DEFCON 2011: SSL and the future of authenticity

Filed Under: Data loss, Featured, Firefox, Privacy

Creative Commons photo courtesy of Joe Shlabotnik's Flickr photostreamI had the pleasure of attending Moxie Marlinspike's DEFCON talk "SSL And The Future Of Authenticity." Marlinspike is a great presenter and he doesn't just point out the problems with what we are doing now, but proposes solutions, often with working proof-of-concept code.

Marlinspike didn't disappoint and began the talk with a funny story, rather than the typical boring bio. More importantly, he followed this with a detailed explanation of the current problems with SSL and how we got to where we are today.

Chrome's certificate managerHe argues that the biggest issue is with authenticity. Authenticity today is verified by a list of "trusted" certificate authorities (CAs). Marlinspike points out that you must trust these CAs and today the average browser trusts more than 600. Can you say you trust each and every one?

Another issue is that CAs have had a history of not always doing their jobs properly, and occasionally demonstrating that they cannot be trusted.

What is the purpose of authenticity? Mostly to ensure that you are talking to the entity that you intend to and that no one else is listening. Authenticity provides protection against man-in-the-middle (mitm) attacks using tools like Marlinspike's sslsniff.

This is the biggest problem with the existing CA system. Every major government in the world and many minor ones have the ability to sign any certificate they wish.

Could DHS get a certificate saying they are Google? I'm guessing they can. How about the People's Republic of China (which blocks Naked Security)?

Marlinspike proposed that we use a system of notaries based upon research conducted by the Perspectives Project at Carnegie Mellon University.

Convergence logoHe announced his project, which builds on the research, called Convergence. The idea behind Convergence is to download the presented SSL certificate directly and then ask a series of trusted notaries to download the certificate and give it to you as well.

You can then compare the certificates to yours to determine whether your connection is being spied upon. This allows for the user to decide who to trust, and also eliminates the need to purchase certificates or trust CAs.

Convergence adds another layer on the Perspectives Project as well. To be sure that your queries are anonymous, you go through a proxy notary so that the notaries responsible for retrieving certificates will not know who may have requested the service.

It is a very interesting solution that still has a few kinks to be worked out. If you would like to try it, you can download a beta Firefox extension from

You can also download the notary code and run your own server. Friends can share notaries with one another to build their own personal trust web.

I was thinking you may even choose to trust two notaries that you know you *don't* trust. Trust both the DHS and PRC and they are unlikely to agree about an attack against your privacy that either is conducting.

Creative Commons photo of Moxie soda courtesy of Joe Shlabotnik's Flickr photostream.

, , , , , ,

You might like

7 Responses to DEFCON 2011: SSL and the future of authenticity

  1. Actually, checking with the PRC, DHS, and at least 4 more *trusted* notaries is a perfect idea. You'll never have those agree on a fake certificate, let alone a few other notaries you actually trust. I don't see what the difference with the perspectives proyect is though.

  2. Guest · 1509 days ago

    What about something distributed with "trusted" nodes, p2p certification. Continual uptime can help provide assurances that certain servers are who they say they are, and using a random sampling of others to fetch and verify a server's identity. Anyone can run a CA, but you can still mark certain CA's as preferred. If you can create an account with a CA, you can also help verify that your primary CA isn't being spoofed. If bitcoin can provide assurances that the "money" you have belongs to you and no one else, why should going to my bank's website be less secure?

  3. Guest99 · 1497 days ago

    Convergence addon for Firefox? Yeah, not compatible with Firefox 6.0 so massive frown there!

    • Chester Wisniewski · 1497 days ago

      I asked Moxie and he said they are working on it. His Tweet response was:

      "@ChetWisniewski We're working on it, it'd be a lot easier if we had proper cert. validation API support from @firefox (cc benadida)."

      Someone asked about Chrome support as well and he responded:

      "@jduck1337 Unfortunately there's currently no way to implement Convergence in Chrome. We'd need API support from them, know anybody?"

  4. satya · 1497 days ago

    tried downloading to give it a try...not compatible with firefox 6 yet.. I'll look forward to when it is, however. :/ :)

  5. guest · 1488 days ago

    There don't seem to be any notaries available (other than the one provided by the guy who made this add-on).

    Doesn't Sophos have some "empty" server space that could be used to provide a free service to the public...? :-)

    • Chester Wisniewski · 1488 days ago

      Working on that ;) I am configuring my own notary to be made available soon in Canada as well as working with Sophos to see if we can provide some as a public service. Stay tuned.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on as Chester, Chester Wisniewski on Google Plus or send him an email at