Original URL: https://www.theregister.co.uk/2012/02/08/convergence/
Marlinspike asks browser vendors to back SSL-validator
'Convergence' open source dev needs vendors to balance the load
Analysis Moxie Marlinspike is encouraging browser developers to support an experimental project to shake up the security of website authentication by moving beyond blind faith in secure sockets layer (SSL) credentials.
The Convergence open-source project is designed to address at least some of the main shortcomings that underpin trust in e-commerce and other vital services, such as webmail. The technology, available as a browser add-on for Firefox, allows users to query notary servers – which they can pick – to make sure the SSL certificate served up by any particular site is kosher.
Marlinspike described the Firefox add-on as a proof-of-concept, adding that he was talking to other browser vendors. "Browser vendors should lead because this is the only way that Convergence can become an 'invisible platform' where surfers can use it without knowing that's what they are relying on," he said.
"We've got the ball rolling and its now up to vendors to do the bulk of the work," he added.
The approach, first outlined by Marlinspike in August 2011, is designed to flag up man-in-the-middle attacks that rely on forged credentials from any one of hundreds of organisations authorised to cryptographically sign the certificates that Amazon, Skype Gmail and countless other e-commerce services rely on to re-assure customers that their secure sites are genuine. About 650 organisations are authorised to sign certificates.
Hackers able to break into the systems of any of these certificate authorities would be able to issue counterfeit credentials, subverting the whole system of trust. The problem was graphically illustrated by hacks against Comodo, the second largest certificate authority, and DigiNotar.
Convergence, rather than relying on the public key infrastructure that ties together the current SSL system, utilises a loose confederation of notaries that independently vouch for the integrity of a given SSL certificate.
Marlinspike told delegates at the recent CSO Interchange conference in London that SSL was designed at Netscape in the early 90s when e-commerce didn't exist. "SSL was only designed to prevent passive attacks," Marlinspike explained. "Authenticity was thrown in at the end as a hand-wave."
Having so many certificate authorities is only part of the problem, according to Marlinspike: "Nobody has a great track record. For example, VeriSign is in the lawful interception business so how can the same organisation be responsible for securing traffic?"
Many sites are broken because they rely on outdated certificates or they support insecure versions of SSL. The problem is further compounded by shortcomings in the certificate revocation process. "You can't revoke trust – that's the essence of the problem," Marlinspike explained.
Convergence provides "trust agility" essentially by letting users decide which notaries they trust to vouch for the authenticity of digital certificate credentials and making it straightforward to swap notaries. "Even if one notary goes bad it doesn't break the system," Marlinspike said. "You can simply replace the notary."
Around 50 organisations have signed up to become notaries, including privacy advocates such as the EFF and technology firms including Qualys. Running a notary requires very little resources, according to Marlinspike. "Most people visit only 20 or so sites and the certificates rarely change," he told delegates at the CSO Interchange conference.
Marlinspike told El Reg that the project, though well documented, was currently largely experimental. Around 24 developers are working on Convergence. "We're changing and adding functionality. It's not currently an IETF standard but we are headed in that direction."
Google Chrome team lead developer Adam Langley has expressed reservations about supporting the crowd-sourcing technology, for a variety of practical reasons, in particular the possibility of notary servers failing under heavy demand. Marlinspike described these concerns as valid for mainstream use of the technology in its present form. "We're testing the waters on what works and what doesn't," Marlinspike explained. "There's still a lot of work to be done on how users interact with the technology."
"The industry can't expect a fully packaged thing from a small team of developers working on an experimental project without getting involved," he added.
Qualys Director of Engineering Ivan Ristic told El Reg that the main problem with Convergence was its "hard fail" functionality. "If you can't reach a notary you can't reach a secure web site."
One approach to solving the availability problem might be to use thousands of notaries, hooked up in a peer-to-peer network, to balance the load.
Nonetheless Ristic praised the project as a "radical" and "promising" approach to solving problems with the internet's trust infrastructure. He says he is convinced that stability and performance issues can be ironed out, but that "the only way to make production successful is to get browser vendor involvement," he added.
Convergence is partly based on the Perspectives Project developed at Carnegie Mellon University. More detail on Convergence can be found at the project's home page here. ®