Thursday, March 24, 2011

Certificate authority compromised

Wired reports:
In a fresh blow to the fundamental integrity of the internet, a hacker last week obtained legitimate web certificates that would have allowed him to impersonate some of the top sites on the internet, including the login pages used by Google, Microsoft and Yahoo e-mail customers.

As a rule of thumb, a system that requires the entire world to cooperate and do things right is unlikely to work very well. This is particularly true for security software, where the very point of the software is to defend against those that misbehave.

The good news is that TLS certificates aren't that effective anyway, so the breach didn't cause much harm. The harm is more like someone breaking through a gauzy curtain than someone breaking into a bank vault. Few people notice if they are even connected via http or https, and TLS only helps for https connections. As well, if you connect to instead of, certificates won't save you. Further, what exactly can a certification authority ever certify even if everything checks out? Pretty much all they can do is verify that you are connecting to the owner of the given DNS address. It doesn't mean that is really the web site for the Bank of America you are trying to contact.

TLS certificates are a case of following a beautiful theory that mismatches reality. The theory is that people gain trust in a web site by having a lot of third-party certificates attesting to that web site's authenticity. The more reputable the sites, the better.

To see that this is an odd theory, consider how it is that we believe a person we are talking to is who we think they are. It's almost never because we checked their ID and are savvy enough to know whether it's a fake ID or not. A more plausible source of trust is that we recognize that we're talking to the same person we talked to yesterday. Another more likely way is that we were introduced to the person by someone else that we trust, so we tentatively start talking to the new person based on that contact.

There are web analogies for both of these processes. If we visit the same site two days in a row, our browsers could tell us this via an improved bookmarking system such as the Pet Names toolbar. If one site links to another site, then we gain confidence in the second site corresponding to how we thought about the first site. That's hyperlinking, and it could be improved by a system like YURLs.

Neither such mechanism, however, is getting much attention. The action is all in certificate chains. For some reason, engineers are fixating on an approach where truth descends down a hierarchy and where end users are able to study and act on these delivered truths. Web protocols would be better, it seems to me, if they relied on more realistic models of identification that mirror what we do in our social lives.


Robert "kebernet" Cooper said...

Well, having an important cert *CAN* make a difference. For instance, I could drop a dup DHCP server with a proxy for Bank of America in, let's say, Harstfield Jackson Intl. Airport and transparently capture every BofA customer who uses the WiFi's logins. Doing a MITM like that without the cert... well, OK, you might get away with it for a few people, but not everyone.

Lex Spoon said...

I agree having the cert helps. However, I don't see how it helps very much.

Consider your scenario. Even without a cert for, you could redirect users to, some alternate DNS name that you have obtained a cert for. It takes an unrealistically astute user to avoid getting snared by this. They have to not only notice the DNS change, but also work up confidence that the DNS change was not part of an intentional site redesign by the bank.