[grey-area]

It doesn't have to be this way though.

The browsers could start not trusting those CAs, and not allowing them to impersonate any SSL site you visit, and they are making steps towards this with measures like pinning aren't they?

Measures like that just need to be made the default, and if companies want the ability to MITM they should have to adjust settings to make that happen, but consumers should not be vulnerable to that by default and browser vendors could work towards that future. At least people are now more aware of these issues, and that a green lock really doesn't signify much if a government takes an interest in your communications.

[dingaling]

> and they are making steps towards this with measures like pinning aren't they?

Pinning is an unscalable hack around the core problem.

[grey-area]

I'd be interested to know why if you have the time.

[skuhn]

The classic manual method of cert pinning is not feasible for more than a handful of large sites, because each browser that supports it has to update its own pin list.

Google adds a whitelist of public keys to Chrome upon request, only for high impact sites. Firefox does the same, with a different list. Safari doesn't support it at all. IE supports it in a useless fashion.

This is totally unworkable in the long term. Broader support also opens it up to smaller (less savvy) sites who will inevitably get bitten by a lack of foresight. "Oh, I only authorized GoDaddy and now I use Entrust...". However, set too broad a list and you've just given an attacker a list of targets to pick the weakest link from, possibly not dissimilar from choosing a target amongst "all CAs clients support".

The manual method is not the only way, and it's always been apparent that it was not the end game. HSTS and HPKP are important steps forward, and support is decent. As always though, IE is a useless impediment to progress.

https://projects.dm.id.lv/Public-Key-Pins_test

It's going to be a while before HPKP is everywhere, but it's definitely a better approach.

[mike_hearn]

To give a real example, CryptoCat managed to commit pinning suicide recently. They requested a pin in Chrome and then their CA's intermediate expired, meaning they had to reissue the cert .... but failed, because Chrome rejected the new cert. They had to wait for the next Chrome version to recover and basically had a multi-week outage because of it.

Pinning eliminates CA's by eliminating the agility they provide. Not inherently an awesome deal.

[skuhn]

You really need at least one alternate (from a different company!), even though that reduces security. 2 is still better than 150. I'm surprised that Google would accept a one hash pin, but I guess they'll let you shoot your own foot off if you want to.

The other side of that is you must actually be able to issue certs from that other CA. If you have to wait for your account to get set up and verified, you've lost.

[yuhong]

The problem is they switched to non-EV and they pinned only the EV root.

[grey-area]

Thanks.

[drivingmenuts]

Browsers shouldn't be making the decision of who to trust or not trust. They should be presenting the information for the user to decide. If the user decides to trust the US government more, that is their choice. The browser should inform, but not make that decision for the user. The only thing the browser should be doing is making it as difficult as possible for that decision to be subverted.