Monday, August 29, 2011
Is the security model behind SSL certificates fundamentally busted?
Everyone is focused on remediation without thinking about how to improve the model. Some have proposed draconian measures such as removing DigiNotar from the list of trusted CAs. This of course has a side effect of invalidating legimitate certificates which will introduce as another side effect the encouragement of users to bypass any browser certificate warnings.
The SSL specification has the notion of revocation lists built in whereby a browser can check either a revocation list or using OCSP query a service that will validate whether the certificate is current. Did anyone happen to notice that this approach doesn't really work for root CA's that are compromised? So the only remediation is to wait for all the vendors to issue patches and for admins to apply them. Anyone care to guess what the IT track record of applying timely security patches are?
The fundamental flaw in security is in thinking that anything hierachical will ever be secure. We have a better possibility if we acknowledge a basic principle.
- Hyperlinks subvert hierarchy
So, when a certificate gets compromised, we lose the fact that we can no longer vouch for server identity but that we still need mechanisms to evoke encryption. Why do we have a model that couples identity to encryption? Shouldn't these things be two distinction mechanisms in a scalable architecture...