[cap-talk] Firefox breaks .. identifiability - what do CAs contribute?

Ian G iang at systemics.com
Wed Feb 9 06:03:12 EST 2005


Jed at Webstart wrote:

>>
>> But the fact that a CA chose not to bind useful information to the 
>> X509 cert...
>
>
> I'd like to better understand your thinking on this point Ben.  Can 
> you give an example or examples of information that you would consider 
> useful?  Given any such useful information, what reason would it give 
> you to increase your trust of the site you are visiting?
>
> About the only thing I've ever seen even claimed for CA communication 
> is something along the lines of "this site is who they claim to be".


You've not seen adverts where CAs advertise that
ecommerce can be conducted with trust?  Curious,
maybe I'm mistaken, but the system was sold as
the way to secure ecommerce and the way to trust
the site.

> Is that what you see as value added by CA signed certificates?


Historically, there were three conflicting views.  One
was "verifies the identity" and therefore you could
be sure you were talking to the right site.  Hence,
it was an anti-spoofing thing.

Another was "there is no guaruntee, and we simply
follow these procedures."  This is the legal side that
the CAs tried to push, and is written into their CP/CPS
documents.  This was intended to remove any liability.

A further view was the cert was essential to secure
ecommerce and if it was used the participants to
the transaction(s) could assume they trusted each
other.  This was a marketing view.

Now, all of these are in conflict, but it didn't matter
until the system came under attack.  Luckily or unluckily,
the system was attacked by a complete bypass and SSL
was not invoked.  The browser security system has never
ever been tested by aggressive attackers in a commercial
fraud setting (I exclude the crypto community from that
by definition).  (Including the Shmoo thing, IMO.)

However, the above mentioned attack was so successful,
that the phishers are now industrialised and well flush
with funds.  Which means they will now attack anything
and everything.  The secure browsing model is soon to
feel the heat, and it will look pretty messy.  It will get
attacked just as soon as the users start looking at the
padlock in any serious numbers.

Which brings us back to what value added can a CA
offer with its CA-signed certs.  Well, I don't think there
is a limit to that.  I think if Verisign wants to offer a
premium service that guaruntees no phishing, then
they should be able to do so.  And they could so with
a little help from the browsers.

On the other end of the scale, a cert signed by
CheapAndCheerful.net could offer just your basic
SSL protection for $10.  No problem with that, either.

CA signed certs should be able to offer whatever value
they can.  It's a market.

>> tells us nothing about the viability of X509 as a method of binding 
>> useful information to domain names. Its quite clear that the CA 
>> _could_ have bound the information that Eric Johanson purchased the 
>> cert and not PayPal. This would have been useful.
>
>
> Bought by "PayPal" as listed in Dun and Bradstreet?  Perhaps it's 
> somewhat personal, but that sort of information doesn't add much for me.


He's saying that if the owner of the domain
had been listed, then it would have quickly
triggered the mind in this particular case,
because it wouldn't have been Paypal Inc
that owned the cert/domain.

Although, adding to the above, there is
no reason why a CA can't sell a cert that says
"as listed in Dun and Bradstreet."  It's a market,
and if that works for the Paypal company, why
can't they buy it?  Maybe their users would be
happier with that.

> [good stuff snipped] I don't see how the CA information really helps.


Just concentrating on the CA here - the reason
that the CA information doesn't help (I claim) is
that the CA has never delivered anything to you
that you value.  See above, they have spent the
last 10 years up a blind alley as far as adding
value.  But that doesn't mean that a CA couldn't
start to add value - especially if the browser were
to work to show that CA to the user.

(Firefox now has a little mouseover so that when
you wave over the padlock, it shows you the CA.
But see the trustbar.mozdev.com or that blog
entry gif I posted last night for a better view of
the possibilities.)

> My negative experience with Verisign as a CA came mostly from buying 
> their useless host certificates for years.  I happen to support some 
> Web servers for a Department of Energy Scientific Computer center, e.g.:
>
> http://www.nersc.gov/ or perhaps I should say: https://www.nersc.gov/
>
> We finally started using an internal DOE certificate authority.  They 
> certainly know more about us than Verisign and we have a lot more 
> flexibility in generating such certificates, not to mention less cost 
> for the taxpayer.  The only thing a Verisign certificate added for us 
> was to eliminate that annoying popup about an unknown CA.  I expect 
> many, many such sites are induced by that annoyance to their users - 
> even though I assert that the "knownness" of the CA contributes 
> nothing to the value of the signing.


Yes.  VeriSign did not deliver you any value that
wasn't "extorted" from you by browsers that thought
they had to protect you by forcing you to buy a cert.

But, that's not to tar all CAs with the same brush,
nor the concept.  It happens that the TTP concept
was missemployed.  We are going through a period
of re-evaluation of the role of the CA, and may
emerge as a useful member of the net community,
or it may disappear.

> To me this seems more like a scam than a solution.  Of course we'd 
> like to get a US government CA that is accepted as known by browsers, 
> but for now we have our users enter our CA into their browsers.


Well, you could negotiate with Mozilla.  They want
CAs that effect all their users, but if you can show
enough users, they may consider adding your CA.
(In fact we were discussing just this question on
the list last week.)

> We're often colored in our thinking by experiences such as that above, 
> so I thought I'd lay my experience out to make clear where some of my 
> thinking is coming from - beyond my early capability OS and 
> cryptography experiences of course.


Good story!

iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/



More information about the cap-talk mailing list