Hacker News new | ask | show | jobs
by dsacco 4151 days ago
You're right that SSL has problems, but you cannot be the certificate authority for your own domain, and I'll explain why.

The certificate authority system is an imperfect solution for the problem of public key infrastructure. It is designed such that a trusted, independent third party can verify messages between two communicating parties. The third party's trusted signature verifies that the user is who they say they are.

Now, if anyone can be a certificate authority, and you can be your own certificate authority, you have effectively removed certificate authorities entirely - you now end up with de facto two parties. This is convenient for you to certify that you are yourself, obviously.

This is inconvenient and dangerous for you when anyone else certifies that they are you using themselves as a certificate authority - if they can sign their public key using their own nominal trustworthiness, the entire problem is back where it started without the certificate authorities in the first place.

By design, certificate authorities need to be 1. trustworthy, 2. highly vetted and 3. very few. If everyone is a certificate authority, then no one is.
2 comments
nadams 4151 days ago
> By design, certificate authorities need to be 1. trustworthy, 2. highly vetted and 3. very few. If everyone is a certificate authority, then no one is.

Isn't that the situation we are in now? All it takes is one CA with poor security coughDiginotarcough and the whole system is broken. I'm obviously ignoring the fact we have CRLs - but if someone has a signed cert for say chase.com or google.com they can do a lot of damage in a very little amount of time.

Maybe I'm just cynical that there is a profit motive to CAs. I mean, you can't tell me that it's just greed that you can purchase a certificate to turn a user's address bar green because it's "extended validated". The average user won't notice, or even know what that means. Big picture behavior - there is no functional difference between a EV and non-EV signed certificates.

My opinion: if we keep the SSL/CA system the way it is today - we need fewer CAs but create non-profit CAs where the average person can get CA signed/trusted certificate for free or next to free. I'm not talking about grabbing some random dude off the street and start a non-profit - it should be funded and sponsored by companies like Google/Verisign/Microsoft etc.

link
dsacco 4151 days ago
I agree with everything you've said here. Certificate authorities are, like all organizations, prone to corruption and misaligned incentives. There are certainly issues, and it's very much an imperfect solution. The trouble is that getting rid of them (right now) is a net loss for cryptographic integrity. SSL, and perhaps public key infrastructure underpinning it, needs to be redesigned. There is no viable alternative just yet.
link
thanksgiving 4151 days ago
Or better, cut out Verisign completely out of this... correct me if I am wrong but if the major browser vendors: Microsoft, Google, Apple, Opera, and Mozilla come together can't they basically decide to cut off any certificate authority as they wish? Can't they basically tell Verisign to issue certificates for free of cost or get booted out?
link
nadams 4150 days ago
The only reason why I suggested Verisign is because they have been in the industry long enough to know what they are doing (presumably) and not make the same mistakes that were made in the past.

Worst case scenario - if Verisign doesn't want to share the toys in the sandbox, Microsoft/Google/Mozilla et all can just refuse to include their CA certs as trusted certs.

However, Verisign is in a very interesting position as they currently manage/control .com tld.

So what I'm saying is - if the children don't agree to play together then they can take their toys and go home then no one can play.

(I like to use the analogy of children and these big companies because, in my opinion, it appears that's how they operate. They just can't come together, like mature adults, and form some sort of solution to this. Last I heard is that Google wants to show an error page for non-HTTPS enabled sites, on Chrome, which will make everything even worse[1]. Don't even get me started on the whole self-signed cert error message page...).

[1] - http://www.chromium.org/Home/chromium-security/marking-http-...

link
pdkl95 4151 days ago
> trustworthy

Do you really trust all of these keys?

https://www.mozilla.org/en-US/about/governance/policies/secu...

Even companies like AOL, VISA, Wells Fargo, and the historically-problematic VeriSign and GoDaddy, and lets not forget the Even the companies with serious legal issues in the past, and several governments (China, Japan, Turkey, etc).

This reliance on a single point of trust is why the PKI systemd is destined to fail in the long run: that single point of trust also a single point of failure. The entire concept of a CA requires handing over key parts of our infrastructure over to a small list of "authorities" (which grants the CA a lot of power), while simultaneously trusting those authorities to never abuse that power or be corrupted from the outside.

> If everyone is a certificate authority, then no one is

This is actually the core problem with PKI. Not only does it presuppose that a "few" trusted authorities is even possible, it also frames the discussion by assuming that only a globally supported solution is required. This attitude also dismisses the capabilities to evaluate trust and merely asserts that most people shouldn't worry about this kind of security problem.

A better idea is to recognize that everybody solves pieces of the trust problem constantly in their daily life. Some of the decisions are made of personal experience or observation, but we also rely on others that we see as an "authority". These are powerful behaviors that should be built upon. Everybody can be a CA, because they already are in.

Someone that sets up an "authority" that is only used between a group of friends is perfectly safe IFF 1) stays at the scale where trust already exists, AND 2) the people involved have some easy way to select the trust basis they wanto to use.

Criteria 2 is the most important. The CA system is de facto boolean trust. (i.e. HTTP-vs-HTTPS). There is no sane way for the typical user to say they want, for any particular transaction or communication, to only trust some specific authority (or authorities). and then switch to a completely different trust basis as needed. Once this ability is in the hands of the average person, I suspect the key distribution problem will solve itself as people self-organize.

link