I had the good fortune to recently attend GrrCON (pronounced “Grrrr Con”), one of the larger Midwestern United States information security and hacking conferences.
Moxie Marlinspike kicked off the event with his keynote presentation titled “SSL And The Future Of Authenticity.”
He gave the same presentation at DEFCON, which my colleague Chester Wisniewski detailed in a fascinating article last month.
Marlinspike opened his talk by telling the tale of how a Certificate Authority (CA), which – according to Netcraft – signs roughly 20% – 25% of SSL certificates, was attacked. Not an everyday hack against a CA, but an act of war.
The CA wasn’t prepared for cyberwarfare and how could they be?
They are a business and conduct security practices as a business. Only countries engage in warfare as they stated on their blog.
The moral of the story? Trust is an important part of SSL authenticity. When the trusted authorities are compromised, then where do we go?
Marlinspike continued through his presentation covering the main components of information security; secrecy, integrity and authenticity.
All of these components require equal thought and consideration in their implementation.
When SSL was designed back in the mid-90s, the authenticity component was given the least thought and as Marlinspike put it, “with a bit of a hand wave.”
With the barrage of attacks on CAs, the hand wave is clearly useful for the flies circling what’s left of authenticity; see Operation Black Tulip.
Trust notaries are used to compare an SSL certificate downloaded by the endpoint with an SSL certificate the notary downloads. If they are a match then you know you’re not on the receiving end of a man-in-ihe-middle (MITM) attack.
The browser extension is currently in beta for Firefox. After adding the extension to Firefox, you now have a comfortable feeling knowing that you have “trust agility.”
Trust agility means that you control who you trust and can change your mind at any time.
I’m also a fan of the Verification Threshold options Convergence provides. You can control how many notaries need to agree. The options are only one notary, a notary majority or a notary consensus. At the risk of sounding like Rachael Ray, “how awesome is that?”
The solution to eliminate the current method of trusting a single entity or multiple entities in the same scope is appealing. By this I mean the user is enabled to change notaries when they need to without compromising security or losing a quarter to a fifth of the Internet.
Having trust agility is absolutely a must have in this decade. Especially in the more recent example of DigiNotar and the complexities involved with revoking the digital certificates that were compromised.
A couple of kinks to work out with Convergence is how to address the issue of a website that has 100 different certificates for the same domain. Also, utilizing additional protocols, such as DNS, for endpoints that are in captive portals like those commonly found when registering for Internet access in an airport or hotel.
I leave you with this to ponder. When I asked Moxie Marlinspike what he would like to share with Naked Security readers in a context of authenticity, he replied that you need to ask yourself, “Who do I have to trust?…and for how long?”
Until text time, stay safe and secure online.