Another CA Issues False Certificates To Iran 229
arglebargle_xiv writes "Following on from Comodogate, we have another public CA issuing genuine false certificates to Iran, this time for Google. There's speculation that it's a MITM by the Iranian government, but given the existing record of CAs ready to sell certs to anyone whose check clears, it could just be another Comodogate." Another (anonymous) reader says, "What might be worrying is that the CA behind the forgery is the official supplier of most Dutch Government certificates, diginotar.nl. They are supposed to be very stringent in their application process. As a Dutchman, I'm very interested to see how this one plays out."
Adds Trailrunner7: "The attack appears to have been targeting Gmail users specifically. Some users trying to reach the Gmail servers over HTTPS found that their traffic was being rerouted through servers that shouldn't have been part of the equation. On Monday afternoon, security researcher Moxie Marlinspike checked the signatures on the certificate for the suspicious server, which had been posted to Pastebin and elsewhere on the Web, and found that the certificate was in fact valid. The attack is especially problematic because the certificate is a wildcard cert, meaning it is valid for any of Google's domains that use SSL."
This is ridiculous (Score:3)
Any CA that can't implement sufficient controls to prevent such shenanigans, should not be a CA in the first place. Needless to say i've changed my browser and OS settings to distrust the CA. I expect a serious explanation shortly, and short of some unusually extreme extenuating circumstances, I think all browser vendors and OS vendors should evict the CA immediately, to make an example of them.
I am curious though.... did the CA fail to implement its CA CPSs, or did its Certification practice statement actually have a hole where such a thing could happen?
More acronyms, please (Score:3, Funny)
So, besides more Californias (CAs) offering more martinis-in-the-morning (MITMs) to confuse more octogenarians/septuagenarians (OSs), what does the Chicago Public School System (CPS) have to do with anything? Or is this one of those "hacker" things I've heard so much about?
Re:More acronyms, please (Score:5, Funny)
The Californians provide a document specifying their chosen Chicago Public School System, which is digested by THE POWERS THAT BE to decide if the Californian is trusted to introduce UAs (Utah and Alaskans) to servers and vice versa (partially based on their record of providing the proper tip amounts to their servers).
The problem is, this particular Californian has taken to introducing fake servers to the UAs (Utahns and Alaskans).
Re: (Score:2)
See, now that's the smartassery I really enjoy. ;)
Re: (Score:2)
Yes, but how does this relate to Southern State Lobbyists (SSLs)?
Re: (Score:2)
Ah, yet you fail to understand that the parent (and the post itself) obscure everything unnecessarily and that I mocked them accordingly. And I see why you posted anonymously. (Adverbs are big this time of night.)
Re: (Score:2)
i'm glad you didn't post anon so it can be known you're another one of those who thinks that people would agree with you if only they were as smart as you
It's a trivial bit of humour. And since it seems to have been modded up as funny, I'd suggest that there are some people who think it contributes.
OTOH, you did post anonymously. I'm sure you understand that no one gives a flying fsck about insults tossed up by a coward that can't stand up for what he says by signing his posts. In fact, you may have been the reason that it was modded up in the first place.
At the end of the day, he may not have contributed much, but you are an ass.
Re: (Score:3)
Actually, this is real news if presented properly. I don't fault mysidia for that, really, but I do fault timothy. I mean, you are talking about international fraud that could affect billions of people, but the article is presented in such a way that it is only instantly readable by a few hundred people. I've been reading Slashdot since 1996, so I'm totally used to the jargon. And I figured it out — so have thousands (or millions) of others ... but there is no real burden on the poster to spell out a
Re: (Score:2)
It depends on if you think the effect of such an attack from such a country would only affect the computer traffic passing through. That is, the attack in this case could actually spill over into the real world where you have serious political unrest and violence that could actually affect billions of people — and not just "oh, my computer got hacked," but actual "someone bombed my house, can I stay at yours?" type effects. Given the provocative and sensitive nature of the nation in question, people w
google considered harmful (Score:2)
http://letmebingthatforyou.com/?q=mitm%20ssl [letmebingthatforyou.com]
Re: (Score:2)
Re: (Score:2)
That adds insult to injury there... either (A) their security/review practices aren't up to snuff, and they didn't ever detect they'd issued a compromised cert. OR (B) they knew about a problem and hid it for PR or other reasons.
I suppose browser policy guidelines possibly need to be revised to require that CAs perform additional certificate issuance monitoring, requiring a third party to 'sign off' on any issuance before any certificate can finally be issued..
For example: I would like to see
Re: (Score:2)
That adds insult to injury there... either (A) their security/review practices aren't up to snuff, and they didn't ever detect they'd issued a compromised cert. OR (B) they knew about a problem and hid it for PR or other reasons.
They've been ordained as the official Netherlands CA by the Dutch government. If you're dealing with the government electronically, you have to use them (and they $$really, $$really milk thi$$ for all it$$ worth). Admitting to a problem would be bad for business. Another couple of failures of this magnitude and the Dutch government might even start thinking about revoking their license to print money, or at least issuing licenses to other organisations as well.
Notary idea (Score:3)
I'm beginning to think some variation of Marlinspike's distributed notary system [softpedia.com] may actually be the way to go. This just can't be allowed to happen, given the importance of internet communication nowadays. If the CAs can't prevent this, it's time to find an alternative.
Re: (Score:2)
The whole idea is to compare a certificate served by a website to a client with one received from the same destination by a notary. If the client is surfing from a compromised network and gets served a fake certificate, it won't match with the one from the notary, triggering an alert.
How does it prevent a man in the middle attack from simply forging the certificate and all of the notary responses?
Re: (Score:2)
There must be something I don't understand about this system...
The whole idea is to compare a certificate served by a website to a client with one received from the same destination by a notary. If the client is surfing from a compromised network and gets served a fake certificate, it won't match with the one from the notary, triggering an alert.
How does it prevent a man in the middle attack from simply forging the certificate and all of the notary responses?
Wrong question.
The notary responses can't be forged; they're signed, and you have their public keys. This is essentially the same as having the public keys of a bunch of CAs, and you'd probably get those keys in the same way: with your browser (though it's more likely that you'd edit them, or replace them with a set from some reputable site, etc.).
The right question is: How does it prevent a man in the middle attack from simply fooling all of the notaries?
The idea is that it's difficult for an attac
Re: (Score:2)
What may be a better solution in the short term would be to examine the policies of browser / OS certificate acceptance policies. After something like this if it is found to be negligent or worse yet malicious on the part of the CA, they get dropped temporarily. As the number of offenses increases the drop time increases, if they behave good for a while the drop time is reduced. Similar to BGP dampening, where any sort of instability must be removed as soon as possible to prevent the whole system from crash
Re: (Score:2)
The CAs can prevent it. Back when certificates first started, certificates were graded according to the quality of information needed to back them. The highest grade required two or maybe three pieces of approved official ID and direct contact with the purchaser. It would not surprise me if some of the vendors also ran background checks and perform other basic authentication.
If they only want one level today, then what's to stop them from switching to the highest standard they used to have, rather than unif
This is considered surprising? (Score:5, Insightful)
*IN RELATIVE TERMS. I know many of the governments of the "free world" are guilty of all manners of despicable privacy violations with all manners of awful consequences, but please don't even attempt to compare these issues to the sorts of oppression that happen in full-blown totalitarian regimes.
Re: (Score:2)
The "free world" is effective enough at controlling the people though other means (bread and circuses) that it need not resort to more extreme measures: the people are powerless, and so abusing them overtly would only potentially giv
Re: (Score:2)
Re: (Score:3)
You're free because you can effect social change. Tell me with a straight face that there is a wide gulf between Iran and the West in that respect, and I shall laugh at you.
It is difficult to effect social change in the west because most of us are, on the whole, content with things as they are. Sure, there is room for improvement, but (a few fringe groups aside) few of us want radical change. This is the essence of democracy.
In Iran it is difficult to effect social change because if you seem even remotely likely to succeed in undermining the government they will crack down on you hard.
Of course, democracy is somewhat flawed in that it involves giving people what they want and
Re: (Score:2)
Democracy gives an illusion of power to people who have none. How many times have you been advised to write your congress person if you have a problem? Illusions of power beget apathy. As long as the situation does not become too horrible (and indeed, few dictatorships survive such situations), and as long as the choices are fairly limited, democracy ends up functi
Re: (Score:2)
Re: (Score:2)
trip to the police station and released a couple minutes later with either a sternly worded warning
Only if they feel like it. Its not uncommon for protesters to be jailed for a day or more with no access to a toilet. And that's after being kettled-in with barbed wire for hours.
You should look up the 2008 Republican National Convention protests. Even members of the press had their badges ripped off by police before being manhandled and abducted.
The anti-pipeline protesters are currently being held for far longer than "a couple minutes".
Re: (Score:2)
My point, though, is less about any specific change; in fact, you can be on opposite ends of the
Re: (Score:2)
You will never get anywhere in politics without money, and you'll never get money without money
While it's certainly easier to make money if you already have some, I would say most of the most visible billionaires (especially in tech) made their money starting from essentially nothing.
Western democracies are extremely good at keeping intact the old aristocratic systems, while managing to convince the general public that they actually have a say.
Western democracies, especially the US government, were created with strong provisions to ensure that it is difficult to change the status quo (i.e. checks and balances). While you can claim (with some truth) that this was done to protect the rich, it also protects many other minorities by ensuring that it is difficu
Re: (Score:2)
You will never get anywhere in politics without money, and you'll never get money without money
While it's certainly easier to make money if you already have some, I would say most of the most visible billionaires (especially in tech) made their money starting from essentially nothing.
Only by the poorest definition of "nothing". Virtually all of them came from upper middle class with a culture of education and an extensive family and social network of secure individuals and families. The hard work and vision of the individual are not to be denied, and of course that is a vitally important factor, but the external influences are very important too. None of those multi-millionaires are orphaned children of dirt farmers from the back-woods of nowhereseville.
Re: (Score:2)
Let me start by pointing out that "nationalization of certain industries" goes against one of the basic principles of freedom (One that was actually acknowledged as such by the U.N.) - the right ownership of private property. I should also point out (at the risk of triggering the Godwin's Law) that the man-kind's worst totalitarian regimes (e.g. Nazi Germany, Lenin/Stalin's USSR) started by the nationalization of industry, land and private assets in the name of the "common people" as a first step in their a
They are indeed comparable (Score:2)
How else can a gov't jail 1% of its adult population at any given moment? Any government with a "war-on-something" at home is in the business of nullifying civil rights and should be considered at least an honorary member of the totalitarian club.
The main difference here in the USA which helps keep the 'freedom' charade going is that we have a great deal of material and cultural excess to indulge (and to drown out discussion of serious issues). Once that abundance dries up, even conversations such as this o
It's also pointless in this case (Score:2)
Stringent SSL verification process ... yeah right! (Score:4, Insightful)
The idea behind the "Stringent SSL verification process" is that customers will pay a brand-name-trusted CA company to verify the SSL request is from who they claim to be.
Even at *TEN THOUSAND* USD/EUR/GBP/etc per fake certificate, the price is too good for countries like Iran, China, etc for engaging in MITM attacks.
The whole process is a scam outright....
Penalty: instant deletion of the CA, surely? (Score:5, Insightful)
Surely, if any a fraudulent certificate evert shows up, then the public keys for the issuing CA should be instantly removed? Even if they are Verisign themselves, if a fraudulent certificate exists, then trust is lost, and they cannot remain.
Re: (Score:2)
Surely, if any a fraudulent certificate evert shows up, then the public keys for the issuing CA should be instantly removed? Even if they are Verisign themselves, if a fraudulent certificate exists, then trust is lost, and they cannot remain.
Who would do this? What is the 'parent body' of a CA? Is the CA business actually regulated in any way? And under what jurisdiction? The nature of 'root certificate' is that the keys are in Windows (or whatever operating system), so Microsoft (or appropriate vendor) would have to do it via an update, or the user would have to do it manually.
Re: (Score:2)
They can, and do, issue frequent updates(with fairly swift uptake across a good percentage of the userbase, these days) which can and sometimes do include changes to the trusted roots. If a CA gets removed, their customers' users start seeing scary, scary warning messages or jus
Re:Penalty: instant deletion of the CA, surely? (Score:5, Informative)
Mozilla, Google & Microsoft (at least, so far) have all now removed Diginotar from their list of trusted authorities in their respective browsers.
Good! (Score:2)
Now all we need is for that to be an automatic response.
Then, the only way back in would be to fix the procedural issues, get properly audited, then generate a new root cert and reissue everyone fresh certs.
The huge cost of this might get them taking security seriously. And even saying "no"to governments.
Re: (Score:2)
Justin: sadly not so, 3.6.21 is not released yet. It will be in the next 48 hours, though.
Re: (Score:2)
What, you thought "Too big to fail" was only for banks?
In this case the breach appears to have been serious enough that Mozilla have actually pulled the CA's cert. No matter how negligent a CA has been in the past, no browser vendor has ever done this before. Rumors on Mozilla lists are that it was a CA compromise, which would mean that no certs from Diginotar can be trusted at the moment. Whatever it is, it's pretty serious. Again.
Maybe this time the browser vendors will finally be incentivised to fix the PKI mess (CA protection racket) that they've created,
Surprising? (Score:5, Interesting)
Re: (Score:3)
And therefor a single point of failure.
Yes, once government has control of that "one authoritative source" you won't hear about this sort of thing any more.
Re: (Score:2)
One authoritative source... per domain.
If you simply missed those two extra words when you first read them, then no harm done. But if you don't comprehend why those two extra words are significant... then you really need to not have an opinion on this topic.
DNSSEC bad idea for total cert trust (Score:2)
Each ccTLD operator is not necessarily limited to just the domains under that ccTLD. If China maintains a root server, and they have the private keys for the root, they can then sign their own .com keys, and then sign domains under .com. (And even if they only have the .cn private keys, and SSL trust was solely implemented in DNSSEC, now you can't trust your SSL connection to any .cn domain!)
Using DNSSEC for publishing certs and extra identity information is a cool idea, but it's not a good idea to replace
Convergence (Score:4, Interesting)
See him speak about it at BlackHat USA 2011 here
Read about it here [infosecurity-us.com]
The official Convergence website (http://convergence.io/). The plugin (AFAIK) is not compatible with FF 6 yet.
Re: (Score:2)
Forget that, go with SSL certificates in DNS and DNSSEC to verify the records.
Re: (Score:3)
And when the DNS servers are subverted to point to bogus SSL certificates, then what?
You do happen to know that you'll have to trust the government [ISP etc] not to mess with DNS, and a one-stop shop to subvert both your domain and your PKI is just what they'd like to have.
SSL certs authenticated/served by DNS is not a fix, IMO - because DNS isn't any more secure from powerful interests than SSL is. [And it may even be less secure.]
This truly is a hard nut to crack, and knee-jerk solutions like "tie it to D
Re: (Score:3)
with proper cryptographic protocols like DNSSEC, the only way to change DNS (and hence SSL certificates stored in DNS) without raising red flags is to actually change the DNS record itself. Any man-in-the-middle attacks by hackers, ISPs or foriegn governments (great firewall of china etc) will cause the DNSSEC chain-of-trust to fail.
Now it might be possible for a bad guy to convince the DNS provider or operator to accept new cryptographic keys, DNSSEC signatures or DNS data but that is a lot harder than con
Re: (Score:3)
Go ahead and actually read or listen to the talk.
If you won't trust the SSL authorities, and I don't - then one would assume that trusting the registrars/TLD's/root/or country TLD's would be even more crazy.
IMO, DNSSEC simply doesn't really solve the problem, and shouldn't be the "solution." We should look for and design something better.
-Greg
Re: (Score:3)
Seriously? Sex.com was totally hijacked. There are literally thousands of cases where domains get owned. [And once you own the domain its DNS is cert
Re: (Score:2)
Re: (Score:3)
Thanks for bringing this up. Every time we talk about SSL issues folks fail to bring up the notaries-based systems. (Even during the last /. article, which was really about Marlinspike's Convergence.)
Additional information: Convergence is based on Perspectives [networknotary.org].
Network notaries let you see a diverse views of the public key(s) used by an HTTPS server over time.
As an example, here are multiple views of Google's SSL [networknotary.org].
Re: (Score:2)
The attack appears to have been targeting Gmail users specifically.
Okay, then, more relevantly, multiple views on Gmail's certificate [networknotary.org].
That'll give you a good idea if someone's MITMing you.
Re: (Score:2)
I've been using Certificate Patrol [mozilla.org] for a while alongside Perspectives and it's pretty useful. However, it has also brought to my attention the frequency with which Google/Gmail's certificates seem to change which the links given above also highlight in the graphs.
I'm still puzzled as to why this is (and why e.g. the Gmail IMAPS certs don't seem to change anything like as frequently - more like annually) but if the certs changes frequently it diminishes the usefulness of e.g. Perspectives quite a bit. Which
Related: Facebook pure HTTP tracking system (Score:2)
I was curious so just as I was writing this I inspected the source of a Wired page I had open. Look at this gem:
<iframe src="http://www.f
Re: (Score:2)
And yes I realize it's really a *pure HTML* (at least as far as the client is concerned) tracking system. Have a million things going on at work right now.
Re: (Score:2)
That's for the Facebook "Like" button but this technique is also commonly used by Ad networks - I suspect you only noticed it here because HTTPS-everywhere will force the facebook connection to SSL (and AdBlock Plus won't block the Facebook "like" button normally). Certificate Patrol will then alert you to the certificate changes.
Look into using something like the RequestPolicy [mozilla.org] extension if you want more control over which off-site content gets loaded - it lets you implement a deny-by-default type policy in
Re: (Score:2)
I wonder what the differences are between Perspectives and Convergence. I've been using Perspectives for a long time. As far as I can tell the only difference is that Convergence has some anonymization features built in.
Re: (Score:2)
Another reason to take a good, long look at Moxie Marlinspike's Convergence system. Basically, it does away with CAs in favor of a trusted and anonymous notary-based system.
I think the best thing about Marlinspike's system is that it doesn't do away with the CAs. Rather, it provides a stand-beside certificate validation mechanism; there's no reason a site can't use both, and using both actually increases the security over using either one alone.
Mozilla wants to blacklist the CA it seems. (Score:5, Interesting)
I just looked through the bug report listed; at the end two very interesting comments:
So it seems Mozilla is basically going to blacklist that CA. I think that's an appropriate response: the CA has proven that their methods are flawed, and that there certificates can not be trusted. This one has been found out; who knows whether there are more out there? I surely hope this is a one-off incident but better safe than sorry. And it sends the message nice and clear to other CAs that they have to be really careful.
As of 9:26pm PDT this bug report has made the frontpage of slashdot.org [...] Please address this issue immediately.
A Slashdot side-effect :)
Re: (Score:2)
It is my understanding that the patches that are being created will blacklist all DigiNotar-issued certificates based on "CN=DigiNotar " in the certificate issuer.
Re: (Score:2)
100% correct. They can no longer be trusted and should be instantly removed. If they come back with a full post mortem study, including the steps they have implemented for it to never happen again, plus a full list of all fraudulent certificates they have issued they should be reconsidered again, but only after sufficient penalty time has passed, say one year. This is to prevent other CAs from doing the same mistake.
Oh and the CA system is utterly broken. This is the scenario all security researchers anti
Mozilla, Google, MS all agreed to remove the CA (Score:5, Informative)
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/ [mozilla.com]
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html [blogspot.com]
http://www.microsoft.com/technet/security/advisory/2607712.mspx [microsoft.com]
Re: (Score:2)
As of 9:26pm PDT this bug report has made the frontpage of slashdot.org [...] Please address this issue immediately.
A Slashdot side-effect :)
Sorry, 1999 called. Slashdot used to have power and respect, but that was years ago.
Re: (Score:2)
Oh good, so I get to reinstall multiple browsers on multiple machines as a result of a single failure of a system destined to generate these failures twice a year.
Can we come up with a better way of managing trust than hard-coding a list of CAs in every single software package I install that uses SSL? Why should Mozilla be in the business of deciding who is trustworthy? Why not just have your software reference a single CA list at the OS level? For OSes that don't support it the list could be distributed
At the rate these CAs are doing this crap (Score:2)
Re: (Score:2)
Maybe I should tell my browser to just accept certs signed by Bob's SSL Certs and Taco Stand
Or Honest Achmed [mozilla.org]. I know his cousin Osman, he's OK.
bit of a red flag? (Score:2)
Re: (Score:2)
To debunk the last bit: it's not that hard for a spy operation to ask some friends in the US, possibly friends that are actually Google employees, to apply for such certificates. To have at least the request coming from a plausible source.
And on the rest... sure, should have raised plenty of red flags. Why would a US company ask a Dutch CA for a certificate? Why would an established site need a new or an extra certificate - a wild card (*.google.com) cert to boot? Now I have no idea how a CA certifies tha
Re: (Score:3)
And on the rest... sure, should have raised plenty of red flags. Why would a US company ask a Dutch CA for a certificate? Why would an established site need a new or an extra certificate - a wild card (*.google.com) cert to boot? Now I have no idea how a CA certifies that the requester is actually the owner of a certain domain, it certainly failed badly in this case.
Go buy a certificate some time. There are LOTS of CAs out there who will complete the transaction and give you a certificate in seconds. We'd like to believe that such CAs have some sort of process in place that flags up potentially fraudulent requests for human verification, but as this sort of thing demonstrates that's obviously not the case.
Re: (Score:2)
The problem is that this transaction should have failed even basic Domain Validation.
A validation request for *.google.com should have landed at a technical contact inside Google. So how did this come into the hands of the Iranian government?
The only thing I can think of is that Diginotar has fallen for the 'Domain Validation is not secure enough' scam, and has therefore used another out-of-band validation technique that was easily socially engineered.
Mart
Oh Good (Score:3)
Oh Good. We can visit something such as Gmail.com with a fraudulent certificate and no one would notice. But god forbid I self sign my home webserver certificate, that must be met with a wrath of a bright red page warning me about the dangers of a possible man in the middle attack and that no one should visit my site under any circumstances!!! /rage
But on a more serious note shouldn't this right now be a clear indication to those in defense of using SSL / TLS to establish identity that their system is horrendously flawed and that maybe self signed certificates are in fact not any worse then any certificate verified by a picture of Ben Franklin?
Re: (Score:2)
> ...system is horrendously flawed...
Is it? The fraud was discovered and the registrar has been blacklisted. Furthermore, you could be using Perspectives if you wanted to: it would have detected this.
Don't be too quick to exchange a tough system for a brittle one.
Re: (Score:2)
The fraud was discovered more than a month after it happened. In the meantime who knows how much havoc was caused.
SSL as it is presently implemented has a number of key problems:
1. It doesn't allow encryption without authentication. An encrypted and unauthenticated connection to a server is considered LESS safe than an unencrypted and unauthenticated connection.
2. Every software package out there has its own trust database. Do you think that every instance of this bad certificate is really going to get
No need to wait (Score:2)
There's no need to wait for a patch. In Firefox, under preferences->advanced->encryption, select view certificates. Just select digi notar and either click delete or edit and then uncheck everything.
CAs must understand that they will be erased from existence by browser providers, security admins and end users if they violate the public trust in this way. They don't have enough bribes, threats, or lies to get out of the hole they dig for themselves when they sell out.
Re: (Score:2)
Re: (Score:2)
Trolling because that name sounds Chinese? And why would you trust Verisign and all the others?
The answer is: because trust is what their business is built upon. Break that trust, break your business, like what's now happened to diginotar. And that's why you can trust them: because they need you to trust them, and that's a good reason for such a business to be and to remain trustworthy.
That said of course we should remain vigilant. Trust is just that - trust. It needs independent verification, and how we
Re: (Score:2)
I doubt I'd be inclined to trust a CA in Iran or North Korea either, given the tense relations between our countries. If I
Re: (Score:2)
And there's the real problem with the current structure. Too many CAs nobody's ever heard off, practically all of which consider profit to be the only thing that counts in the world.
Liability (Score:2, Interesting)
Question for lawyers. If I bought a certificate from DigiNotar, can I sue them for damages? My certificate is unchanged so I have not been directly damaged. However, their business model is based on trust and once they are blacklisted, my cert while not be useful.
We work for cash, not for fun; we want our cash... (Score:2)
Make an appointment and come to our office.
Oh yeah, bring money. Preferably, a lot of money.
signed, your lawyers:
Dewy, Cheatem, and Howe
lovely (Score:5, Insightful)
I love how every [slashdot.org] time [slashdot.org] when the discussion is brought up that browsers need to stop treating https with self signed certificates worse than they treat plain http (just don't show the lock icon, show an icon for the fingerprint, which would make it easy to display the fingerprint for comparing it to a known one), some fool immediately starts talking how browsers must treat https with self signed certs worse than http because https without CA means that your session is vulnerable to the MITM.
Of-course when it is pointed out [slashdot.org] that CA does not guarantee that there is no MITM either, the discussion dies out but the opinions never change.
Well how much longer will the opinions can stay the same with all the evidence that CAs do not in fact guarantee that there is no MITM?
More importantly: who is talking about browser being responsible to figure out whether there is MITM or not with a https and a self signed cert?
This cognitive dissonance needs to be eradicated.
Re: (Score:2)
Well how much longer will the opinions can stay the same with all the evidence that CAs do not in fact guarantee that there is no MITM?
Total straw man. Nobody who remotely understands the system thinks that CAs guarantee no MITM. You could go and see the webmaster in person, shake their hand, look them in the eye, meet their parents, run a background security check, ask for three forms of photo ID and proof of address and then ask for their certificate fingerprint. That would reassure you that, if you are being scammed, you are at least being scammed by the professionals, but it would still represent the weakest link in any chain using de
Re: (Score:2)
Total straw man. Nobody who remotely understands the system thinks that CAs guarantee no MITM
- how [slashdot.org] about [slashdot.org] you [slashdot.org] talk [slashdot.org] to [slashdot.org] them [slashdot.org], before talking about 'straw man'?
So, it boils down to risk. CAs are a million miles short of being a perfect, secure solution but they are far, far better than self-signed certificates.
- bullshit. I mistrust every single CA signed certificate and I want a fingerprint. In fact I mistrust CA generated certificates specifically because they are CA signed certificates - they are not the site operators, why are they relied upon to be honest and trustworthy in the first place? I didn't go to their site, I went to a bank site or wherever else. I don't trust the CAs and I think they are paying off the browser development teams to m
Re: (Score:2)
There needs to be a distributed public directory of fingerprints that is available to all for verification.
I'll avoid commenting on most of your comments. I'm sure others will tear them to shreds, if anyone particularly cares enough.
However, how do you suggest validating that public directory of fingerprints? You are subsituting one weak-but-better-than-nothing chain of trust with another means-absolutely-nothing chain of trust.
Re: (Score:2)
Because to many users, https implies a secure connection to a trusted (by the standard of at least some CA) website. If you want encryption without authentication, please give it another name, such as 'httpe' ('e' for 'encrypted'). Httpe could be exactly the same as https with the exception of blindly accepting self-signed certificates.
Re: (Score:2)
I agree, with the caveat that I think browsers should do ssh-style key history tracking. For all certs, not just self-signed, but it's especially important for self-signed certs. If I visit a site every day for a year and it always has the same certificate, that is actually a much stronger statement of trust than a signature by some random CA, but if that certificate suddenly changes there should be big red warnings. Further, I like the ssh model wherein the user is recommended to do some additional veri
Re: (Score:2)
For once I agree with you completely. I've been saying the same thing for a long time.
Re: (Score:2)
Perspectives and I would assume Convergence, but Perspectives at least is broken in FF5+ (even if you override compatibility). The onyl bug is it doesn't override unsigned certs automatically (tjhe exact function you want :-( )
Give Convergence a try.
Upside? (Score:2)
I am pretty happy to see this. Why? Because, come on, who didn't know this would be a problem eventually?
This is the biggest Achilles' heel in all of PKI... the need to trust the CA! Yet, there are WAY too many of them, all trusted by default. We have known the Department of Homeland Stupidity has had their own trusted CA, should we be surprised that any national government is capable of shopping around for one that will give them the certs they claim to need and should have for some reason?
The ONLY answer
Or with "Dodgeball." (Score:2)
" If you can dodge a wrench, you can dodge a ball."
Patches O'Houlihan
Re: (Score:3)
if you have gold-plated wenches, you end up with a James Bond movie.
The sad fact is that you don't even have to buy them gold-plated. They happily do that on their own, at your expense.
Re: (Score:2)
I believe Iran is run by a government. Whether they bribed the CA or hacked into the CA, it's certainly not free market capitalism.
Re: (Score:2)
Did anyone really assume that SSL certs were legit? YOU'RE BUYING THEM - someone will always sell them to you. Suddenly self-signed, homebrew certs aren't so bad anymore are they?
If you can deliver the key (or even just the thumbprint) to me in a secure manner then i'm quite happy to use it to trust my connection to you. Otherwise I need to trust a third party to tell me that your certificate is actually your certificate and not someone else pretending to be you, which is the whole point of SSL. Well... and encryption of course, but that aspect is somewhat overrated in comparison.
Non-sequitor (Score:2)
Everyone accepting self-signed certificates without checking who created them is going to make us all more secure against governments?
The problem is with the current trust model itself, as others have noted here. Changing it to blindly trusting everything isn't going to improve the situation (and that is what you are proposing, for Joe Sixpack, anyway).
Re: (Score:2)
Good point, I say the same thing all the time. A self-signed cert is, at worst, no worse than an unsecured connection. So why raise an alarm? Treat it the same as unsecured, so that anyone who doesn't see the blue browser bar or whatever knows they can't trust the security of this connection.
Re: (Score:2)
I am a firm believer that once there is a loss of trust, anything that company touches should be black holed.
Really? Do you still trust Verisign and Verisign owned companies (e.g. Thawte)? Verisign have screwed up, and worse also do ethically dubious
stuff ( http://en.wikipedia.org/wiki/Verisign#Controversies [wikipedia.org] ).
BTW Symantec now owns Verisign's CA stuff not sure how much you trust Symantec but they certainly have screwed up before.
How about Mozilla? Or the other browser makers who have bundled CNNIC's (China Gov) CA certs in their browsers.
How about Entrust? They have signed CNNIC's CA cert, so even if you remove CN
Re: (Score:2)
Well. That well.
Apparently you did not, either.
Re: (Score:2)
Is that supposed to be Steve Ballmer in the background?
Re: (Score:2)
Hashes at first use? AKA what the guys at the Perspectives project call the "prayer method?" (Pray you're not getting MITM'ed the first time).
Re: (Score:2)
Getting a 404 on that URL.