Monday, August 29, 2011


Is the security model behind SSL certificates fundamentally busted?

Most recently, there was a breach of a trusted Root CA which caused a lot of people in the infosec community to come out of the woodwork to discuss. My take has been that this isn't the first nor the last. The better question to ask is whether the current model of issuing SSL certificates is fundamentally busted...

Everyone is focused on remediation without thinking about how to improve the model. Some have proposed draconian measures such as removing DigiNotar from the list of trusted CAs. This of course has a side effect of invalidating legimitate certificates which will introduce as another side effect the encouragement of users to bypass any browser certificate warnings.

The SSL specification has the notion of revocation lists built in whereby a browser can check either a revocation list or using OCSP query a service that will validate whether the certificate is current. Did anyone happen to notice that this approach doesn't really work for root CA's that are compromised? So the only remediation is to wait for all the vendors to issue patches and for admins to apply them. Anyone care to guess what the IT track record of applying timely security patches are?

The fundamental flaw in security is in thinking that anything hierachical will ever be secure. We have a better possibility if we acknowledge a basic principle. We should never be reliant on any notion of authority and should instead figure out how to migrate security to more of a peer-oriented reputation model.

So, when a certificate gets compromised, we lose the fact that we can no longer vouch for server identity but that we still need mechanisms to evoke encryption. Why do we have a model that couples identity to encryption? Shouldn't these things be two distinction mechanisms in a scalable architecture...

| | View blog reactions

This page is powered by Blogger. Isn't yours?