[tptacek]

That's a misstatement of Moxie's position, which is unfortunate because Moxie's position is important, probably correct, and needs all the credibility it can get.

What's broken about SSL/TLS is the current CA model. Since SSL/TLS was introduced, we've been running with almost exactly the same trust "UX": a hidden browser config panel listing a series of complicated-sounding trusted root CAs, each with the authority to sell or transfer their business to some other entity, or even to delegate the authority to sign certificates to other organizations.

That's absurd; it's a security model that clearly can't work in the real world --- and, more, demonstrably hasn't worked. SSL CA's have been caught red-handing selling their authority for dubious reasons. For instance, Trustwave sold a CA=YES certificate to an undisclosed third-party corporation solely for the purpose of making it easier (not "possible" but merely easier) for that corporation to monitor their own users.

We need a radical rethinking of the UI/UX and trust model behind SSL/TLS, and Moxie's idea of decentralizing that trust --- so that, say, the ACLU could operate a sort of CA root that would vouch for Verisign's signatures on core ecommerce sites but not accept a crazy delegation from Iran.

The protocol, on the other hand, is for all its warts the best-tested crypto protocol in possibly the history of computing. Baby & bathwater, and all that.

[StavrosK]

I remember seeing an interview where someone asked a Chrome team member if they had plans to support Moxie's idea. They said, roughly, that if Chrome supported it, Google would have to run some notary servers, and people would rest assured that Google is running them and not be bothered to run their own, leaving Google with having to support this for the entire internet.

It's too bad, it sounds like a very good idea.

[tptacek]

Thankfully, the world does not depend on Google to move decentralized trust for TLS forward; since it's mostly a UX change, and it's confined to a very small part of the TLS stack (the verification of server certificates), it can be retrofit over existing infrastructure with neither changes in server software nor major changes to browsers. We can probably do it via plugins.

[stanleydrew]

What can those of us who like this decentralized CA whitelist idea do to help it gain adoption? Can I start telling Chrome right now to use a whitelist maintained by an external source? Should I just pick someone's whitelist (e.g. ACLU, EFF, yours) and trim my browser and OS whitelists to only use those?

Also how does this affect SSL certificiate "pinning" as implemented in Chrome? I guess it doesn't since even if you have a pinned cert for a specific domain Chrome will still verify the trustworthiness of the CA that signed it?

[tptacek]

Sorry, I should also have mentioned TACK, Moxie and Trevor Perrin's proposed system of allowing servers to dynamically update certificate pins. As many people here know, Chrome already has a system of pinned keys, which mean that as far as Chrome is concerned, Chrome is the final arbiter of GMail's public key, not Trustwave or any other CA. TACK allows browsers to keep a cached list of pins in somewhat similar fashion to HSTS, which caches a list of servers that must use TLS.

TACK is just a proposed standard right now; I have no idea where it's going. But it's a good band-aid on the existing CA system.

[ivanr]

Several things come to mind; let's take Convergence (http://www.convergence.io) as an example. First, the software (Convergence plugin and notary code) need to be stable. This is mainly the job for the project team, but they might need help. In my personal experience, the code works well; haven't checked recently to see how it performs for others. The Convergence plugin is a hack, so it probably has a few rough edges.

Second, the protocol and the code need to be independently reviewed. This hasn't happened as of yet, but I am sure will if the popularity of Convergence increases. I'd be willing to give it a go at some point.

Third, we need a good-enough infrastructure to start with. SSL Labs (which I run at Qualys) sponsors Convergence by providing 4 notary servers (2 in the US, 2 in Europe). These notaries are installed by default, so you could say that the infrastructure is decent (at the current level of usage).

Finally, we need to have the technology available in all major browsers, at the very least pre-installed and available as an option, but -- ideally -- fully integrated ("This looks like a self-signed certificate; please wait for a moment while we verify that you are not under an attack"). A big problem for adoption is that browsers are lacking APIs for this type of work.

[StavrosK]

That's what the Perspectives plugin for Firefox (http://perspectives-project.org/) does, but, as with all these things, it probably won't see wide adoption until it's implemented in a browser by default (and it's good enough that it will have very few false positives or negatives).

[andrewcooke]

just to add that perspectives also has a chrome alpha - https://chrome.google.com/webstore/detail/lnppfgdnjafeikakad...

[kinda frustrating that the solution to many of these issues is sitting here at the bottom of the thread!]

[StavrosK]

Oh, thanks, I looked for that on the site but didn't spot it.

[adlwalrus]

I wonder what building a Chromium version would entail. Do you think it would be a lot of work? I feel like it would have been done already if it were possible with the present extension APIs.

[adlwalrus]

Do you any reference links for this being Google's stance? If so, I'd really like to see them.

Thanks

[StavrosK]

After a quick Googling:

http://www.imperialviolet.org/2011/09/07/convergence.html

The reasoning is solid, unfortunately.

[adlwalrus]

I'unno, man. It's probably significantly lower than 99.99% of chrome users that stick with Google as their default search despite the first-run search engine selection dialog, but also likely not too much lower, either.

What's important is that they give the choice -- not just in a tucked away settings pane or whatever, but actually flash the question in the user's face in a meaningful way. If search engine monopolies are important enough to add "friction" to user interaction, then I'd say CA oligopolies are at least doubly so. The conflict of interest factor isn't present in the case of CAs, because, AFAIK google doesn't run any themselves (yet), but I think its still very important to give users the choice.

I also want to point out that Google runs all kinds of infrastructural nodes all up and down the internet's stack. They have no problem pioneering high-performance DNS to move the web forward, and they even are running their own fiber optic network, for crying out loud. They're huge on promoting IPv6 adoption, (mainly because it will remove any significant cap on the internet's (and thus their) growth). I think they can handle a few SSL notaries.

But security behind the scenes doesn't contribute to a palpably sexy image of the web in the masses' minds, so it doesn't really help google's bottom line enough for them to care. Kind of like how while their "speed" initiative complete with JSCDNs is terrible for privacy (third party resources sending referrers to Google upon fetching), it helps to make the web seem like a more serious platform in the subconscious minds of users by increasing performance.

[StavrosK]

Sure, they can handle a few CAs, but then you've switched from the CA oligopoly to a Google monopoly. A significant fraction of the web would basically be running with Google as its sole CA.