Feeds

Marlinspike asks browser vendors to back SSL-validator

'Convergence' open source dev needs vendors to balance the load

Build a business case: developing custom apps

Analysis Moxie Marlinspike is encouraging browser developers to support an experimental project to shake up the security of website authentication by moving beyond blind faith in secure sockets layer (SSL) credentials.

The Convergence open-source project is designed to address at least some of the main shortcomings that underpin trust in e-commerce and other vital services, such as webmail. The technology, available as a browser add-on for Firefox, allows users to query notary servers – which they can pick – to make sure the SSL certificate served up by any particular site is kosher.

Marlinspike described the Firefox add-on as a proof-of-concept, adding that he was talking to other browser vendors. "Browser vendors should lead because this is the only way that Convergence can become an 'invisible platform' where surfers can use it without knowing that's what they are relying on," he said.

"We've got the ball rolling and its now up to vendors to do the bulk of the work," he added.

The approach, first outlined by Marlinspike in August 2011, is designed to flag up man-in-the-middle attacks that rely on forged credentials from any one of hundreds of organisations authorised to cryptographically sign the certificates that Amazon, Skype Gmail and countless other e-commerce services rely on to re-assure customers that their secure sites are genuine. About 650 organisations are authorised to sign certificates.

Hackers able to break into the systems of any of these certificate authorities would be able to issue counterfeit credentials, subverting the whole system of trust. The problem was graphically illustrated by hacks against Comodo, the second largest certificate authority, and DigiNotar.

Convergence, rather than relying on the public key infrastructure that ties together the current SSL system, utilises a loose confederation of notaries that independently vouch for the integrity of a given SSL certificate.

Marlinspike told delegates at the recent CSO Interchange conference in London that SSL was designed at Netscape in the early 90s when e-commerce didn't exist. "SSL was only designed to prevent passive attacks," Marlinspike explained. "Authenticity was thrown in at the end as a hand-wave."

Having so many certificate authorities is only part of the problem, according to Marlinspike: "Nobody has a great track record. For example, VeriSign is in the lawful interception business so how can the same organisation be responsible for securing traffic?"

Many sites are broken because they rely on outdated certificates or they support insecure versions of SSL. The problem is further compounded by shortcomings in the certificate revocation process. "You can't revoke trust – that's the essence of the problem," Marlinspike explained.

Trust agility

Convergence provides "trust agility" essentially by letting users decide which notaries they trust to vouch for the authenticity of digital certificate credentials and making it straightforward to swap notaries. "Even if one notary goes bad it doesn't break the system," Marlinspike said. "You can simply replace the notary."

Around 50 organisations have signed up to become notaries, including privacy advocates such as the EFF and technology firms including Qualys. Running a notary requires very little resources, according to Marlinspike. "Most people visit only 20 or so sites and the certificates rarely change," he told delegates at the CSO Interchange conference.

Marlinspike told El Reg that the project, though well documented, was currently largely experimental. Around 24 developers are working on Convergence. "We're changing and adding functionality. It's not currently an IETF standard but we are headed in that direction."

Google Chrome team lead developer Adam Langley has expressed reservations about supporting the crowd-sourcing technology, for a variety of practical reasons, in particular the possibility of notary servers failing under heavy demand. Marlinspike described these concerns as valid for mainstream use of the technology in its present form. "We're testing the waters on what works and what doesn't," Marlinspike explained. "There's still a lot of work to be done on how users interact with the technology."

"The industry can't expect a fully packaged thing from a small team of developers working on an experimental project without getting involved," he added.

Qualys Director of Engineering Ivan Ristic told El Reg that the main problem with Convergence was its "hard fail" functionality. "If you can't reach a notary you can't reach a secure web site."

One approach to solving the availability problem might be to use thousands of notaries, hooked up in a peer-to-peer network, to balance the load.

Nonetheless Ristic praised the project as a "radical" and "promising" approach to solving problems with the internet's trust infrastructure. He says he is convinced that stability and performance issues can be ironed out, but that "the only way to make production successful is to get browser vendor involvement," he added.

Convergence is partly based on the Perspectives Project developed at Carnegie Mellon University. More detail on Convergence can be found at the project's home page here. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?