What Would It Take To Have Open CA Authorities? 529
trainman writes "With the release of Firefox 3, those who have been using self-signed certificates for SSL now face a huge issue — the big, scary warning FF3 issues which is very unintuitive for non-technical users. It seems Firefox is pushing more websites in to the monopolistic arms of companies such as Verisign. For smaller, especially non-profit groups, which will never have issues with domain typo scammers, this adds an extra and difficult-to-swallow cost. Does a service such as this need the same level of scrutiny and cost since all that is being done is verifying domain and certificate match? This extra hand holding adds a tremendous cost and allows monopolistic companies such as Verisign to thrive. Can organizations such as Mozilla not move towards a model that helps break this monopoly, helping establish a CA root authority that's cheap (free?) and only links the certificate to the domain, not actual verification of who owns the domain?"
CACert (Score:5, Informative)
try it....
Re:CACert (Score:5, Informative)
Seconded. go here [cacert.org].
Re:CACert (Score:3, Informative)
Which doesn't answer the question as their certificate isn't supported in Firefox.
Certification crap (Score:1, Informative)
I go to randommalwaresite.com, I get a certificate for randommalwaresite.com!
HURRAY!! Everybody is happy. WTF?
Re:CACert (Score:3, Informative)
The cert isn't included in any browser your are likely to use.
http://cert.startcom.org/ (Score:1, Informative)
or create your own CA with a link on the http site to install that root cert on the browser.
Try Godaddy (Score:4, Informative)
IE7 (Score:3, Informative)
Monopoly? (Score:5, Informative)
Re:CACert (Score:5, Informative)
Re:Certification crap (Score:4, Informative)
AFAIK, I believe it prevents man in the middle attacks from happening:
You go to mybank.com, but you actually access randommalwareip, which gives you a phony certificate from mybank.com.
Re:A difficult and hard to swallow cost? (Score:5, Informative)
Don't buy from GoDaddy. There are better and cheaper alternatives.
$14.95 - http://www.rapidsslonline.com/rapidssl-certificates.php [rapidsslonline.com]
And unlike godaddy that on is not a chained cert.
Secure DNS can help (Score:5, Informative)
Can organizations such as Mozilla not move towards a model that helps break this monopoly, helping establish a CA root authority that's cheap (free?) and only links the certificate to the domain, not actual verification of who owns the domain?
How can anyone possibly establish that a given certificate is associated with a given domain without first proving that they do indeed have the (ownership) rights to establish said association?
What you are asking for can be accomplished via SecureDNS, you can enter the hash of the certificate in the DNS entry and Secure DNS ensures that only the authorized party can enter that association and verifies that it was not changed. SecureDNS facilitates a lot of these kinds of authentication issues by extending the rooted hierarchy of DNS names to securely dissiminate information, whether it be IP addresses of servers or public key commitments. See my paper "Layering Public Key Distribution Over Secure DNS using Authenticated Delegation" (ACSAC 2005).
Re:No (Score:1, Informative)
Counterpoint:
I basically run the IT division for our organization. If we purchased for-sale SSL certs it would cost us thousands of dollars per year on something that I can generate, for free, for the various secured services we provide (both internally and externally) for the employees of this organization. There's simply no reason to do so, especially when the reason for the SSL cert is for the sole purpose of encrypting traffic between client and server.
Instead, we use a self-signed CA cert and deploy the public part of the CA cert to all machines that use the services. That way, even Firefox 3.0 doesn't care. I don't see why you couldn't provide a similar service where you could make the site's self-signed CA cert available before signing into the SSL-encrypted part of the site.
StartSSL is free or cheap, as you prefer (Score:5, Informative)
They offer certs with domain validation for free. There are gentle attempts to upsell you to higher levels of validation, but their domain validated certificates work without errors. Look here [startssl.com].
If you want certs that are validated to your business' identity (instead of just your domain) and don't indicate in the DN that they were free, there is a small charge.
Re:Try Godaddy (Score:3, Informative)
Sorry, but you have no idea what you're talking about.
GD gives you a full blown SSL cert that works just like what you would get from Verisign.
$30 for a standard cert, $200 for a "wildcard" cert which lets you SSLize all your subdomains.
Re:Try Godaddy (Score:3, Informative)
Untrue.
You can get a chained cert for very cheap from godaddy (and others) that will use your own domain name (www.yoursite.com).
Re:Not the first one... (Score:3, Informative)
I wasn't willing to shell out $100 (about half my yearly profit!) for the stupid certificate.
It's not quite as bad as all that. Namecheap offers "RapidSSL" for $13 a year. They even have a deal [namecheap.com] where you can get a free SSL cert with registration or transfer of a domain. Still, yeah, SSL certificates are kind of a racket.
Re:I've expirienced this myself. (Score:5, Informative)
Re:CACert (Score:2, Informative)
No.
I have bought a few "commercial" certificates from vendors in a capacity as consultant, and I use cacert certificates for my private work and their verification of domain is very similiar. You need to have access to the email sent to at least one official looking email address associated with the domain in question (you may choose from a short list of names like root@domain, hostmaster@domain, postmaster@domain etc.)
In other words, you couldn't get a cacert certificate for a domain you can't read the email for. The security of the process is not perfect, but it is no worse with cacert than it is with the other certification authorities.
Re:Such a thing? (Score:2, Informative)
Re:I doubt it will happen. (Score:3, Informative)
I wasn't involved in the auditing process when the company I worked for started it's CA, but I believe that assessor is WebTrust. The fees are... significant; as are the physical and technical security requirements.
CA signed certificates aren't quite a license to print money, but almost.
Complying with SOX, PKI, and PCI security requirements all at the same time was an interesting experience.
Re:CACert (Score:4, Informative)
Actually you can only get a certificate from CACert if you've been assured with enough points, and that's only supposed to happen after in-person ID verification by multiple members. The certificate includes the verified identity of the member, or the organization if that's the case.
You can debate if this web of trust model is acceptable, but it's been used by Thawte for some time now, and its certificate is included in every browser.
Re:No (Score:1, Informative)
where i work we purchased a wildcard certificate (*.domain.com) from netsolssl.com for 419$.
while id like it to give us the ability to sign our own cert from it, limited by the CN component, right now we just deploy the same cert to our different servers (admitedly for a bit more risk, but still very low considering our overall exposure)
Re:CACert (Score:5, Informative)
StartCom [startssl.com] is free and already supported by Firefox.
Mozilla just wants CAs to offer some level of accountability and identity verification. Their CA certificate policy [mozilla.org] is explicit in its requirements.
I don't see the point in having Verisign certificates eveywhere, but I also don't see why you should blindly trust a Robot Certificate Authority like CACert, without further assurances.
Comment removed (Score:2, Informative)
Re:Certification crap (Score:4, Informative)
Certificates don't do that, they guarantee you're talking to the domain you expect to be talking to. CA signed certs prevent man in the middle attacks.
That's it all certs do. If the box you're talking to was hacked, tough. That's outside the scope of SSL certs.
Re:StartSSL is free or cheap, as you prefer (Score:1, Informative)
True I know this is slashdot but if anyone took the time to read through the list of CA's, startssl has its CA listed in FF3. And it offers free ssl certification.
Re:Certification crap (Score:5, Informative)
The idea of certificates is to authenticate the connection, make it impossible to someone in the middle to pretend to be the server to the client, and the client to the server. Actually, it would be better to require users to have certificates as well, in many cases, as passwords tend to be too trivial.
Now, the price of certificates is horrendous. The passport office provides a document as good, or better, than many certificates, but it doesn't cost many hundreds of dollars to obtain a passport. In fact, as digital certificates are essentially the same as a passport with electronic information, it might be better if the passport office issued digital certificates along with physical passports as a combined package. The added cost to them would be practically nil, and the certificates would have a much greater credibility level than those by most corporations, at least for personal certs.
Re:No (Score:2, Informative)
Please. Don't give money to GoDaddy. (Score:4, Informative)
http://en.wikipedia.org/wiki/GoDaddy#Controversies [wikipedia.org]
This is to say nothing of a number of lower profile controversies and the fact that their entire site is a usability nightmare that seems largely designed to trick marginally informed customers into buying (and cause more savvy customers to explode in frustration).
Re:You've missed the point (Score:5, Informative)
Re:CACert (Score:4, Informative)
If by "several" you mean "several owned by VeriSign", you're correct. They operate under multiple brands and have purchased a number of other major certificate authorities over the years.
Re:CACert (Score:3, Informative)
And my point was that there are commercial certificates (RapidSSL springs to mind) accepted by IE and Firefox that doesn't require any authentication besides having control over the domain. You won't get a meaningful name in the cert, except OU=Domain Validated, but you will get an SSL connection without browser warnings
IE7 / StartSSL (Score:3, Informative)
IE7 is worse, because its user interface does not ask the user if they want to add the site as an exception as Firefox 3 does. The end result is you get the big, scary warning in IE7 every time you visit the site, but you get it only once in Firefox 3 because you need to add the exception before it will let you proceed to the site.
Anyway, get a free cert from StartSSL [startssl.com] and the problem is solved.
Re:Not the first one... (Score:3, Informative)
I'm sure you do. Irrelevant.
>> Again, FF's fault how?
Its not - it has to do with root CAs...like the title of my post implies (let me clarify) [Firefox is] "Not the first one..." [Google Checkout does this too]
>> It's not like it's impossible to accept a self-signed cert, and for all the "scripting" you've done, why don't you mention a quick blurb about FF3's advanced certificate security and validation mechanisms and how a user might go about accepting your self-signed cert.
I agree. Not impossible. It's a source of confusion for those who don't understand, and a just pain in the ass for those who do. And 99% of the time, your not securing financial transactions, your encrypting pages on the bug tracking database at work, or something mundane.
Re:CACert (Score:4, Informative)
If anybody can get an SSL certificate that will be accepted by Firefox, for free, no questions asked... then the entire point of having CA authorities goes down the drain. You can't simultaneously have a certifying entity AND let everybody in. Because if that happens we might as well forget about CA use in the browsers and just use SSL for encryption.
Re:Will Firefox do anything about it? No. (Score:4, Informative)
Comment removed (Score:4, Informative)
Re:CACert (Score:5, Informative)
Why do you need identification to transmit a PUBLIC key (aka SSL cert)? Note: The moderators in this discussion who nuked my other post, like the parent, seem to not understand the difference between public and private keys. Crypto is complicated, but those who don't understand it should not be moderating a crypt discussion!
Nor should they be posting in it. You do not understand the difference between a key and a certificate, nor do you understand the purpose of a certificate authority.
In public/private key cryptography, the public key ensures that one can have a secure conversation with the holder of the corresponding private key. It does not address the problem of verifying who the holder of that key is. So, if Alice and Bob desire a private conversation using asymmetric (public/private) key cryptography, the first step is for them to exchange public keys. However, during the exchange, Mallory intercepts Alice's public key and supplies Bob with Mallory's public key. Mallory can now read the messages between the two and no one is the wiser. Enter the Certificate Authority. The CA's job is to act as a foundation for trust. The CA's key is provided to Alice and Bob securely (i.e. when installing an OS or browser). Alice and Bob can then go to the CA, prove that they are Alice and Bob, and they receive a certificate. The certificate for Alice consists of Alice's public key cryptographically signed by the CA's private key. Bob can then take the CA's public key, which he received previously, and verify the signature on Alice's public key. Bob has then proven that the CA is stating that that public key does in fact belong to Alice.
So, if the CA isn't actually verifying that Alice is Alice or that Bob is Bob, then Mallory can get a certificate that states Mallory is Alice, and we're back to square one.
Re:CACert (Score:3, Informative)
It's much more stricter now. For one thing, they don't sell certs to individual, only to companies. And they also physically mail you a USB signing device for driver signing, not just a certificate.
Re:CACert (Score:5, Informative)
Well, let's have a look.
Verisign has a much more complex pki hierarchy, so there are much more different CRLs. I've visited my local bank's site and had a look at their cert's chain. There were 3 levels of Verisign CAs above their x.509 cert and two of them had CRL distribution points specified (the top one, Verisign Class 3 Public Primary Certification Authority, had none, but I think it didn't need one since it's highly unlikely that the lower ones like Verisign's Class 3 Public Primary Certification Authority G5 will ever be compromised. They still have a 3rd level below and their 2nd level private keys are probably used only in high security, do-everything-manually-inside a-vault-by-a-highly-trusted-personnel-group context, not for signing any customer's certificate requests).
So I downloaded both CRLs:
and then inspected them:
Re:CACert (Score:5, Informative)
There are also two attacks against infrastructure which can compromise a key:
Of all of these, the last one is the only one anyone needs to take seriously. Even then, there are plenty of ways of making directories and files very secure, and making sure that potential exploits like buffer overflows are blocked in advance. (Just use a malloc replacement that prevents them.) The other attacks are so improbable that you can ignore them.
This leave one other attack vector:
This, according to reports, was used to obtain Microsoft's private keys from Verisign. Most reputable cert vendors have established better practices now. Simply choose one that will only deliver keys to an authorized contact point and only after a call-back check or some other authentication scheme.
Re:A difficult and hard to swallow cost? (Score:3, Informative)
I don't see them in my CA collection that shipped with Firefox 3.0.1pre. What's their browser coverage?
Re:CACert (Score:1, Informative)
Hi Bill,
I can see your CAcert account, yes it is "Lord God" but you just cannot create a certificate with this name as you are not assured by other people verifying you id papers.
in case, please write to support (at) cacert.org
Best regards,
Guillaume (guillaume (at) cacert.org)
Re:CACert (Score:1, Informative)
Hi,
That is wrong we have an ocsp responder in the root certificate.
and the ocsp responder is working.
You can test
https://bugs.cacert.org/ in the next days.
the certificate has been revoked (and will be replaced asap)
I have only OCSP responder configured in FF3. And you get a message "sec_error_revoked_certificate" + message in french
We'll look at the revocation, maybe in it normal. we've issued 100.000 certs so far since 2003. one each hour is not much (over 5 years, it would be 40%)
Best regards,
Guillaume
Re:CACert (Score:3, Informative)
Heap overflows can be just as dangerous as stack overflows, although nontrivial to exploit.
Stack overflows are preventable too though.
Overwriting returns via stack overflows are totally preventable by using a separate stack for storing return addresses (as in Forth).
Data overwrites are preventable in varying degrees with sentry values.