Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

SSL Certificate Authorities vs. Convergence, Perspectives

timothy posted more than 2 years ago | from the with-moxie-marlinspike-as-guy-fawkes dept.

Communications 127

alphadogg writes "With all the publicity about breaches of SSL certificate authorities and a hack that exploits a vulnerability in the supposedly secure protocol, it's time to consider something else to protect Internet transactions. If only there were something else to turn to. Protecting SSL and its updated version TLS is vital because they support most e-commerce transactions by setting up end-to-end encrypted sessions that are authenticated, and that requires certificates that are verified by certificate authorities. One new model for authentication is called Convergence, and it similar to one being trialed at Carnegie Mellon University called Perspectives. Rather than trusted third parties whose trust can't be assured, SSL/TLS authentication would rely on a reputation system of verification."

cancel ×

127 comments

Meh (1)

Anonymous Coward | more than 2 years ago | (#37961994)

It's not even worth getting the first post anymore. Slashdot sucks.

No, this is actually very interesting. (0)

Anonymous Coward | more than 2 years ago | (#37962140)

After the long string of submissions about Apple, cloud computing and disruptive innovation, this is actually extremely interesting.

Re:Meh (0)

Anonymous Coward | more than 2 years ago | (#37962220)

Is your comment related to the state of slashdot or to your personal development?
In other words: Was it generally worth for a person to get FP on slashdot in the past or was it worth it for you specifically?
Whichever the case, what is it that has changed with slashdot and/or you?

Re:Meh (0)

Anonymous Coward | more than 2 years ago | (#37962968)

every thing Rupert Murdoch buys gets turned into a political propaganda machine. The NeoCons are pushing this new verifications system which offers no increase in sucurity yet it'll log all your transactions.

Re:Meh (0)

Z00L00K (682162) | more than 2 years ago | (#37963758)

As do the concept of Certificate Authority.

The CA means that you need three parties involved to set up an encrypted channel and lately it has been shown that the reputation of a CA can go down the drain faster than the flush of your #2 in an airplane toilet.

Effectively this means that there's a need for a new way of working when it comes to secure communication.

As I see it - the security risk increases exponentially with the number of parties involved in a secure communication. So it's a case of the old saying "Three can keep a secret if two are dead."

Re:Meh (1)

Wild Wizard (309461) | more than 2 years ago | (#37963794)

As I see it - the security risk increases exponentially with the number of parties involved in a secure communication. So it's a case of the old saying "Three can keep a secret if two are dead."

So the solution is a reputation system ????
How do we get a reputation level for a site ????

Catch 22 here I think.

FYI For those who didn't bother to read the links in the article the proposed systems increase the number of parties involved

Re:Meh (2)

Znork (31774) | more than 2 years ago | (#37963980)

Increasing the number of parties involved is the point; they have to agree to clear a site.

As it is, even besides getting hacked, there isn't a registrar that won't hand over false keys to any security agency in a country they're based. But it might be a bit more difficult for one party to lean on notaries in the US, Russia, China and Switzerland at the same time. Once they don't agree, you know that there's something going on.

Re:Meh (0)

Z00L00K (682162) | more than 2 years ago | (#37963764)

First Post is only valuable if it has something useful to say related to the original article and you aren't posting as an AC.

oh look (0)

wmbetts (1306001) | more than 2 years ago | (#37961996)

this story again.

Re:oh look (1)

impaledsunset (1337701) | more than 2 years ago | (#37962110)

So, you're frustrated that we are still talking about a serious issue that we haven't yet resolved? If it bugs you so much, do something that would help in solving it faster. The people who offer the solutions linked in the summary are doing something, and although I'm hesitant we should choose them, they have presented two options. What have you done?

Re:oh look (1)

wmbetts (1306001) | more than 2 years ago | (#37962292)

No I'm not frustrated that people are still trying to solve this problem. I'm frustrated at the exact same topics showing up almost weekly on slashdot. As far as what have I done? I've done exactly what everyone else on slashdot as done, jack shit. If we're lucky we have 2 people that will even see this article and have any ability to influence any change. Even if we (slashdot) did have some sort of godly internet powers that let us (slashdot) influence changes on the internet we wouldn't even be able to agree on what to change.

Re:oh look (0)

Ethanol-fueled (1125189) | more than 2 years ago | (#37962718)

The problem is that all of the dry lightly-technical but uninteresting "junk" stories are saved for Friday and Saturday evenings, while people like me who would enjoy real intellectual stimulation but have no lives (actually, I almost died in a car accident at the hands of a drunken madman last night, then kicked his ass in a hotel parking lot, but life is overrated like that anyway) are becoming twitchy for action.

Droll, insignificant content - check.
Hordes of pimply-faced drunkards, stoners, and chronic masturbators with nothing better to do - check.
2 to 4-post allowance before the mods bomb you into banville for the night - check.
Goatse links- check.
GNAA - check.

Locked, cocked, and ready to rock.

Re:D`oh, well have look (0)

Anonymous Coward | more than 2 years ago | (#37963622)

surely your powers would enable you to UNhide post #37959484

Re:oh look (1)

jbolden (176878) | more than 2 years ago | (#37964522)

Actually slashdot people do have the ability to influence change. A huge percentage of e-commerce sites are written, managed or heavily influenced by people with at least one slashdot regular reader.

Re:oh look (1, Funny)

Anonymous Coward | more than 2 years ago | (#37962302)

this story again.

Indeed. It's time we moved to new stories. Why do we keep mulling these tired old ones and zeros with the algorithms and the networks and their mathematics. Hasn't Slashdot beaten this intercomputing story to death yet? What about homestyling? What about Riverdance? Do you know how hard it is on the toes and the knees to do that jumping and vibrating? Did you know that the dance is not called Riverdance, but that that is just the name of that particular theatrical show of traditional Irish jumping and vibrating?

Re:oh look (2)

fluffy99 (870997) | more than 2 years ago | (#37963160)

this story again.

Yup, another summary that doesn't understand the difference between using a cert for authentication and using SSL/TLS to encrypt the connection. If using TLS with Diffe-Hilman key exchange, the connection is securely encrypted regardless of whether an attacker has the servers private key.

Re:oh look (1)

Kjella (173770) | more than 2 years ago | (#37963748)

Yup, another summary that doesn't understand the difference between using a cert for authentication and using SSL/TLS to encrypt the connection. If using TLS with Diffe-Hilman key exchange, the connection is securely encrypted regardless of whether an attacker has the servers private key.

Sure, but does your "securely encrypted" connection go to the server or a MITM the attacker has set up? When you've got no idea who's at the other end, it doesn't matter much that the line is encrypted. It would be a generally good practice to use SSL/TLS everywhere even without authentication because then you can't simply store traffic for later, you have to actively intercept and run a MITM attack in real time. It's better than nothing but is by no means secure and should not be treated as such.

Botnets? (0)

Anonymous Coward | more than 2 years ago | (#37962002)

So, botnets then weave a web of trust so their illegaol sites look more offical then the real ones?

Re:Botnets? (1)

Ayourk (1125735) | more than 2 years ago | (#37962040)

Its all part of implementation. Look at how eBay has done it. There are Captchas and the like last I checked for this sort of thing.

Re:Botnets? (0)

Anonymous Coward | more than 2 years ago | (#37962952)

Either that or small sites are at the mercy of whatever bunch of idiots control large facebook groups or in fact anyone.
Any nutjob with a chip on their shoulder like those at Westboro could destroy trust in anyone they dont like.

The only reason ratings almost work on ebay is that generally theres little incentive to screw the system. It does happen though and the
proof is that you can buy good feedback on ebay through various means.

Re:Botnets? (1)

DarwinSurvivor (1752106) | more than 2 years ago | (#37963966)

Yes, but it would be interesting to watch a "ratings" fight between 4chan and Google. Set them on each other and see which one gets red-flagged first!

Reputation system (2)

Ayourk (1125735) | more than 2 years ago | (#37962016)

Reputation systems seem to have worked quite well for eBay and other similar sites, I don't see why it can't work for some sort of SSL.

Why use a reputation system? (2)

impaledsunset (1337701) | more than 2 years ago | (#37962088)

A reputation system is good if you have a distributed anonymous network of sites, and it will perhaps do a great job there. But it has the potential to be abused and it is way too complicated. Why not go with something simpler?

1. Use the DNS CERT record and ensure that we use dnssec with all zones up to the root signed (or another DNS security scheme).
2. Remember the last certificate and warn the user every time when it changes. Notify the user that he should signal for an issue if it changes too often.

Of course, that's vulnerable of the root servers are cracked, but if that happens, you're fucked anyway. It's much more difficult to exploit than multiple certificate authorities which sign certificates when you have *no* way to detect a failure on their part.

I heard that there could be issues with dnssec, but there are also solutions offered, so, why go with something far more complicated?

Re:Why use a reputation system? (1)

WaywardGeek (1480513) | more than 2 years ago | (#37962308)

Of course, this isn't really what people are thinking of, but what if we went to a BitCoin model? If all we are trying to do is prove who we are, which is much different than proving we are trustworthy, then a P2P system based on proved work should fit the bill.

In case you're like most slashdotters and don't know how these systems work, well it's super cool. All they do is sign ledgers of transactions with a special proof of work, which is simply a random number attached to the transaction log which causes the SHA-256 signature to start with a bunch of zeros. Obviously, you'd have to look damned hard to find such a random number, thus you've proved you worked hard. Can't we use a system like that which has proven secure for million dollar transactions?

Re:Why use a reputation system? (1)

Cyberax (705495) | more than 2 years ago | (#37962992)

BitCoin is bad because it doesn't have provisions to revoke a certificate. If I somehow steal your BitCoin wallet then I have full control over your certs.

And since BitCoin is distributed and anonymous - no court decision can help you.

Re:Why use a reputation system? (1)

justforgetme (1814588) | more than 2 years ago | (#37963836)

RL money worked like this for centuries. Then banks and governments tried to """"regulate"""" it and look where that got us?

Re:Why use a reputation system? (1)

Cyberax (705495) | more than 2 years ago | (#37963858)

_Cash_ worked like this for centuries. That's PRECISELY a major reason why banks (a trusted third party for transactions) have been invented.

Re:Why use a reputation system? (1)

Anonymous Coward | more than 2 years ago | (#37962310)

http://blog.thoughtcrime.org/ssl-and-the-future-of-authenticity

Re:Why use a reputation system? (0)

Anonymous Coward | more than 2 years ago | (#37962412)

What about a completely distributed trust from the "grassroots" up?

Couldn't we just connect everyone into some sort of decentralied global network and then everyone could weigh in about trustworthy nodes.

We could have private and public cryptographic "keys" to verify identity and we could sign each others keys and we could get information about how many people have recently verified that a particular public key still seems legit?

Can't it all be decentralized (if not now, due to technical and/or cultural reasons, then in the near future)?

Re:Why use a reputation system? (0)

Anonymous Coward | more than 2 years ago | (#37962742)

Nope. Trouble is, you have to choose between way too much effort from users (which means no wide-scale adoption) or your public-key network just verifies computers, not users and their legitimate SSL connections (which means botnets legitimizing phony SSL certs).

Re:Why use a reputation system? (0)

Anonymous Coward | more than 2 years ago | (#37962904)

Well, not everyone would have to be part of it. The lazy users could remain lazy users and do nothing, while anyone wanting to paticipate could do so, and well known big players like "respected" companies could be in it too (having a department overseeing their trust handling, probably for reasons of it being an expected thing to do and a culture (now I'm talking somewhat future here) of not liking a big company that hasn't got their trust-department in order.

You could see the raw data and decide for yourself how much weight you'd like to give different players, but even at everyone set to the same priority, botnets and shady players could get thwarted by croudsourcing.

If you need solid trust, as stable as debian, you'd look at the big picture of long term of certification by the biggest, most trustworthy players as well as millions of individual end users (without disregarding sudden recent fluctuations, of course), and for an agile view of new stuff, you'd get fewer results, but with an infrastructure and culture in place you'd still not be guessing completely about this new site or whatever. Sure, it could be gamed somewhat in the early stages, just like slashdot comments, but it would still be better than nothing even in pretty much real time.

Re:Why use a reputation system? (1)

DarwinSurvivor (1752106) | more than 2 years ago | (#37963976)

Ok, so you start up a small business, or even a personal site. Now how do you get enough "signers" to verify you that you can't be shut down by a 30 second 4chan raid?

The day SSL is decentralized is the day 4chan becomes the only trusted website on the internet.

Re:Why use a reputation system? (0)

Anonymous Coward | more than 2 years ago | (#37962520)

2. Remember the last certificate and warn the user every time when it changes. Notify the user that he should signal for an issue if it changes too often.

I had an addon for Firefox that did that(at least the first part). For some changes it made since (last visit the cert was to expire in 30 days. This visit 10 days later there is a new cert), but others didn't make sense. ( I was at the site the cert would expire in 300 days. 2 days later I visit and site has a different cert).
What was happening with the second example(at least what I think was happening): ssl.mysite.example.com points to several servers(say a round robin DNS or something), and each one of them has their own SSL cert rather than having the same one duplicated.
I was getting the "hey the cert changed without any good reason" all the time for some large site (don't remember which one).

Re:Why use a reputation system? (1)

MSG (12810) | more than 2 years ago | (#37963968)

Why not go with something simpler?
1. Use the DNS CERT record and ensure that we use dnssec with all zones up to the root signed (or another DNS security scheme).

...because that's the same as the system we have now. If the CA that signs DNSSEC is compromised, then the whole system is broken.

If a notary is compromised, we can replace that notary and be done. If a CA is compromised, we have to replace the CA and every active cert in the world that they've signed.

Re:Reputation system (0)

Anonymous Coward | more than 2 years ago | (#37962116)

The only quality assurance you get on eBay is the fact that each "point" has to be bought from eBay, which makes cheating too expensive to be worthwhile. It doesn't have the reputation system you're looking for.

Re:Reputation system (0)

Anonymous Coward | more than 2 years ago | (#37962446)

Reputation systems are hard to understand for the average person. If everyone had the intelligence of mandelbr0t then yes it would be a good idea, but unfortunately there's only one of him.

Re:Reputation system (1)

gnapster (1401889) | more than 2 years ago | (#37962680)

I can steal someone's identity once out of every thirty times and still get 97% positive feedback.

Re:Reputation system (0)

Anonymous Coward | more than 2 years ago | (#37962746)

Once you steal their identity why not leave positive feedback for yourself?

Re:Reputation system (1)

terrox (555131) | more than 2 years ago | (#37963906)

True, but he means "rip off a customer" I think.

Re:Reputation system (3, Interesting)

hedwards (940851) | more than 2 years ago | (#37963146)

EBay doesn't have a reputation system. A reputation system requires that parties be able to add or subtract from the feedback based upon their views. There will be a few that don't match or are wrong, but over time the values will tend to reflect reality.

With eBay, they don't let sellers leave negative feedback anymore and as a result the whole system is badly flawed and tends to just reward bad behavior by buyers.

Re:Reputation system (0)

Tomato42 (2416694) | more than 2 years ago | (#37964052)

Obligatory xkcd: http://xkcd.com/937/ [xkcd.com]

So why do I trust the notaries? (2)

pathological liar (659969) | more than 2 years ago | (#37962102)

These systems depend on notaries, why do I trust them any more than the CAs? The Perspectives notaries are... AWS and a handful of servers from a single American university (MIT)

Not exactly diverse.

Re:So why do I trust the notaries? (1)

Anonymous Coward | more than 2 years ago | (#37962194)

The Convergence notaries are whoever you pick, who is running a server. And the server code is free and open source, so anyone could be one. In other words, you trust the notaries because you trust them, not because you are required to trust them.

Re:So why do I trust the notaries? (1)

0123456 (636235) | more than 2 years ago | (#37962316)

In other words, you trust the notaries because you trust them, not because you are required to trust them.

So how am I supposed to know who to trust?

Re:So why do I trust the notaries? (1)

Yaur (1069446) | more than 2 years ago | (#37962524)

your browser and/or OS will ship with some defaults... most people will just use those.

Re:So why do I trust the notaries? (-1)

Anonymous Coward | more than 2 years ago | (#37963112)

exactly.

"Everything will look exactly the same, and you'll never get a self-signed certificate warning again."
http://convergence.io/details.html

uhhhh, oooKayy... So, do tell me, why do these warnings exist if we DON'T want them?

I just dicked around with this, and whatever I setup in less than 15 minutes is completely trusted, as the notaries trust the (current) root CA's. Just Super.

Nothing to see here (and, you're now generating bitcoinz'es for me)...

Re:So why do I trust the notaries? (1)

Tomato42 (2416694) | more than 2 years ago | (#37964064)

Because Verisign has to make money.

Or tell other probable reason why all browsers go into "all alert mode" when they see a self-signed cert but show nothing when the connection is pain HTTP?

Re:So why do I trust the notaries? (1, Insightful)

Paradigm_Complex (968558) | more than 2 years ago | (#37962224)

One of the fundamental differences is that if some but not all notaries are comprimised you'll be able to know something is up. With CA's, if one is compromised, that alone could be used to MITM between you and just about any website.

Another is that you don't have to trust any particular notary. You can add/drop them quite easily. With CA's, however, if you chose you don't trust a CA you can't really be confident you're not being MITM'd at any website which has that CA sign their cert.

Basically, with notaries, you don't really have to trust any one in particular. You just have to have some that you do trust. Not even that, actually - you just have to trust that from the pool of notaries you're using not all are comprimised. Presumably if people support this, more notaries will become available and you'll get the diversity you want. Well, hopefully.

A more pertinent issue with Perspectives, as I see it, is that if someone MITM's very close to you (think the people who own/control the AP you're connecting through at a hotel), they could MITM *all* of the notaries as well. With the CA model, so long as the location you got your browser/certs/OS was from was secure - and all of the CA's are reliable - you're fine even through an evil hotel connection.

Re:So why do I trust the notaries? (3, Insightful)

Junta (36770) | more than 2 years ago | (#37962322)

A more pertinent issue with Perspectives, as I see it, is that if someone MITM's very close to you

Ditto on the other side. It's impossible to distinguish a valid key change from an invalid one. Since the people attesting to the authenticity of a certificate have zero 'special' interaction, it remains feasible to fool them. It basically throws the baby out with the bathwater. The problem by and large is any singular CA can attest for any thing it feels like. A better approach would be:
-DNSSEC secured results enumerating the CAs the site selected to secure the domain. If DigiNotar signs yourdomain.com and your DNSSEC says 'Thawte', then there is an issue.
-Multiple CAs signing a certificate. If you have 3 or so CAs (all listed in your DNSSEC record of course), then compromising all three would be required to compromise your security.
-A positive OSCP response should be required. Currently, even when OSCP is checked, if some return indicates 'general error' or 'try again later', that's taken as good enough.
-Having a reputation system as an extra measure makes sense. Perhaps https without a 'padlock' given a positive reputation based read in absence of anything else, and if reputation and CA both check out, grant the visual indication of secure.

Re:So why do I trust the notaries? (2)

GrievousMistake (880829) | more than 2 years ago | (#37962806)

-DNSSEC secured results enumerating the CAs the site selected to secure the domain. If DigiNotar signs yourdomain.com and your DNSSEC says 'Thawte', then there is an issue.
-Multiple CAs signing a certificate. If you have 3 or so CAs (all listed in your DNSSEC record of course), then compromising all three would be required to compromise your security.

What does this gain you over storing the cert signature itself in DNSSEC?

Since the people attesting to the authenticity of a certificate have zero 'special' interaction, it remains feasible to fool them.

Nothing prevents a notary from taking extra steps to verify the authenticity of a certificate. That is one of the advantages of the concept: other methods of authentication can be added in a modular way.
In some ways the notary system gives you the security of the strongest of the notaries you trust, and the CA system gives you the security of the weakest of the CAs you trust.

Re:So why do I trust the notaries? (1)

Tomato42 (2416694) | more than 2 years ago | (#37964074)

What does this gain you over storing the cert signature itself in DNSSEC?

You get to know all the CAs the other party chose to trust, not one.

Re:So why do I trust the notaries? (1)

MSG (12810) | more than 2 years ago | (#37963932)

A lot of people suggest DNSSEC as a component of replacing CAs, but overlook that DNSSEC requires CAs to function. If the problem is that you can't trust anys given CA, then a replacement has to be independent of CAs.

DNSSEC can't be a component of a system that doesn't trust CAs, which is exactly what Convergence aims to be.

Re:So why do I trust the notaries? (0)

Anonymous Coward | more than 2 years ago | (#37964204)

The problem with current CAs is that they pass out credentials for entities they don't control -- a single, central authority attests to the validity of any site on the Internet, so if you can fool that entity even for a moment you can get false credentials. By providing a delegation chain DNSSEC allows each entity to authenticate only systems that you directly control -- the DNS root attests to the validity of the .com delegate, the .com delegate attests to the validity of the .sample.com delegate, and .sample.com can publish their own certificate hash for www.sample.com.

A compromise in that chain would be equivalently compromising traditional DNS; you can do it by stealing someone's registrar account or somesuch, but it's not the kind of attack we worry about because they necessarily break any protection you can get against MitM short of out-of-band previously-arranged authentication, and it's the sort of attack that's readily noticed and stopped (and proper management of your DNSSEC signing key can make such attacks even more difficult than they are currently).

Re:So why do I trust the notaries? (2)

GrievousMistake (880829) | more than 2 years ago | (#37962730)

if someone MITM's very close to you (think the people who own/control the AP you're connecting through at a hotel), they could MITM *all* of the notaries as well

The communication with the notaries is in all likelihood encrypted and signed with predistributed keys, similar to CA certificates today. That's not a large problem, because ultimately you have to trust the software you are running anyway.
That still retains all the benefits over the CA system that you mention; you get multiple points of trust that all have to be compromised, and if one is compromised you can distrust it with minimal consequences.

Re:So why do I trust the notaries? (0)

Anonymous Coward | more than 2 years ago | (#37962564)

You shouldn't trust them. According to mandelbr0t [slashdot.org] (praise his name) you shouldn't trust anyone, because the chances of them being a drooling idiot are pretty good.

Re:So why do I trust the notaries? (1)

swillden (191260) | more than 2 years ago | (#37963228)

These systems depend on notaries, why do I trust them any more than the CAs?

Individually, you don't. However, if a set of them give you the same answer, then you have reason to trust them more. And if one of them gives you a different answer, you don't trust any of them at all.

Re:So why do I trust the notaries? (1)

sjames (1099) | more than 2 years ago | (#37963312)

You don't. However, with SSL as it stands, you are more or less forced to take a leap of faith based on the word of a single arbitrary CA that you don't really trust. Subverting any of the many CAs out there is good enough to pull off an attack.

In the proposed systems, several notaries will weigh in, and if they disagree, there's a big red flag.To pull off an attack with certainty, the bad guy would have to subvert all of the notaries.

Re:So why do I trust the notaries? (3, Informative)

MSG (12810) | more than 2 years ago | (#37963922)

Notaries are no more trustworthy than CAs; the advantage is what Moxie Marlinspike calls "trust agility". See, if a CA is compromised, users cannot easily stop trusting the CA. The big CAs simply have too much influence. Drop a major CA, and a significant percentage of the internet's certs are no longer valid. The economic costs of replacing a CA are tremendous.

If a notary is compromised, no big deal. Notaries can be dropped and replaced without any noticeable consequence. Notaries can be just as effective as CAs, with the advantage that they can be easily replaced.

Won't work (5, Insightful)

Baloroth (2370816) | more than 2 years ago | (#37962108)

Any reputation system that doesn't rely on some central authority to issue it can and will be gamed by crackers. With massive botnets and the like there is simply no way to rely on any number of "individuals" to issue correct information. The only way around this is to have some central authority say "your opinion matters and yours doesn't." Voila, you have the present system.

For unimportant things or things so unimportant the difficulty makes the problem not worthwhile, a distributed reputation system works. Someone above mentioned Ebay. This system works because the rating of individual sellers, while important to them, isn't terribly important to all that many people, and the system is rather difficult for an individual to game. But for a distributed SSL certificate network, not only is the incentive there, but the people involved are massive and extremely technologically sophisticated.

Convergence is unfortunately not the answer. Sure, you can say "I only trust this Notary", but how do you know that Notary is even who you think it is? You can't. The only way is if you have centrally distributed root certificates... and again, same problem you have now. Ultimately, the only real way to get guaranteed SSL security is to call up the bank/ whatever and manually verify the fingerprint. Or get the key on a USB drive at the bank. There simply isn't an easy solution.

And you won't get your average Internet browser to change. People conducting MITM attacks generally aren't concerned with people who are really security conscious. If they actually are conducting targeted attacks against you, then you should have much better security in place. Since most people simply won't switch, even if Convergence was 100% effective it wouldn't matter. Most SSL attacks would still take place just fine.

Re:Won't work (0)

Anonymous Coward | more than 2 years ago | (#37962268)

Convergence is unfortunately not the answer. Sure, you can say "I only trust this Notary", but how do you know that Notary is even who you think it is? You can't. The only way is if you have centrally distributed root certificates... and again, same problem you have now. Ultimately, the only real way to get guaranteed SSL security is to call up the bank/ whatever and manually verify the fingerprint. Or get the key on a USB drive at the bank. There simply isn't an easy solution.

Why is it that you could not do this same task on a finite number of notaries? As it seems was your point, checking every site manually would be infeasible. It is not, however, infeasible for checking a half-dozen notaries, once. In fact, could you not accomplish the same with only two notaries manually verified, then use those two to verify others until you reach a satisfactory number?

To your last point, I believe that the purpose behind both Perspectives and Convergence is as a system that did not require any participation by an end-user who didn't care. Mozilla could roll out Firefox using Convergence with a pre-defined notary list, and most users would never notice or care. A static notary list is at least as effective as a central authority, likely more-so.

Re:Won't work (0, Interesting)

Anonymous Coward | more than 2 years ago | (#37962388)

Any reputation system that doesn't rely on some central authority to issue it can and will be gamed by crackers.

That is so deeply deeply wrong. Any system that relies on some central authority will be abused by that central authority. Politics, moderators in every forum on the net, Wikipedia, you name it. Including people here moderating more on if they agree than on anything else. This is not my personal theory but well-known in psychology.
The first problem is, that the type of human who is striving to be an authority, by definition is focused on himself, including his benefits, over those of everyone else.
And the second and worse problem, is that there is no such thing as a "absolute" or "central" "authority". Authority, if anything, is defined through being respected and trusted. That is a personal thing. I can tell you that I trust person X all I want. As long as you trust me, that won't mean you trust him. Now replace me with Mozilla and person X with a CA. The impose authority they never earned. That is just plain wrong and the opposite of how a healthy community works.

Of course replacing a single untrustworthy "authority" by a crowd of untrustworthy "authorities" won't work, and you are right that it would probably make things even worse. Wikipedia's history of admins abusing their power is a good example of this not working. But just look at the results of elections, and you know why one can't trust the general public. ;) (Doesn't mean anybody is wrong. It's just that one's good is the other one's bad and we are way too diverse to form one harmonizing community.)

If anything, the only system that will ever work, is one that finally acknowledges that the whole thing is relative to the individual. A web of trust. Yes that means that people who choose the wrong people to trust, can be abused. But at least the can make that choice at all. Compared to having the choice made for them. And sorry, if you give a crook power of authority to deal with your bank on your behalf (which is the equivalent to trusting a bad certificate validator for a bank), it’s your own damn fault and it's supposed to hurt.

Errata (Please read before moderating) (0)

Anonymous Coward | more than 2 years ago | (#37962780)

Oops, I meant:
- The first problem is, [...]. Putting him in there and telling him to be a altruistic servant is the opposite of his character and won't work.
- As long as you don't trust me, that won't mean you trust him.
- They impose authority they never earned.
- But at least they can make that choice at all.

Yes, I proofread. I think... ^^

Re:Won't work (1)

thegarbz (1787294) | more than 2 years ago | (#37963730)

Any reputation system that doesn't rely on some central authority to issue it can and will be gamed by crackers. ...

My understanding was that these systems did not take the place of the CA as verifying the identity of the transmitter, and instead only provided validity that the centrally issued certificate looks the same from a variety of different routes, basically ensuring that if your government or telco MITMs you then the local view would not agree with the notaries and the scheme is exposed.

Certification is still done centrally. Many people look at Convergence and Perspectives as a replacement to the current CA model. It's not, it only complements the CA model to remove a specific method of attack if the CA is compromised or issues a dodgy certificate.

Re:Won't work (1)

vadim_t (324782) | more than 2 years ago | (#37964412)

For a government/telco it's trivial to block these systems.

Convergence and Perspectives require a constant connection to their servers. They can be blocked by IP or by port. The current lists are public, making that easy. Or they can just block connections to anything besides selected services like gmail, ensuring the remaining notaries are all local and present the "official" view.

New servers can be detected by trivial traffic analysis: A convergence/perspectives user will connect to their notary after connecting to a SSL service. It just takes some trivial stats collection.

These systems will only help if your government is only partially corrupt: meaning, you live in a country where the government doesn't yet do MITM on a global scale, but only when they consider it necessary. If you're in Iran or China, this probably won't help you.

Re:Won't work (1)

thegarbz (1787294) | more than 2 years ago | (#37964558)

Would the blocking of the notary servers itself be sufficient to raise alarm bells? After all the purpose of this system is detection of tampering on your connection.

Re:Won't work (1)

MSG (12810) | more than 2 years ago | (#37963946)

Sure, you can say "I only trust this Notary", but how do you know that Notary is even who you think it is?

The same way that you know CAs, now: you keep their certificate in a local store for validation.

again, same problem you have now.

No, you don't. You have one of the two problems that we have now. Right now, the two significant problems are 1) that we rely on organizations that could be compromised and 2) if one of the larger organizations is compromised the cost of dropping our trust in them is impossibly high.

In the Convergence system, it's still possible that a notary could be compromised. However, notaries are all equal. We can drop any notary without the same costs as dropping a CA in the system we're using now.

Since most people simply won't switch, even if Convergence was 100% effective it wouldn't matter. Most SSL attacks would still take place just fine.

You're even wrong here. I can switch to Convergence right now, and without anyone else switching, I've improved my security. This isn't a system that requires that everyone change to be effective. It's immediately effective for anyone who changes.

Re:Won't work (1)

jbolden (176878) | more than 2 years ago | (#37964630)

there is simply no way to rely on any number of "individuals" to issue correct information.

Sure there is, tie it to something like botnets don't have. Like a real telephone number, or cell phone number. Tie to a physical address and have verification information delivered by snail mail.

A reputation system? (5, Interesting)

the_Bionic_lemming (446569) | more than 2 years ago | (#37962182)

What happens when you are a software company that will have at best 1000 clients?

That's the issue I am facing right now with Norton and SONAR. I started deploying with Clickonce since i needed to add SQLCE to our customers machines. Now SONAR pops up and deletes our software randomly. If you look at the logs, Norton actually says "YOU CHOSE TO DELETE THIS".

That's just an Antivirus company. How in the hell can I expect to be able to deliver product and keep it updated if I'll never have enough customers to "Trust" our software and build a reputation?

We cater to a pool of clients that will never go above 1100 customers. Does this mean that in addition to AV troubles, we will never get trusted because we cannot possibly get enough people to make the numbers to BE trusted?

Re:A reputation system? (0)

Anonymous Coward | more than 2 years ago | (#37962500)

You should hire mandelbr0t [slashdot.org] . I bet he could figure it out for you.

Re:A reputation system? (0)

Anonymous Coward | more than 2 years ago | (#37962724)

Convergence/Perspectives are not that kind of reputation system. You are probably thinking of stuff like "web of trust" or ebay where users vote up/rate the trustworthiness entity in question.
It is just a distributed certificate validation system. The chosen notaries could use any combination of crawling the web (think google search engine), fetching on demand (think Trust On First Use but with a larger/safer pool), caching certificates (firefox add-on certificat patrol) , use CA (current systems), use DNSSec (another proposed solution), or whatever systems are deemed good authentication for the sites you are visiting.

The point is to generate a distributed, pluggable, modular system of trust. Likely this will have to be boot-strapped by the browser and OS venders like google/chromium/apple/microsoft (as they do for current CA/HTTPSTS systems).

Re:A reputation system? (1)

the_Bionic_lemming (446569) | more than 2 years ago | (#37963458)

Really?

So, in essence you're saying when the thug shows up at the front door and offers protection, we have to pay up front or get our business trashed?

Re:A reputation system? (0)

Anonymous Coward | more than 2 years ago | (#37963342)

I called Norton's tech support and basically explained to them that in no case is deleting anything without prior approval is acceptable.

I get really ticked off when building a specialized compiler from source code then using it immediately trips a high-severity warning and auto-deletes stuff.

End result of that call was SONAR got turned off.

Easy. You provide three independent notaries. (1)

reiisi (1211052) | more than 2 years ago | (#37964618)

Your three independently operated notaries form the core of your system of trust.

And you tell your clients to quit trusting Norton/Symantec and Microsoft. Re-write your stuff to run on Linux and get your clients to put your app on Linux boxes.

I mean, seriously, if your target customer base is so limited, moving them to a reliable system is not nearly as hard.

Monkeysphere as a good alternative? (2)

jbaach (241113) | more than 2 years ago | (#37962522)

I just came accross http://web.monkeysphere.info/why/ [monkeysphere.info] , which looks to me like an interesting idea: delegate the trust issue to the PGP web of trust. Maybe this would be a sane alternative?

Re:Monkeysphere as a good alternative? (0)

Anonymous Coward | more than 2 years ago | (#37962580)

OpenPGP is too hard for normal people; they run away when a website requires secure passwords.

Re:Monkeysphere as a good alternative? (2)

turbidostato (878842) | more than 2 years ago | (#37962740)

"OpenPGP is too hard for normal people"

And that's exactly the point.

Security is not easy. Not in the physical world, not in the intertubes. And people don't really worry about security (not in advance, at least), so they deem to be "too hard".

It's more than e-Commerce (2, Insightful)

Anonymous Coward | more than 2 years ago | (#37962526)

To keep saying only that the flaws in SSL/TLS protocols and trust infrastructure affect e-Commerce is untrue and trivialises the scope of the issue. And yet this seems to be the only example ever trotted out with these stories.

People need to realise that it's more than web sites that are affected, it's everywhere that SSL/TLS is used including secure e-mail, VPN infrastructure and the like. Start telling your CIOs and CEOs that their secure IMAP can be sniffed by NewsCorp so they can publish news of their office romances, or that the VPN tunnels between offices can be sniffed by competitors leading to the theft of billion dollar trade secrets and you might start to see some buy-in on the problem.

one or a handful of centralized servers: that's it (0)

circletimessquare (444983) | more than 2 years ago | (#37962644)

there is a philosophical divide here, across which some people have an almost religious faith in a lost cause: that a trustworthy system can be built amongst peer nodes

sorry, it can't. any such system can be spoofed and gamed

when it comes to trust, you need a centralized authority. you may feel something akin to an allergic reaction when i say those words, but this is because this simple truth may go against some loopy beliefs of yours, fed by romantic idealism, not realistic understanding

i'll say it again: when it comes to trust, you need a centralized authorit

this simple truth applies to a bazillion other issues in the realm of privacy, freedom, government, currency, financial accountability, etc. therefore, these simple words of mine will of course be attacked by libertarians and other loopy thinkers, but it is a simple issue of the way trust works in this world. trust is about a large, visible, slow moving repository that everyone knows and everyone sees. that's how trust is earned. trust is not possible between entities that do not know each other unless those entities submit to the authority of that third party, the centralized authority, for the purposes of certain transactions

sorry, but welcome to reality. fact of life: you need centralized authority in the modern world, in civilization. some of you loopy romantics need to make peace with this fact. there's no way around it, in terms of simple logic

Re:one or a handful of centralized servers: that's (0)

Anonymous Coward | more than 2 years ago | (#37962678)

Maybe you could make a movie about trusting zombies. That would be great.

Re:one or a handful of centralized servers: that's (1)

turbidostato (878842) | more than 2 years ago | (#37962752)

"when it comes to trust, you need a centralized authorit"

Probably you are right.

But then, when it comes to trust, you can never trust a centralized authority.

Re:one or a handful of centralized servers: that's (1)

Sloppy (14984) | more than 2 years ago | (#37962830)

you need centralized authority

Cool. And we'll mark that centralized authority as "moderately trusted," but I still want two more just like it which will never have motivation to conspire with it.

Re:one or a handful of centralized servers: that's (1)

jbolden (176878) | more than 2 years ago | (#37964674)

I agree that's what I would like to do. Pick authorities that hate each other.

Re:one or a handful of centralized servers: that's (1)

jbolden (176878) | more than 2 years ago | (#37964672)

I like the idea of centralized authorities better. Banks for example have doing essentially this sort of work for centuries and unlike peers can put their money behind getting it right.

But I'm not sure I buy that a decentralized system can't work. Say for example my browser looks at 3 authorities that I hand picked (possible defaults). Those 3 authorities are in a group of 100 authorities that they all query and require 5 to agree before passing it on. Each authority to register a business has to register physically with at least 5 of those authorities (i.e. going someplace and showing ID). How does that fall apart?

Reputation system? (1)

93 Escort Wagon (326346) | more than 2 years ago | (#37962682)

Could we implement one of these systems in such a way as to protect us from dupes (like this story)?

My question about Convergence (1)

xrayspx (13127) | more than 2 years ago | (#37962736)

I really love the idea of Convergence on the face of it, but I had one serious question:

Convergence seems to solve the problem of a government (Iran) placing fake certs in front of their users and decrypting their GMail and FB SSL connections, and what have you. But what if the fake cert is placed much closer to the target website which is being spoofed?

If you have a bottleneck in front of the target website you want to spoof, can't the attacker take advantage of that and put a fake cert /there/ since, if there are no other paths, all of the notaries would see the same cert, and pass it as "good". For instance, if you take the case of a large multi-hundred-million dollar website hosted in the middle of the ocean, with one pipe feeding that island, if the attacker places their fake cert and proxy at that link, then every notary in the US would agree to pass the false cert. Similarly, if, say, a major backbone carrier had a secret room, through which passed all their data, and in which sat the FBI, they could place a proxy and fake cert there, and all notaries would see that cert and pass it as real.

That could be mitigated by having at least one notary running DNSSEC, but then you can't have a consensus, you have to have all notaries agree, and require the DNSSEC one to agree. This would work, but in that case, just use DNSSEC (Which I do /not/ like the idea of on its face).

Users want a binary answer (3, Insightful)

Kjella (173770) | more than 2 years ago | (#37962760)

The short answer is, users want a binary answer. Can this site be trusted, true/false. Every system since the "web of trust" in the early 90s that has had a fuzzy answer of "somewhat trusted" has failed. And it stands to reason that when you want such a binary answer, you'll do the minimum required to satisfy it. There's nothing today that prevents your certificate from being signed by multiple CAs, it's just that it doesn't give you anything. The line will show up green in people's web browsers whether it's signed by one or five CAs, it just adds costs with no benefit.

I can sort of understand that, if I got a company's phone number I fully expect to call them and reach that company, not getting MITM'd to some scam center somewhere. Of course there's all the other scams involved but if I type [company].com I expect there to be some trusted index that makes sure I get to the right site. If that site has been compromised that's another matter, but the sites that need to be secured are usually very secure. I just need to be sure I'm going to the right place.

Another matter is client security, if your client is compromised then it can show you anything. That's why my bank texts me to confirm payments, giving all the relevant information in the text. Like are you sure you want to transfer X to account Y, if so text OK back. That's really the only way to be sure, otherwise it could authorize some completely different transaction than what it told me, for example through a fake error message. Oh, that must have been a typo let's try again. One fake payment and one real.

Re:Users want a binary answer (2)

scdeimos (632778) | more than 2 years ago | (#37962826)

Yes, users want a binary answer, but they have no understanding of what's going on behind the scenes to arrive at that answer. As far as they're concerned "it just works" and they leave the details up to people smarter than themselves.

Example: the line showing up green in the user's browser is only indicating that the presented certificate is trusted by a CA somewhere in the user's browser certificate cache. It might be that the presented certificate is signed by DigiNotar, even though the correct certificate should have been signed by Thawte, but the user agent doesn't do that check - it only knows that DigiNotar is trusted - so the presented certificate is shown to be OK.

Having multiple CAs signing a certificate isn't going to help anybody, as the browsers don't check that a certificate is signed by the correct CA (or collective). What is needed is something to confirm that the presented certificates are genuine, not just that they're signed by someone we supposedly trust. That's what Convergence and Perspectives seem to be trying to achieve, but now you're needing to trust them instead of the CAs.

Re:Users want a binary answer (1)

Sloppy (14984) | more than 2 years ago | (#37962864)

The short answer is, users want a binary answer.

They also want ponies, so I propose we give everyone a pony and then all problems will be solved.

Just kidding. I know we can give them all ponies. Let's lie to them and just tell them they have ponies, but only if they truly believe.

This approach is foolproof. I'm filing a pat--WTF? What's all this prior art?!!?! DAMMIT!

"Web of trust" systems are spammable (1)

Animats (122034) | more than 2 years ago | (#37963398)

Every system since the "web of trust" in the early 90s that has had a fuzzy answer of "somewhat trusted" has failed.

Right. "Web of trust" systems are vulnerable to all the attacks used for search spam - link farms, social spamming, and phony reviews. In any system where unique new identities can be created cheaply, "web of trust" systems are hopeless.

Re:Users want a binary answer (1)

MSG (12810) | more than 2 years ago | (#37963958)

The short answer is, users want a binary answer. Can this site be trusted, true/false.

And in the Convergence system, they get that. A site is trusted if all of your notaries agree that the certificate you see is the same certificate they see. If it differs from the certificate that they see, then something is amiss and the certificate is not trusted.

All I want is an encrypted link (2)

Beeftopia (1846720) | more than 2 years ago | (#37962854)

I can register a domain, get a small server on the internet and serve malware. I can easily get a certification authority to give me a certificate.

All I've ever wanted a certificate for is so that users don't get the freak out security warning saying that "this certificate is not issued by a known certifying authority." I can just as easily self sign a certificate and get the encrypted link, but all the popular browsers will check their internal list of certifying authorities and show the warning.

The only reason I've wanted certificates is so that users can get a strongly encrypted link with the website and use it over wireless/sketchy networks. I really don't see the purpose of having the third party certifying authority in the picture, other than the browser warning.

Re:All I want is an encrypted link (2)

jbolden (176878) | more than 2 years ago | (#37964682)

The point of the authority is to verify you are who you claim to be. For example if you set up a website and called yourself IBM

Names (2, Insightful)

kangsterizer (1698322) | more than 2 years ago | (#37962902)

Can't people start using names that MAKE SENSE again?

Who the hell cares how cool it sounds. It's a technical thing, the public doesn't care. Convergence. Perspectives. Seriously? How do one figures any of those name is related to security?

Heck SSL was called Secure Socket Layer. That makes sense. Computer, is a thing that computes. Make sense.
Keyboard is a board full of keys. TLS is Transport Layer Security. Goes on and on.
Then bang, now you get "convergence" and such crappy names that means nothing. Annoying :(

Re:Names (1)

blueg3 (192743) | more than 2 years ago | (#37963078)

You get a good name when you become accepted enough to become a standard.

For example, Rijndael and AES.

Re:Names (0)

Anonymous Coward | more than 2 years ago | (#37964192)

That's rather different - it's the 2 authors merging their names together. Not trying to come up with something buzzwordy.

AES on the other hand, the names predates Rijndael. They said 'we want this new secure encryption algorithm and we'll call it AES', then got people to submit candidates. Rijndael is just the one that won.

Re:Names (0)

Anonymous Coward | more than 2 years ago | (#37963388)

Yeah, France doesn't make sense either. We should bomb them.

Hey, where's the anonymous button?

Re:Names (0)

Anonymous Coward | more than 2 years ago | (#37963656)

Those names make sense to me. "Convergence" is about browsers using the same certificates for a server, instead of the different ones they can get now. "Perspectives" is about the certificates visible from different places.

Aren't these things browser plugins? As such, I think they need public-friendly names.

Re:Names (1)

thegarbz (1787294) | more than 2 years ago | (#37963738)

Erm Perspectives is a program that views certificates delivered to the client from multiple perspectives around the world.

Of all the frigging bad names that exist in projects out there I can't believe you would actually complain about these here. They are about as relevant as they come, the purpose of the program being in the god damn name.

I have a better solution (0)

WaffleMonster (969671) | more than 2 years ago | (#37963124)

Most SSL sites require an account to buy stuff, move your money around, post rediculous comments..etc.

My advice use mutual knowledge of those credentials to establish trust between yourself and the ssl site using a technology along the lines of TLS-SRP.

Obviously this is not a replacement for SSL as it does little good if you have not already established an account. It would allow sites were you establish relationships in person or offline (Banks) to no longer have to depend on SSL certificates at all in any shape or form.

Most federated authentication systems MS passports, openid...etc will also need to be fixed to suck a lot less than they do now.

Browsers will need to be updated to support SRP there is native support or at least patches for all major TLS toolkits to make this happen and the RFCs have already been written. It is just a matter of browser vendors getting off their asses and committing the patches that have already been submitted.

The root of the problem (1)

Splenetiatist (1903770) | more than 2 years ago | (#37964182)

I generally like the concept and can think of times in the past when I've preferred to receive an SSL certificate from someone else's perspective, rather than one my browser is simply prepared to accept without warning as it has been "appropriately signed". Monitoring such a system of notaries seems fairly trivial (they could monitor each other?) and could well prevent against the most targeted of attacks.

I have some reservations about notaries being privvy to my browsing history, although I guess local caching goes some way to mitigate this and I believe there are plans in place (or already implemented?) to bounce requests between notaries to add a layer of anonymity.

The main issue however with SSL and trust is the user. How many people still click to ignore SSL warning messages?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...