exceptions.

I haven't tried going to a site with a domain mis-match or expired cert, but I would assume browsers throw a fit about those too.

Re:Can it altogether. (1)

Jane Q. Public (1010737) | more than 2 years ago | (#37010402)

They do. And I visit sites with self-signed certs, and they bitch about those, too.

There has been talk about giving the option of turning off warnings about self-signed certs. I'm not sure whether that would be a good or bad thing.

Re:Can it altogether. (1)

Vellmont (569020) | more than 2 years ago | (#37010272)


As someone else already pointed out, browsers by default do not even warn you if a site's cert is invalid.

Completely wrong. Browsers have by default warned about invalid certs for years. Versions of Firefox and IE made in the last several years have actually gotten scarier warning messages, and made it more difficult to get to the website without going through a few steps other than just a simple "click here to continue". Expired certs also give warning messages.


That same study concluded that there are too many Certificate Authorities today....

It's a broken system. Not because of bad design, necessarily, but because of the failures of people who administer it.

No, it's a broken system because it's a bad design. The problem isn't "too many certificate authorities". The problem is that the weakest certificate authority spoils the whole system. There's always going to be some bad companies doing something incredibly stupid. There's a slew of different ways we could have a web of trust that would be far more secure than the weakest-link system we have now.

Re:Can it altogether. (1)

Jane Q. Public (1010737) | more than 2 years ago | (#37010422)

"The problem isn't "too many certificate authorities"."

I wasn't giving my opinion about that, I was simply quoting the study, which was discussed here on Slashdot a while back.

"There's always going to be some bad companies doing something incredibly stupid."

And I repeat: that's human error. And I dispute whether we could have a "system of trust" that is very much superior, because every time we have tried to set up a "secure" system, people have ALWAYS been the point of failure.

You can't make something foolproof, because fools are so ingenious. They will find ways to break nearly anything.

Cost is too high (4, Interesting)

karl.auerbach (157250) | more than 2 years ago | (#37009592)

The barrier to entry for a cert authority to be recognized by browsers is too high, as a consequence the price for certificates is too high - it is based on near-monopoly conditions.

Re:Cost is too high (2)

corychristison (951993) | more than 2 years ago | (#37009728)

The last cert I bought was $20 USD (for one year), it was domain only validation but it provides the encrypted level without the bullshit warning you get with a self-signed cert.

Consumers don't care what kind of SSL cert you have, most don't even care if you have one, but those who know the sites you shop on need one, they don't care what kind.

Re:Cost is too high (1)

Anonymous Coward | more than 2 years ago | (#37010248)

You can get free SSL certs (and S/MIME) from startssl, all browsers trust it, only Java SE doesn't

Hypothetically... (2)

girlintraining (1395911) | more than 2 years ago | (#37009606)

Hypothetically, I'd tell them to stop worrying about SSL and get busy rolling out IPv6 where this problem (and several other pressing issues) are solved. But that's because I have an engineering mindset, not a committee one. The answer to "Is this technology out of date or poorly implimented?" is universally yes in my world. Nobody gets it right, and it's a bloody miracle the internet continues to work in spite of its own massive structural deficits.

Re:Hypothetically... (1)

Anonymous Coward | more than 2 years ago | (#37009850)

IPv6 deployment will not solve this problem.

Re:Hypothetically... (0)

Anonymous Coward | more than 2 years ago | (#37010074)

Can't tell if serious?

DNSsec is a better solution to Domain Validation. (5, Informative)

Olmy's Jart (156233) | more than 2 years ago | (#37009608)

Domain Validation (DV) certs are not the same as OV, Organizational Validation, or EV, Extended Validation, certs. Web SSL certs are OV or EV. DV certs are intended to validate that the FQDN is valid (i.e. correctly owned by the domain). This is the job that DNSsec is meant to address in many ways. There's already been public discussion on some of the crypto forums such as mozilla-crypto (ok, for some value of "public" - but it's not a closed list). The DNSsec crowd have asked about putting certificate signatures in DNSsec and the entrenched CA crowd got all up and in arms and huffy about it. But DV certs would just tie the certs to the domain owners, and that's all, which is exactly what can be done in DNSsec. And, yes, we all know, the domain could be faked but that's not the point. The point is to tie a certificate back to the domain owner or not. The OV/EV certs are what validate the organization claiming to own the domain/FQDN. The CA crowd doesn't like the fact that DNSsec can do for free what they can charge money for. DNSsec puts the power totally in the hands of the domain owners (where it bloody well belongs). Now if we could just get certain bloody registrars, like Network Solutions, to let us register our key signing keys, we could get on with things. The root zone (.) is signed. The .org, .net, .com, .edu, and .gov zones are all signed and numerous other ccTLDs are signed. Godaddy and others are reported to be accepting DNSsec registrations. Where is Network Solutions? A sleep at the switch last I looked. And OpenDNS continues to pout, whining "I donwanna... Use DNS Curve or I'm gonna cry." DV certs are a solution in search of a problem and DNSsec is a better solution.

Re:DNSsec is a better solution to Domain Validatio (2, Informative)

Anonymous Coward | more than 2 years ago | (#37009820)

NetSol is Verisign, which is a CA. Of course they aren't excited about DV-equivalents...

CA/Browser forum proposing to weaken EV certs (3, Interesting)

Animats (122034) | more than 2 years ago | (#37009614)

The CA/Browser forum (which is dominated by certificate authorities) is proposing to make changes in the way EV certificates are issued. The changes weaken EV certs.

Existing EV cert policy is that EV certs MUST contain the organization name, its business name and address, and its jurisdiction of incorporation. [cabforum.org] In the proposed draft [cabforum.org] , (p. 13) "Organization name is OPTIONAL".

This essentially makes EV certificates meaningless. The whole point of an EV certificate is to unambiguously identify the business owning the certificate. So if you need to sue, file criminal charges, or send in a collection agency, you know where to send the process server, cops, or collection agents.

(At SiteTruth, our system considers SSL certificates without a business name and address to have no value in establishing the legitimacy of a company. We've always done this for "domain controlled only" certs, and will now do it for EV certs missing a business name or address.)

Does it even matter? (1)

MacTO (1161105) | more than 2 years ago | (#37009664)

I am under the impression that these certificates are supposed to verify the authenticity of the host that you're connected to. Yet when I asked a major bank who issued their certificate, never mind to verify the authenticity of the certificate itself, they didn't have a clue what I was talking about. In that case, what's the point of them? I am still subject to man-in-the-middle attacks after all.

Certificate Servers should decentralize on DNS (1)

MatthiasF (1853064) | more than 2 years ago | (#37009792)

A certification authority should be assigned inside of a domain's DNS to a particular IP or range of IPs for redundancy. Those certification servers can either be internally controlled by the owner of the domain or handled by a trusted third party like the current CA providers.

When a client validates a certificate, it would double check the certificate received came from a trusted source listed on the DNS cache on the local computer and then remotely on a trusted source provided by the client maker, a set of standard trusts (like the current major certificate authorities) or custom sources setup by the client's user (for private local domains and such).

The client can then check the certificate against one of the other certification servers listed on the DNS (can require two IPs like most name servers) for validation. If the certificate isn't listed with any of the CA peers, the CA peers don't recognize the certificate's CA or if the DNS information between the two checks are different, the certificate would be considered invalid.

SSL is for secure transactions (1)

neurosine (549673) | more than 2 years ago | (#37009878)

SSL certainly does matter when you want to perform a secure transaction with confidence. It should remain optional though. There are enough loops and hoops to jump through to create a reliable domain from which you can send email. SSL would, if mandated, become a problem for millions of current domain admins, especially if you have to pay for a complete version, and it's a commodity product. Quite expensive for people who do not have a commercially focused domain. I think a healthy ptr record in your DNS should be sufficient for most intents and purposes....and the use of SSL has far surpassed the need for it. So it's important in some instances, but not required in most. You shouldn't have to have it to run an email server, but it's a good option if you'd like an added level of security.

Domain-name-only certificates (2)

Todd Knarr (15451) | more than 2 years ago | (#37009924)

We do need a class of certificate that simply verifies that we're talking to the host we expect to be talking to (ie. that the name of the host using the certificate matches the name of the host in the URL). That's sufficient for encryption-only purposes, where I'm using SSL not to validate the remote end's identity in any way but merely to prevent eavesdropping on the data stream by third parties. DNSSec addresses some of that, but it doesn't provide the encryption layer that SSL does.

Bluntly put, there's a lot of cases where I don't care about the absolute, real-world identity of the entity I'm talking to, only that I'm talking to the same entity every time. Think the Dread Pirate Roberts.

Re:Domain-name-only certificates (1)

Anonymous Coward | more than 2 years ago | (#37010342)

"DNSSec addresses some of that, but it doesn't provide the encryption layer that SSL does."

DNSSec + self-signed DV certificates do provide the required encryption+identification. If you put a self-signed certificate in your DNSSec record, there's no way a man-in-the-middle can fake it.

Re:Domain-name-only certificates (1)

Olmy's Jart (156233) | more than 2 years ago | (#37010344)

And how is this (which requires to pay money to a CA) any better than certs with the key fingerprints / signatures in DNSsec (which is free)?

The only "fix" for this is legislative (0)

Anonymous Coward | more than 2 years ago | (#37009994)

Make it illegal to ship a browser that accepts improperly configured sites, and remove CA's from the market if they are found to have deliberately issued certs who's purpose is intercepts. "Honest mistakes" are tolerable but cert's with 100+ SAN's ?.
Make it illegal to intercept/proxy SSL - even in the corporate world - block is fine, intercept is not.
You'd be amazed how many corp's quietly intercept and inspect SSL traffic.

Fixing the browser fixes 90% of the site problems, if customers can't connect they'll fix the problems or go away.

No more self signed? (1)

Torp (199297) | more than 2 years ago | (#37010030)

For my private webmail that only I use (read: general purpose internal use thingies), a self signed - and expired - certificate is as good as one signed by some incompetent CA. And much cheaper.
It has been sufficiently demonstrated that the current certificate authorities aren't worthy of much trust. Just like the USPTO :)

Encryption is Better Than Cleartext (1)

inglorion_on_the_net (1965514) | more than 2 years ago | (#37010186)

One of my pet peeves with SSL is the ominous warnings that are presented when the certificate is not signed by a "trusted party".

First of all, I think it is useful to have encryption, even if you don't verify the identities of the endpoints.

Secondly, there are often more ominous warnings for SSL-without-verification than for cleartext communication. This seems backwards to me.

Thirdly, if you look at the trusted parties, there is often a list which includes many organizations most users have never heard of, let alone really have a basis to trust. Some trusted parties actually have rather troubled histories.

I think it is good to think about how to make our communications more secure. Particularly, users often expect their communications to be private; only known to themselves and the intended recipient. I think we should work to make protocols actually behave that way, and SSL could be a part of this. Which means we need to critically evaluate SSL, too.

SSL has never been "the answer" (1)

HogGeek (456673) | more than 2 years ago | (#37010236)

It was a solution to two separate problems:

Secure the communication and ensure the identity.

It works for securing the communication, we need a better solution for ensuring identity.

Note: If I had the answer, I wouldn't be "here"...

Honesty Box Security (1)

the_other_chewey (1119125) | more than 2 years ago | (#37010340)

Certificates are good for encryption. That's it. With the insane amount of "trusted CAs"
that come pre-trusted with every browser nowadays, that's all that is possible.
Hoping to achieve anything beyond that is naive.

From a very insightful talk [auckland.ac.nz] about the topic:

SSL certificates provide honesty-box security

Use a $495 Verisign certificate
– People will come to your site
Use a $9.95 budget CA certificate
– People will come to your site
Use a $0 self-signed certificate
– People will come to your site
Use an expired or invalid certificate
– People will come to your site
Use no certificate at all, just a disclaimer saying that you’re secure
– People will come to your site
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...