Future of SSL in doubt? Researcher Marlinspike unveils alternative to certificate authorities

Marlinspike began his Black Hat briefing by highlighting the fact that the SSL structure has not been fundamentally altered since the early 1990s, and based on his communications with its creator, the security and authentication it provides for web communications was developed almost as an afterthought. The problem with SSL and the certificate authorities (CAs), is the sheer number of organizations that can provide signed certificates, and therefore potentially intercept secure communications over the internet or provide certificates to those with malicious intent.

Then Marlinspike offered up a strong critique of the certificate authority process: “the vibe about these things has been shifting...from total rip-off to total rip-off and mostly worthless”.

The first problem, he added, is that there are simply too many CAs – about 650 according to research from the Electronic Frontier Foundation. Then there are the recent troubles one CA has experienced ensuring the communications it was entrusted with securing. The CA in question was Comodo, which drew the majority of Marlinspike’s ire.

The researcher said he did not trust Comodo but lamented that the only alternative web browsers have is to remove the company from their list of trusted CAs. But, by doing so, nearly one-quarter to one-fifth of the internet – the sites signed by Comodo – cannot be connected to securely.

“The truth is, somewhere along the line, we made a decision to trust Comodo”, he said. “And now we are locked into trusting them forever, and this is the essence of the problem”.

What’s missing from the authenticity equation, Marlinspike contended, is something he has termed “trust agility”. The concept has two components: first, a decision to trust a CA can be revised at any time and, second, that users can determine which CA(s) to trust.

Undoubtedly Marlinspike’s distrust of Comodo stems from recent troubles the company experienced when several of its resale partners issued digital certificates to hackers who then hijacked secure connections to major websites.

What Marlinspike proposed to replace the existing model is one that puts the power of trust decision making into the hands of the end-user, rather than CAs. “Instead of a site initiating the trust relationship, it’s the user that initiates it”, he noted, adding that users would then send a request to the CA to certify the site. “The reason this is so powerful is because it means the user can now decide which authority they want to interact with”, and presumably incentivize CAs to ensure the validity of the certificates they sign.

In what he called a Steve Jobs-inspired move, Marlinspike launched his own Convergence alternative from the Black Hat briefing stage, a system he called “a secure replacement for the certificate authority system”.

Convergence, currently in its beta version, works by allowing users to configure a set of trusted “notaries, which use network perspective to validate communication”, according to its website. It will also require a “trust consensus” from multiple notaries to ensure security. Convergence, thus far, is only available as a Firefox browser add-on.

“If anybody is proposing an authenticity system or a different trust system...the first question you should to ask is ‘Who do I have trust, and for how long’?”, Marlinspike asked the audience as he left the stage. “If the answer is a prescribed set of people – forever – then proceed with caution. In the meantime, try Convergence.”

In response to Marlinspike’s comments, a spokesperson from Comodo told Infosecurity that SSL is not broken, and that is remains the best way to protect information in transit. This same spokesperson added that Comodo’s CA process is not broken and that the company issues millions of certificates with what it called a “vanishingly small” error rate.

When asked to comment on Marlinspike’s new Convergence system proposal, Comodo said that, to its knowledge, Marlinspike himself has not claimed that his new system will result in perfect security in all cases, adding that it may be a fine system for security researchers to use.

What’s hot on Infosecurity Magazine?