SSL certificate authorities vs. ???

It's clear CAs have their problems, but nothing is ready yet to replace them

With all the publicity about breaches of SSL certificate authorities and a hack that exploits a vulnerability in the supposedly secure protocol, it's time to consider something else to protect Internet transactions. If only there were something else to turn to.

Protecting SSL and its updated version TLS is vital because they support most e-commerce transactions by setting up end-to-end encrypted sessions that are authenticated, and that requires certificates that are verified by certificate authorities.


INTERVIEW: Father of SSL says despite attacks, the security linchpin has lots of life left 

Verification is supposed to assure that a public encryption key presented by a device is actually owned by the entity that claims to own it. It is meant to say, yes, you are indeed about to enter a secure session with your bank. The certificate authority plays this verification role and is considered a trusted third party in public key infrastructure.

The problem is certificate authorities can't always be trusted.

Earlier this year, certificate authority Comodo was breached and nine fraudulent digital certificates were issued. The certificates let the thieves trick Iranian users into thinking they were connecting to Google, Yahoo, Skype and Mozilla when they weren't. That deception would enable the thieves to gather user IDs and passwords to break into customers' real accounts with those businesses.

Later on, a similar breach at Dutch certificate authority DigiNotar yielded 500 or so fraudulent certificates that so damaged the company's credibility - and the ability of the Dutch government to function online - that the company declared bankruptcy

These are the manifestation of problems that have been talked about for years. Security expert Moxie Marlinspike has repeatedly demonstrated weaknesses and exploits against certificate authorities in public forums and calls for replacing them altogether.

He actually recommends a new model for authentication that he calls Convergence that is similar to one being trialed at Carnegie Mellon University called Perspectives. Rather than trusted third parties whose trust can't be assured, SSL/TLS authentication would rely on a reputation system of verification.

Servers called notaries are set up to constantly ping and re-ping sites on the Internet and record what certificates they present. When asked by browsers seeking to verify sites, notaries respond with the certificates that the sites have been issuing over time. The browsers check whether the certificates issued by the notaries match the certificates sent by the sites.

So if a customer is trying to reach, the customer's browser would ask a notary what certificate it has been receiving over time from If the response matches the certificate the customer just got, that serves as verification.

Under Perspectives and Convergence models, anyone can set up a notary. Over time, the reliability of notaries will establish their reputations as deserving or not deserving trust.

An upside of the notary system is that end users get to pick which notaries they want to poll and can add or drop them as they see fit. With certificate authorities, browsers are preloaded with the certificate authorities they trust and end users can either use them or forfeit access to Web sites that use those certificate authorities.

Separating the trust decision from the browser manufacturers is a good step, says Taher Elgamal, CTO of Axway and one of the creators of SSL. He says the root of trust should be the Internet and its reputation ecosystem. Users would recognize notaries that can't be trusted and reject them.

What's needed is a way for browsers to learn when a notary's reputation has been tarnished. "And I'm not saying I know how to implement this, but it's a better model," Elgamal says.

It's pretty clear, though that the certificate authority system doesn't work, he says, and that something else is needed. The problem is that because SSL is so widely used, implementing it will require cooperation of browser vendors to support a new system or at least support add-ons that do.

Learn more about this topic

With SSL, who can you really trust?

Father of SSL says despite attacks, the security linchpin has lots of life left

The SSL certificate industry can and should be replaced

Comodo hacker claims another certificate authority

Comodo hacker claims credit for DigiNotar attack

DigiNotar certificate authority goes bankrupt

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.

IT Salary Survey: The results are in