Forgot your password?
typodupeerror
Security

What Would It Take To Have Open CA Authorities? 529

Posted by ScuttleMonkey
from the sounds-like-vc-pitch-time dept.
trainman writes "With the release of Firefox 3, those who have been using self-signed certificates for SSL now face a huge issue — the big, scary warning FF3 issues which is very unintuitive for non-technical users. It seems Firefox is pushing more websites in to the monopolistic arms of companies such as Verisign. For smaller, especially non-profit groups, which will never have issues with domain typo scammers, this adds an extra and difficult-to-swallow cost. Does a service such as this need the same level of scrutiny and cost since all that is being done is verifying domain and certificate match? This extra hand holding adds a tremendous cost and allows monopolistic companies such as Verisign to thrive. Can organizations such as Mozilla not move towards a model that helps break this monopoly, helping establish a CA root authority that's cheap (free?) and only links the certificate to the domain, not actual verification of who owns the domain?"
This discussion has been archived. No new comments can be posted.

What Would It Take To Have Open CA Authorities?

Comments Filter:
  • CACert (Score:5, Informative)

    by Anonymous Coward on Friday July 18, 2008 @03:09PM (#24246121)

    try it....

    • Re:CACert (Score:5, Informative)

      by zerOnIne (128186) on Friday July 18, 2008 @03:12PM (#24246163) Homepage

      Seconded. go here [cacert.org].

      • Re:CACert (Score:5, Interesting)

        by the_olo (160789) on Friday July 18, 2008 @05:17PM (#24247955) Homepage
        Yeah, right.

        $ wget http://crl.cacert.org/revoke.crl

        ...

        23:04:36 (241.13 KB/s) - `revoke.crl' saved [1911370/1911370]

        $ openssl crl -in revoke.crl -inform der -noout -text | less -in

        ...
        Serial Number: 057FA5
        Revocation Date: Jul 18 13:35:01 2008 GMT
        Serial Number: 057FAA
        Revocation Date: Jul 18 14:54:49 2008 GMT
        Serial Number: 057FB4
        Revocation Date: Jul 18 14:43:07 2008 GMT
        Serial Number: 057FB5
        Revocation Date: Jul 18 14:43:26 2008 GMT
        Serial Number: 057FB9
        Revocation Date: Jul 18 16:12:12 2008 GMT
        Serial Number: 057FBB
        Revocation Date: Jul 18 14:59:13 2008 GMT
        Serial Number: 057FBC
        Revocation Date: Jul 18 17:48:23 2008 GMT
        Serial Number: 057FCE
        Revocation Date: Jul 18 16:13:58 2008 GMT
        Serial Number: 057FD0
        Revocation Date: Jul 18 16:11:48 2008 GMT
        Serial Number: 057FD1
        Revocation Date: Jul 18 17:00:35 2008 GMT
        Serial Number: 057FD3
        Revocation Date: Jul 18 16:18:22 2008 GMT
        Serial Number: 057FF3
        Revocation Date: Jul 18 19:43:57 2008 GMT
        Serial Number: 057FF4
        Revocation Date: Jul 18 19:52:50 2008 GMT

        They're revoking a certificate roughly every hour, their CRL is 1.9MB in size and from looking at the serial numbers it seems that lots of certificates are pretty close to each other, which means that a significant percentage of issued certs is getting revoked.

        This would indicate that their loose verification is being severely exploited by the bad guys.

        Now are you completely sure that when you add this CA to your store, you also configure the CRL handling properly? For how often do you schedule download of the CRL? Do you really think it's a good idea to download a 1.9MB CRL every 1 hour (there's no OCSP service for their certs, it seems, at least there's no OCSP URL on their CA certs)?

        I suspect that you didn't give a thought to this, as well as the majority of people who install CAcert root certificates in their browser, not suspecting what can of worms from security perspective do they open. They probably don't even know what a CRL is for, not to mention checking the CRL handling settings in their browser after they install CAcert's root x.509.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Which doesn't answer the question as their certificate isn't supported in Firefox.

      • Re:CACert (Score:5, Informative)

        by rufus t firefly (35399) on Friday July 18, 2008 @03:20PM (#24246257) Homepage
        It isn't *included*, but it's definitely *supported*. Just go here [cacert.org] with Firefox to install their root cert.
        • Re:CACert (Score:5, Funny)

          by pablomme (1270790) on Friday July 18, 2008 @03:34PM (#24246471)

          Or even better, go here [cacert.org], since the above address is an https and Firefox won't accept its self-signed certificate..

        • Re:CACert (Score:5, Insightful)

          by LordKronos (470910) on Friday July 18, 2008 @03:40PM (#24246577) Homepage

          Which does absolutely nothing to stop scaring visitors of your website. We need something that is accepted by default.

          • Re: (Score:3, Insightful)

            by Hatta (162192)

            Sounds like a good way to keep the riff raff out.

          • Re:CACert (Score:4, Informative)

            by Crayon Kid (700279) on Friday July 18, 2008 @05:11PM (#24247911)

            If anybody can get an SSL certificate that will be accepted by Firefox, for free, no questions asked... then the entire point of having CA authorities goes down the drain. You can't simultaneously have a certifying entity AND let everybody in. Because if that happens we might as well forget about CA use in the browsers and just use SSL for encryption.

            • Re:CACert (Score:5, Interesting)

              by LordKronos (470910) on Friday July 18, 2008 @07:53PM (#24249467) Homepage

              Sounds perfectly fine to me.

              First, what the CA's actually consider "authentication" before issuing a cert is laughable. It ensures nothing except that your credit card wasn't declined.

              Second, most people DO NOT pay attention to who the certificate was issued to. Most people don't even know a certificate exists, much less how to see who it was issued to.

              Third, especially because of the previous 2 point, a LOT of people really don't care to try and provide those feature. All they want is SSL, so that info isn't transmitted in plain text. If there were a way to do SSL without a CA, that would be great, but as it is you are held hostage to either paying for a certificate or making your website users jump through hoops to accept a self signed cert.

        • by Rix (54095) on Friday July 18, 2008 @03:52PM (#24246781)

          This needs to be transparent for it to work. You've already lost the vast majority at "root cert". They have absolutely no fucking idea what you're talking about. That isn't going to change.

          If it's not in the default install, it doesn't exist.

    • Re: (Score:3, Informative)

      by sakdoctor (1087155)

      The cert isn't included in any browser your are likely to use.

      • by john83 (923470)
        Why not? Surely Mozilla should have a few recommended free options supported out of principle?
        • Re:CACert (Score:4, Insightful)

          by squiggleslash (241428) on Friday July 18, 2008 @03:29PM (#24246397) Homepage Journal
          No, it shouldn't.

          All CACert does is verify that you have control of the domain name you're trying to get a certificate for before issuing a certificate. That means that you can, with CACert, register something like "citicardbank.com" using throwaway fake information, put up a phishing website, get a certificate for it, and look perfectly legitimate to anyone you phish, without any of your victims ever being able to find out who you were. It doesn't, of course, have to be phishing. It could be "discountjewelryandelectonics.com", with you raking in the "orders" and running away with the cash, again with nobody able to find out who you are.

          Given the general security principle, espoused by most web browser makers, of "Trust nobody unless it's a secure connection, and even then be careful", it makes no sense for Mozilla, Opera, or Microsoft to encourage the use of unaccountable certificates. CACert is fundamentally a bad idea, at least with the current implementation of most web browsers. The only way to make it acceptable is for the user to be warned every time they visit a new website with a certificate signed by a accountability-free CA.

          And given it's the warnings the submitter is whining about, well, what's the point?

          • Re:CACert (Score:4, Insightful)

            by Bryansix (761547) on Friday July 18, 2008 @03:44PM (#24246635) Homepage
            Uhm, I sincerely doubt that Verisign actually makes you go in person to an office and fingerprints you and checks your Driver's License and gets a DNA sample. And since that's the ONLY real way to verify someone is who they say they are then Verisign can provide certificates to people running the same damned scam! Verisign offers no real value. It's all a scam they run for the perception of value added.
            • Re:CACert (Score:5, Interesting)

              by Zeinfeld (263942) on Friday July 18, 2008 @05:08PM (#24247873) Homepage
              ObDisclaimer: Not speaking for my employer here. Yes I work for a commercial CA.

              Actually you are way off base here. Mozilla and VeriSign are both members of the W3C Web Security Context working group where one of the things that we have been working on is how to better make use of self signed certificates.

              I always enjoy reading articles on Slashdot describing what they imagine the optimum strategy for a large public company is.

              Making it easier to use encryption with self-signed certificates is a benefit to a large commercial CA. People who use self-signed certificates today are candidates for an upsell to a public accredited domain validate cert later.

              The basic problem is that people think that a CA sells encryption, that is wrong, we sell authentication and in the case of Class 3 or EV, accountability. I cannot guarantee that the merchant you buy from is honest, or that they will deliver that plasma TV. But I can ensure that they are likely to face consequences if they do.

              If people really want to set up an open CA then read my book, the dotCrime Manifesto, I describe what we were trying to do when we set up the idea of CA services in the first place. I think that setting up an open CA would be a bit like setting up an open source effort to do people's taxes for them. But someone might work out a way to make it interesting enough for the participants to have it done well.

          • Re:CACert (Score:4, Insightful)

            by Illbay (700081) on Friday July 18, 2008 @03:44PM (#24246647) Journal

            ...it makes no sense for Mozilla, Opera, or Microsoft to encourage the use of unaccountable certificates.

            Well, then O-B-V-I-O-U-S-L-Y you're in favor of evil "monopolies like Verisign," of which there are, of course, several (which means they're not "monopolies" at all, then, but since we just want to say "they're mean and charge too much money," why quibble?)

          • Re:CACert (Score:5, Insightful)

            by cbreaker (561297) on Friday July 18, 2008 @03:45PM (#24246653) Journal

            Verisign and friends aren't much better. They have given SSL certs to all kinds of scammer or ridicuous domain names in the past, and continue to do so.

            Trusting that companies like Verisign are doing the right thing is no better than doing nothing.

          • Re:CACert (Score:4, Informative)

            by mindstormpt (728974) on Friday July 18, 2008 @03:48PM (#24246699) Homepage

            Actually you can only get a certificate from CACert if you've been assured with enough points, and that's only supposed to happen after in-person ID verification by multiple members. The certificate includes the verified identity of the member, or the organization if that's the case.

            You can debate if this web of trust model is acceptable, but it's been used by Thawte for some time now, and its certificate is included in every browser.

          • Re:CACert (Score:5, Insightful)

            by Anonymous Coward on Friday July 18, 2008 @04:01PM (#24246935)

            Given the general security principle, espoused by most web browser makers, of "Trust nobody unless it's a secure connection, and even then be careful"...

            Actually, the principle espoused by most web browser makers seems to be "Trust anybody if your connection is unencrypted, but if you wish to encrypt your traffic, trust no-one unless they've given a wad of cash to a CA."

            It seems to me that a user using an unencrypted connection to an unidentifiable web site (that is to say, all http web sites) should receive even more warnings than a user using an encrypted connection to an unidentifiable web site. But somehow, that's not the case.

            This Firefox scaremongering isn't just driving people into the arms of Verisign, it's also driving webmasters away from using encryption, even where web forms might be involved. Too bad - encryption is a good thing.

          • Re:CACert (Score:5, Interesting)

            by jjhall (555562) <slashdot AT mail4geeks DOT com> on Friday July 18, 2008 @04:16PM (#24247167) Homepage

            What do you mean CAcert has no accountability? They have a web of trust in place that actually checks IDs person to person. Thats more than Verisign does. All they do is charge a credit card.

            A CAcert server certificate does exactly what it says it should, that the owner/controller of the domain is in control of the server. It does not verify the personal integrety of the person running it. Of course a Verisign certificate says exactly the same thing but some money exchanged hands in order to say so. But you're trained to trust it more because "its always been that way."

            Personally I think browsers should ship with no root certificates installed at all, and the user can seek out and install the ones they trust. Have you ever looked at the list of default roots in your browsers? Can you verify that every one of them does more verification than CAcert does?

            CAcert is getting close to being audited so that their root will be included in browsers by default. Does that change your stance regarding trusting their server certificates? If not you're going to have to start remembering to remove their root from each browser installation. While in there how many more are you going to remove?

            It bothers me seeing people put so much blind trust in Verisign and Thawte and the likes. To take it a step further, have you ever gone out to your bank's web site and written down the fingerprint of their signature and attempted to verify it at your bank? 99.9% out there will say no.

            The point of an SSL certificate is to secure the communications line, and to ensure the entity you're communicating with now is the same one you communicated with previously. Intentions of the person/server you're communicating with is outside of the scope. No amount of money exchanging hands will change this fact, yet Verisign has obviously convinced a lot of people to the contrary.

          • You think Verisign et al reliably do that? How?

            There was a /. story maybe a year ago about all sorts of obviously fake ones... what the major cert providers verify is that your payment cleared. Which is _something_ because there's SOME kind of traceability. But it's not much.

            I don't really blame them, though, because the problem is fundamental. There's just no real way for them to verify someone is who they say they are, because we don't really have a definition of who that "we" is. It's not like the gov't issues you a social security private key at birth and each corporation too (not to mention going international)

            So the thing keeping them secure IS the payment and the record of the payment, and the fact that so many people fall prey to phishing without a valid cert that no one cares.

            *****

            In my opinion, the best we can do is issue physically linked certs. Cryptographically identical to existing certs, this changes the people part - The certificate authority a) must require a payment, but there's no minimum they can charge b) mails a physical letter with a code c) makes an automated, repeating voice call with a code d) if both codes are entered and they own the domain, issues a cert for that contact info, which can optionally be used to generate certificates for multiple servers.

            Now, the hard part is that you haven't verified IDENTITY at all, you've only verified contact information. So the browser would have to literally display this information, if it was one of these contact-certs (perhaps in a bar just below the URL bar) I say in 'these certs' because for these certs you're not even implying that you can trust anything except the

            You COULD set this authority up with a relatively small expense. You might be able to write a FF extension to display the addresses. If you have reasonable internal security, you probably could get FF to add you as a trusted authority, at least FOR contact-certs.

            That's not GREAT, but it's the best we can do for simply automation for general-purpose merchants/certs... beyond that it's trying to do credit and background checks the old fashioned way.

            My only OTHER idea is that the FDIC/NCUA/etc ought to get together and create a CA for US banks. Then you could even make the bank-trusted bar a DIFFERENT color. And presumably the regulators have a secure way to talk to the banks. (I'm not suggesting that this be legally mandatory for the banks to sign up for or use, but I think there's no one who is more likely to be able to authentically verify the authenticity of a US financial institution than the US regulators...)

        • Re:CACert (Score:5, Informative)

          by theodicey (662941) on Friday July 18, 2008 @03:56PM (#24246831)

          StartCom [startssl.com] is free and already supported by Firefox.

          Mozilla just wants CAs to offer some level of accountability and identity verification. Their CA certificate policy [mozilla.org] is explicit in its requirements.

          I don't see the point in having Verisign certificates eveywhere, but I also don't see why you should blindly trust a Robot Certificate Authority like CACert, without further assurances.

  • Not the first one... (Score:5, Interesting)

    by bradgoodman (964302) on Friday July 18, 2008 @03:13PM (#24246177) Homepage
    I have been using PayPal for many years for automatic payment processing on my web site for shareware I sell.

    When Google Checkout came along, I figured I'd accept that too - so I started doing scripts on my web site to take Google Checkout payments.

    This came to a screeching halt when I realized that Google Checkout payments (or at least automated CGI processing of them) would only be done through web sites with SSL certificates signed by one of the "Major Authorities".

    I wasn't willing to shell out $100 (about half my yearly profit!) for the stupid certificate.

    This FF3 problem is even worse - if you use SSL, your web browser would be screaming to your end-users that you're probably dealing with some hokey-untrusted individual!

    Let's just say that in any respect, I won't be having any little buttons on my site recommending that people use Firefox...

    • Re: (Score:3, Insightful)

      by hedwards (940851)

      The problem is the warning and it should really be changed. These sorts of certs do not guarantee the identity of the parties involved, they just make it difficult to impossible to eavesdrop. There isn't any reason why the key couldn't be stolen or misappropriated.

      I definitely sympathize with you, paying that kind of fee is kind of ridiculous. Which is why I do not have one. But really the issue is that Google and the other companies want reliable certs and they're not going to accept all of the certs. If a

    • FF3 is right (Score:3, Interesting)

      by duffbeer703 (177751) *

      This FF3 problem is even worse - if you use SSL, your web browser would be screaming to your end-users that you're probably dealing with some hokey-untrusted individual!

      If you're not willing to lay out as little as $15 for an SSL-Cert that will work on FF3, you are a hokey, untrusted individual!

    • Re: (Score:3, Informative)

      by nine-times (778537)

      I wasn't willing to shell out $100 (about half my yearly profit!) for the stupid certificate.

      It's not quite as bad as all that. Namecheap offers "RapidSSL" for $13 a year. They even have a deal [namecheap.com] where you can get a free SSL cert with registration or transfer of a domain. Still, yeah, SSL certificates are kind of a racket.

  • by vidarlo (134906) <vidarloNO@SPAMbitsex.net> on Friday July 18, 2008 @03:15PM (#24246201) Homepage
    I run a small norwegian forum, and we use SSL. Since our income is around 100USD a year, which is donated by members, it would be very unfair to spend all of that on a SSL cert. However, how can one explain that there is no security risk involved in creating an exception when the browser so fiercly states that it is a huge security risk? It would be better if you just got a warning like "This site is probably not your bank"...
    • by duffbeer703 (177751) * on Friday July 18, 2008 @03:39PM (#24246569)
      In your case, it's probably appropriate to ask your uses to add CACert or a self-signed certificate to their browsers. This isn't rocket science.
  • by blowdart (31458) on Friday July 18, 2008 @03:16PM (#24246217) Homepage

    $27 a year? (GoDaddy) $50 a year? (InstantSSL) etc.

    Sorry, but if an organisation can't swallow around $50 a year then they have more serious problems that wanting SSL.

  • Try Godaddy (Score:4, Informative)

    by tedhiltonhead (654502) on Friday July 18, 2008 @03:17PM (#24246221)
    Godaddy has a very simple SSL cert option that only validates that the certificate issued matches the domain registration info, which is super cheap.
  • No (Score:5, Insightful)

    by squiggleslash (241428) on Friday July 18, 2008 @03:17PM (#24246225) Homepage Journal

    One entire point of SSL is to ensure that the user can trust the site they're connecting to. If I register citicardbank.com, my inability to get an SSL certificate for it without being traced by my phishing victims severely undermines my ability to rip people off.

    The only way to get what you're asking for is to get a secondary protocol, somewhere between HTTP and HTTPS, that would provide privacy for the communication link but wouldn't promote the notion that the end domain is what it says it is. Whether such a thing is a good idea is open to question, even if it is desirable.

    If push comes to shove, the only problem with the present regime is that it's expensive. There's increasing amounts of competition in that space, so you should expect prices to come down over time. Wait. .com domain names once cost more than what many SSL certs do today.

    • Re: (Score:3, Interesting)

      by Fastolfe (1470)

      The only way to get what you're asking for is to get a secondary protocol, somewhere between HTTP and HTTPS, that would provide privacy for the communication link but wouldn't promote the notion that the end domain is what it says it is. Whether such a thing is a good idea is open to question, even if it is desirable.

      If you have no guarantees about the identity of the person on the other end, how do you know that your session is really private, when it could be someone sitting in the middle, pretending to

  • IE7 (Score:3, Informative)

    by airedalez (743328) on Friday July 18, 2008 @03:18PM (#24246231)
    Why is this being brought up now as something new? IE7 has been doing practically the same thing since it was released. I agree that there should be something "open source", but this is far from new...
    • IE7 / StartSSL (Score:3, Informative)

      by bunratty (545641)

      IE7 is worse, because its user interface does not ask the user if they want to add the site as an exception as Firefox 3 does. The end result is you get the big, scary warning in IE7 every time you visit the site, but you get it only once in Firefox 3 because you need to add the exception before it will let you proceed to the site.

      Anyway, get a free cert from StartSSL [startssl.com] and the problem is solved.

  • Monopoly? (Score:5, Informative)

    by nonpareility (822891) on Friday July 18, 2008 @03:19PM (#24246245)
    The fact that there are "compan*ies* such as Verisign" means Verisign is not a monopoly. In Firefox, go to Tools, Options, Advanced, Encryption, View Certificates, Authorities. These are all valid CAs according to Firefox. As for being cheap, a quick check at GoDaddy's says you can get one from them for $30/year.
  • Domain only? (Score:2, Insightful)

    by coolhelperguy (698466)
    For all but the biggest transactions, most people couldn't care less about what the certificate says. Really, how many people check the certificate on, say, PayPal, to see that it's actually owned by them?

    I'm all for breaking the monopoly of current root CAs, but for the most part, that's already being undertaken over at OpenCA [openca.org], which is indeed trying to get included into major browsers. (Last I heard, they had problems with IE, but Mozilla and perhaps Apple were willing to let them try if they had severa
    • Re: (Score:2, Insightful)

      by rehevkor5 (594051)
      It's simple. The browser should detect self-signed signatures and then instruct the user to verify the SHA1/MD5 hash (fingerprint/thumbprint) with the site's owner. That's all that needs to happen.
  • by bradgoodman (964302) on Friday July 18, 2008 @03:23PM (#24246307) Homepage
    I don't think anyone really wants "Open" CA authorities. "Open" and "Secure" are generally contradictory in this context (not everywhere).

    I think the optimum solution would be a cheap root CA who is also highly trusted.

    I don't know who this would be - maybe someone like a traditional brick-and-morter "bank" which could vogue for an SSL certificate being validated in the same way that are able to link a bank account to a person, company, SSN, etc.

    I was going to say also someone like Google.

    The point is, if a CA-signed cert was $5, no one would be complaining, but if any 'ol shmucks signed certs were automatically accepted by your browser, the whole system wouldn't mean anything.

  • Secure DNS can help (Score:5, Informative)

    by John.P.Jones (601028) on Friday July 18, 2008 @03:25PM (#24246329)

    Can organizations such as Mozilla not move towards a model that helps break this monopoly, helping establish a CA root authority that's cheap (free?) and only links the certificate to the domain, not actual verification of who owns the domain?

    How can anyone possibly establish that a given certificate is associated with a given domain without first proving that they do indeed have the (ownership) rights to establish said association?

    What you are asking for can be accomplished via SecureDNS, you can enter the hash of the certificate in the DNS entry and Secure DNS ensures that only the authorized party can enter that association and verifies that it was not changed. SecureDNS facilitates a lot of these kinds of authentication issues by extending the rooted hierarchy of DNS names to securely dissiminate information, whether it be IP addresses of servers or public key commitments. See my paper "Layering Public Key Distribution Over Secure DNS using Authenticated Delegation" (ACSAC 2005).

  • by Anonymous Coward

    It sounds like some people need to educate themselves on security and the reasons for SSL in the first place. Also take a look at the current situation on the internet - for example how do phishing sites currently operate?

    One of the biggest reasons for using or trusting SSL is that you can trust that the website is who they say they are. If you give out certs without validation, you're not helping the community at all.

    If you think just encryption is enough, you're wrong. People are rarely defrauded becau

  • You keep using that word. I do not think it means what you think it means.

    There are more Certificate Authorities than just Verisign; e.g. Thawte, GeoTrust & GoDaddy.

    GoDaddy charges $15/year for a single-domain SSL cert.

  • 1. Step 1 - FACTOR algorithm in polynomial time
    2. Step 2 - SSL is obsolete, and certificates are pointless
    3. Step 3- PROFIT!

  • by davidwr (791652) on Friday July 18, 2008 @03:30PM (#24246409) Homepage Journal

    The certification authorities really need to get together with the web browser vendors so the big scary warnings can be made trust-level-appropriate.

    For example:

    Domain confirmed: [green][yellow][red]
    Responsible Party Identity Confirmed: [green with seal][green][yellow][red]

    Where "yellow" meant unconfirmed or self-signed and not whitelisted SSL or an easy-to-fake or -steal ID such as a credit card, "red" meant revoked, expired, or invalid credential, and "green" meant a valid SSL or hard-to-fake or -steal personal ID such as a driver's license backed by a notary. "Green with seal" meant a financially-backed guarantee, something big banks would probably get.

    Most small-time web sites would be either green/yellow or yellow/yellow, depending on if they had self-signed certificates.

    The cost of a "no identity confirmed" green/red certificate shouldn't be much more than domain registration. A "yellow/red" self-signed certificate would remain free.

    If people expect "green with seal" when dealing with major financial companies, "green" with most businesses, and "yellow" for personal web sites, they'll give the appropriate level of trust.

  • Trust is the issue (Score:4, Insightful)

    by AlexCV (261412) on Friday July 18, 2008 @03:32PM (#24246443)

    The problem with SSL certificate is that what you're supposed to be buying is trust. Your 400$ is supposed to be for VeriSign to validate that (a) an entity of that name/address pair exist; and (b) there's supporting evidence that the applicant represents that entity.

    The reiterate strongly: Certificates are about authentication not encryption!

    This isn't cheap, it requires a fair bit of effort.

    Also, the CA needs to be trusted in the first place. That's very gray, but even old VeriSign is a lot more trustworthy then "Joe Q. Random Computer Service Associates" with a PO Box in RU.

    Most proponent of "free" CAs really want the little padlock without any concern about trust because they implicitly trust themselves. Suppose you did have a shall-issue free-for-all CA on the web. What value would you place on its certificates? Would you trust that entity to not have a compromised private key?

  • by petard (117521) on Friday July 18, 2008 @03:33PM (#24246455) Homepage

    They offer certs with domain validation for free. There are gentle attempts to upsell you to higher levels of validation, but their domain validated certificates work without errors. Look here [startssl.com].

    If you want certs that are validated to your business' identity (instead of just your domain) and don't indicate in the DN that they were free, there is a small charge.

  • Monopoly?! (Score:3, Insightful)

    by thepacketmaster (574632) on Friday July 18, 2008 @03:36PM (#24246511) Homepage Journal
    A monopoly would be a telephone company or electric company from the 80's, where you had no choice. Last time I opened up the Certificate Authority section of Firefox, there were a LOT of CAs. To name a few of the public ones:
    • Verisign
    • Thawte
    • Go Daddy
    • Network Solutions
    • GeoTrust
    • Entrust

    Not to mention there are a bunch of second level CA's that are very reasonably priced. I think trainman needs to do a bit more research. If you can't afford GoDaddy's prices, I don't think you really need to be concerned with your customers freaking out.

  • by unity100 (970058) on Friday July 18, 2008 @03:37PM (#24246547) Homepage Journal
    the foremost aim of an SSL cert is to encrypt the communication so 3rd parties cant eavesdrop.

    it doesnt make a ZIT of difference if the site you are shopping from has a Verisign signed 256 bit certificate or a self signed certificate. almost all certs are encrypted with similar technologies encryption wise. if you are concerned with 'authenticity', you dont know a website or dont trust them or suspect them, you should NOT be shopping there in the first place.

    yes, this move of firefox 3 is a VERY bad thing. it really pushes people to the arms of verisign, geotrust (which is verisign) and so on.

    not only that, it will also force control panel companies like cpanel, which serve millions of website users through web hosts to have to force users of their services to pay for SSL certs for each server they use or let their users connect to their site control panels through unencrypted connections. that will eventually drive up prices in the high to mid end hosting market. which is BAD, since majority of people host their websites in such small business hosts with $3-4 bucks a month. the overall effect that will have is yet to be seen.

    yes, this was a stupid move by mozilla team, unfortunately.
    • Re: (Score:3, Insightful)

      Yes, SSL is about encryption. That's why the signing issue is important -- without it, you are vulnerable to man-in-the-middle attacks, which effectively negates the encryption.
    • by Rakishi (759894) on Friday July 18, 2008 @03:49PM (#24246721)

      The problem as I understand it is that self-signed certificates are NOT as secure. Specifically a man in the middle attack can easily fake a certificate because your site needs to send the public key to the user in an insecure way (ie: third party intercepts public key, send their own public key, to you they look identical).

      The point of a CA is to prevent this by having a public key come pre-loaded on your machine so there is no possibility of successful interception (ie: the replaced public key would be rejected by the CA).

    • Re: (Score:3, Insightful)

      by Deanalator (806515)

      Bullshit, a self signed cert contains almost *NO* protection at all compared to a pure plaintext session. If anything, firefox needs to be more paranoid about things like sending things like session cookies, and posts with password fields in clear text.

      When a cert failure occurs, there needs to be more than just an "OK" button to click through.

      If you want proof, just sit at an airport with cain open for an hour. I think someone like you would be shocked at how many VPN and email credentials for some major

    • Re: (Score:3, Insightful)

      by BitZtream (692029)

      the foremost aim of an SSL cert is to encrypt the communication so 3rd parties cant eavesdrop.

      Wrong. The point of certificates is authentication. The exact same encryption and key exchange thats used in SSL can be done without certificates anywhere in the chain. It is just kind of silly to do the authentication or the encryption without the other.

      You obviously know nothing of the types of attacks certficates are there to protect, such as dns hijacking.

      No, this is not a bad thing for Firefox. Having non-

  • by Doc Ruby (173196) on Friday July 18, 2008 @03:38PM (#24246557) Homepage Journal

    Instead of relying on centralized CAs, and implicitly trusting these privileged monopolies, we could shift to trust webs [wikipedia.org].

    It's like a social network. You trust who your "friends" trust, and distrust who they don't. With weightings, so some friends' and enemies' associations (and dissociations) count more than others Because some people you trust in their content, but not their judgement of who to trust (and vice versa, but probably more rarely).

    Trust webs can perfectly simulate the current centralized trust model. You can just set your trust web to always trust whoever, say, VeriSign trusts, and ignore everyone else, which is what we get by default today. But you could tweak your trust web to say "If my grad student distrusts a site, then ignore whether VeriSign trusts it".

    Such a trust web could therefore just ship set up with the current CAs the only trusted authorities, and work exactly the same as now. But we'd each have the freedom (or our sysadmins, who could lock the trust web changes away from normal users) to emphasize whoever we actually trust to influence our automated trust.

    Independent authorities could "watch the watchers". So investigators with a reliable track record could become important "second guessers" to the "offical" CAs. People could make their reputation by proving a trusted authority has less than 100% good judgement. And the whole system can become more robust, instead of fracturing as soon as different CAs have different trust levels for different sites.

    The technique and some SW is already available, for apps like PGP and others that rely on a Public Key Infrastructure. What's necessary for the critical mass that makes such a system work is for a browser like Firefox to upgrade to a trust web, with an easy and reliable UI with sensible defaults. Then we're as strong as the trust network in which we embed ourselves.

    • Re: (Score:3, Insightful)

      by the_olo (160789)

      This idea is very interesting indeed. If I understand you correctly, you're proposing to move the web of trust PKI known from PGP/GPG to the arena currently occupied by X.509 and hierarchical PKI, right?

      This could really lift the burden of managing the complexity of trust, life cycles, secure storage of central CA private keys from the CA. I can see that even Verisign has significant problems with that. Their certs don't seem to specify OCSP URLs yet, and they had some scaling problems with CRL distribu [verisign.com]

  • by Illbay (700081) on Friday July 18, 2008 @03:41PM (#24246603) Journal

    The O.P. mentions "...monopolistic arms of companies such as Verisign."

    Okay, look. The word "monopoly" has as its prefix the stem "mono-," from the Greek, meaning "one." That means there can only be ONE "monopoly."

    A phrase such as "monopolistic company LIKE Versign..." is absurd on the face of it. If there are other companies LIKE Verisign, then there is no monopoly.

    Is it REALLY that hard to understand?

    This is an example of how the rising generation is so used to "buzz words" chosen for shock value, etc., and has gone completely away from clarity of speech and writing. What the O.P. means to say, really, is "I don't want to pay the going rate for this service, so I'll call Verisign 'a monopolistic company' because everyone knows 'monopolies' are bad, and that will communicate the 'badness' of 'companies like Verisign.'"

    Oddly, the word "rhetoric," also from the Greek (rheteros, "a speech") used to be a positive appellation for the study of good, clear communication of thoughts and ideas. But it has also succumbed to the buzz-word dementia, and now usually means "empty words."

    How sad.

  • by Animats (122034) on Friday July 18, 2008 @03:44PM (#24246643) Homepage

    There are already plenty of providers selling crap "domain control only validated" certs. We (as SiteTruth [sitetruth.com]) regard those as having no value, and we encourage others to do the same. If it doesn't have an "L" (location) field, it's worthless. The introduction of those crap "quick SSL" certs poisoned the whole cert industry.

    It's a problem that certificates which verify business name and address cost too much. They ought to cost maybe $25 per year. Validation isn't that expensive. That's what registered mail is for.

    There used to be some enthusiasm for "web of trust" schemes of certification, but since the bad guys organized into criminal networks, domain farms became popular, and it became easy to get phony GMail accounts in bulk, that approach is obsolete.

  • by harlows_monkeys (106428) on Friday July 18, 2008 @05:46PM (#24248313) Homepage

    For smaller, especially non-profit groups, which will never have issues with domain typo scammer...

    This is a contender for dumbest statement in the history of security.

  • by Antibozo (410516) on Friday July 18, 2008 @06:33PM (#24248817) Homepage
    ... is to drop the fundamentally broken X.509 PKI infrastructure, where any CA can sign certs for any subject, and switch to a DNSSEC-based PKI where signing authority is limited to subdomains of the authority. In the process, we end up with the ability to sign all the certs you want, for every host, if you like, and have SSL anywhere.

Contemptuous lights flashed flashed across the computer's console. -- Hitchhiker's Guide to the Galaxy

Working...