Feeds

Marlinspike asks browser vendors to back SSL-validator

'Convergence' open source dev needs vendors to balance the load

Beginner's guide to SSL certificates

Analysis Moxie Marlinspike is encouraging browser developers to support an experimental project to shake up the security of website authentication by moving beyond blind faith in secure sockets layer (SSL) credentials.

The Convergence open-source project is designed to address at least some of the main shortcomings that underpin trust in e-commerce and other vital services, such as webmail. The technology, available as a browser add-on for Firefox, allows users to query notary servers – which they can pick – to make sure the SSL certificate served up by any particular site is kosher.

Marlinspike described the Firefox add-on as a proof-of-concept, adding that he was talking to other browser vendors. "Browser vendors should lead because this is the only way that Convergence can become an 'invisible platform' where surfers can use it without knowing that's what they are relying on," he said.

"We've got the ball rolling and its now up to vendors to do the bulk of the work," he added.

The approach, first outlined by Marlinspike in August 2011, is designed to flag up man-in-the-middle attacks that rely on forged credentials from any one of hundreds of organisations authorised to cryptographically sign the certificates that Amazon, Skype Gmail and countless other e-commerce services rely on to re-assure customers that their secure sites are genuine. About 650 organisations are authorised to sign certificates.

Hackers able to break into the systems of any of these certificate authorities would be able to issue counterfeit credentials, subverting the whole system of trust. The problem was graphically illustrated by hacks against Comodo, the second largest certificate authority, and DigiNotar.

Convergence, rather than relying on the public key infrastructure that ties together the current SSL system, utilises a loose confederation of notaries that independently vouch for the integrity of a given SSL certificate.

Marlinspike told delegates at the recent CSO Interchange conference in London that SSL was designed at Netscape in the early 90s when e-commerce didn't exist. "SSL was only designed to prevent passive attacks," Marlinspike explained. "Authenticity was thrown in at the end as a hand-wave."

Having so many certificate authorities is only part of the problem, according to Marlinspike: "Nobody has a great track record. For example, VeriSign is in the lawful interception business so how can the same organisation be responsible for securing traffic?"

Many sites are broken because they rely on outdated certificates or they support insecure versions of SSL. The problem is further compounded by shortcomings in the certificate revocation process. "You can't revoke trust – that's the essence of the problem," Marlinspike explained.

Trust agility

Convergence provides "trust agility" essentially by letting users decide which notaries they trust to vouch for the authenticity of digital certificate credentials and making it straightforward to swap notaries. "Even if one notary goes bad it doesn't break the system," Marlinspike said. "You can simply replace the notary."

Around 50 organisations have signed up to become notaries, including privacy advocates such as the EFF and technology firms including Qualys. Running a notary requires very little resources, according to Marlinspike. "Most people visit only 20 or so sites and the certificates rarely change," he told delegates at the CSO Interchange conference.

Marlinspike told El Reg that the project, though well documented, was currently largely experimental. Around 24 developers are working on Convergence. "We're changing and adding functionality. It's not currently an IETF standard but we are headed in that direction."

Google Chrome team lead developer Adam Langley has expressed reservations about supporting the crowd-sourcing technology, for a variety of practical reasons, in particular the possibility of notary servers failing under heavy demand. Marlinspike described these concerns as valid for mainstream use of the technology in its present form. "We're testing the waters on what works and what doesn't," Marlinspike explained. "There's still a lot of work to be done on how users interact with the technology."

"The industry can't expect a fully packaged thing from a small team of developers working on an experimental project without getting involved," he added.

Qualys Director of Engineering Ivan Ristic told El Reg that the main problem with Convergence was its "hard fail" functionality. "If you can't reach a notary you can't reach a secure web site."

One approach to solving the availability problem might be to use thousands of notaries, hooked up in a peer-to-peer network, to balance the load.

Nonetheless Ristic praised the project as a "radical" and "promising" approach to solving problems with the internet's trust infrastructure. He says he is convinced that stability and performance issues can be ironed out, but that "the only way to make production successful is to get browser vendor involvement," he added.

Convergence is partly based on the Perspectives Project developed at Carnegie Mellon University. More detail on Convergence can be found at the project's home page here. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.