SSL Fixes Offered; Solution Up in Air

Wednesday, February 29, 2012 @ 09:02 PM gHale


There is a proposal to overhaul the Internet’s SSL authentication system, aiming to minimize the damage that would result from the compromise of one of the authorities trusted by major browsers.

Under version 2 of Kai Engert’s Mutually Endorsing CA Infrastructure proposal, people connecting to Google Mail, Twitter and other sites protected by SSL would draw on one of three randomly selected notaries to verify the digital credential presented is valid. By comparing the SSL certificate’s contents to data contained in the voucher returned by the notary, the person’s Web browser or email program could quickly spot forged credentials, even when there is a signature using the private key of a legitimate certificate authority. The notaries — or voucher authorities (VA)— would consist of existing CAs.

RELATED STORIES
Amnesty for CA Violations
PostgreSQL Closes Security Holes
Oracle ERP Vulnerabilities
Patched Flaw; Unpatched System Brings Attacks

“The introduction and requirement of vouchers has the benefit that controlling a single CA will no longer be sufficient,” said Engert, a software developer at Red Hat and a contributor to the Mozilla Project’s security team. “If the presence of a valid voucher were mandatory, at least two CAs would have to be involved to create a working rogue identity, one CA signing the certificate, another CA using its VA to produce a voucher.”

At a minimum, the vouchers would contain a cryptographic hash of the certificate the end user wants to access, a single IP address used by the site, a timestamp recording when it collected the data, and a digital signature using the underlying VA’s private key. It might also include data concerning intermediate certificates used by the SSL certificate, recent OCSP (online certificate status protocol) responses for the certificate and intermediate certificates, and proof the VA signing certificate didn’t suffer a revocation.

Critics have complained for years the web of trust used to prevent eavesdropping on webmail, banking transactions, and other sensitive Internet-based sessions is hopelessly broken. With more than 600 entities authorized to mint certificates trusted by major browsers, all it takes is the compromise of one of them for an attacker to forge a credential for any site. That point came to the surface last year when hackers breached Netherlands-based DigiNotar and created counterfeit credentials for Google Mail, Mozilla’s add-ons download site, and other sensitive services. The Gmail certificate alone snooped on 300,000 Gmail users, an audit later showed.

Since then, competing alternatives and enhancements to the fractured SSL system have surfaced. Among them is Convergence, proposed by Moxie Marlinspike, a researcher who has repeatedly exposed serious flaws in the underlying SSL protocol. Convergence relies on a loose confederation of notaries that independently vouch for the validity of a given SSL certificate. One of the key benefits of the system is a “trust agility” that allows users to query specific notaries they trust.

It also provides privacy protections not available with regular SSL. Under the current system, certificate authorities track huge numbers of requests for SSL-protected websites and map them to individual IP addresses. Convergence uses two separate notaries intentionally kept in the dark when vouching for a certificate. One notary gets to see the IP address of the Convergence user but not the validated SSL certificate. The other one sees the certificate but not the IP address.



Leave a Reply

You must be logged in to post a comment.