Check out Maintaining digital certificate security by Adam Langley over on the Google Online Security blog. Bad certs in the wild, many Windows users (but not on Firefox) vulnerable. This is very, very bad. Let me elaborate a bit and explain how Google could solve this problem.
Digital certificates (everyone says “certs”) are a key ingredient in making the Web secure enough that you can use it for banking and buying things. You need one if you want to operate a web address starting with “https:”. You buy them from a “certificate authority” (everyone says “CA”).
Fortunately, they’re cheap and reliable and pretty easy to use. These days, you can get them for free for some applications. Plug: I got mine for tbray.org from SSLs.com; it was easy, straightforward and cheap.
Unfortunately, the CA business is poorly regulated, there are too many of them, and some have questionable competence and/or ethics, this most recent story being an example. If your security gets compromised, do you care whether it’s because the cert provider screwed up, got bribed by a crook, or was “persuaded” by an intelligence agency? I don’t. But these things happen.
Specifically: When a screw-up like that one in India happens, it means that if bad guys got their hands on those fake Google certs (and maybe some did) they could pretend to be google.com and steal your Google account (and maybe some did).
Since the cert infrastructure is just as essential to modern commerce as are accounting standards or liability rules, the natural thing would be to call for auditing and regulation. We sort of already have this, there’s an auditing scheme called “WebTrust”. But it doesn’t inspire much confidence; check out its only online presence, apparently at a Canadian accounting-standards site, webtrust.org. Also, empirically, there are regular bogus-cert stories.
It does seem to me that some head-bashing by governments to stiffen up the auditing standards and make them more transparent might be useful here. On the other hand, this could drive up the cost of certs; and also many people are nervous, for good reason, about government over-regulation and over-reach.
But Google could solve the problem. When I was working there, a couple non-Googlers told me “Google should just wade into that biz, provide a super-cheap, super-friendly, super-reliable cert store, and drive the morons and crooks out of business.” The more I thought about this, the more it made sense to me.
It still does. Google has the security infrastructure and scale to do it better and cheaper and faster and safer. The status quo is bad for Google and bad for the Internet. The only other companies with comparable scale and reach at the moment are, in my opinion, Facebook and (maybe) Microsoft. I think it would make perfect sense for either of them to get into the biz as well.
If Google did, it would probably suck the money out of this whole sector and maybe destroy operators like the apparently-nice-guys over at SSLs.com. Which would be a sad but appropriate consequence of capitalism.
Contributions
Comment feed for ongoing:
From: Dave (Jul 09 2014, at 13:14)
No. Google is not the morons but it is very much the crooks. What we need is a decentralized scheme that does not rely on scumbags.
[link]
From: Kevin Riggle (Jul 09 2014, at 13:30)
Blowing up the cert business would mean that, if you didn't trust Google (and people don't) and wanted to run your own CA (and people do), you would have to compete with free. Not impossible (see the people competing with Gmail), but the costs of starting a CA are a lot higher than the costs of starting an e-mail service.
[link]
From: Simos (Jul 09 2014, at 14:35)
Each web browser (or other client software like Android) comes with a huge list of root certificates, somewhere over 200.
The problem is that only a small minority of those will ever be used in the lifetime of the device.
All those root certificates make a big attack surface.
Something that is missing is tools that highlight when a root certificate is used for the first time (blacklist all, then start white-listing on demand). This would help catch localized instances of possible tampering of root certificates.
[link]
From: Stephen (Jul 09 2014, at 20:06)
There's also CACert (https://en.wikipedia.org/wiki/CAcert.org) which seem to be pretty interesting - their certificates are free and based partly on automation relying on the email system and partly on community verification/Web of Trust model. They've been trying to get through an audit for years though, and failing because of mismanagement and bad priority setting, even though the community is strong and the technical details are mostly in place. The auditing process looks like it's kicked into gear again, so if they have their act together, we might see them in a place to start getting their root certificate into major places a few years from now.
[link]
From: Mark Nottingham (Jul 10 2014, at 01:40)
No. Google becoming more monopolistic and powerful is not a good answer.
However, a potential solution (or at least mitigation) is being pushed by Google - Certificate Transparency.
[link]
From: Dolphin (Jul 10 2014, at 09:00)
I agree with points on CA model and PKI more broadly being fundamentally flawed. I also agree with the prior commentator on decentralized solutions being the key. In fact, the solution is on the way - NameCoin. It is decentralized. It allows association of arbitrary names with records, where public certificates or other relevant information can be stored. We are working on a decentralized E-mail encryption solution that does not rely on the hierarchical PKI model and, at the same time is free of "web of trust" problems encountered in PGP.
There is more on the Google incident and NameCoin at http://www.securedolphin.com/blog/google-victim-ssl-pki
[link]
From: Chris Siebenmann (Jul 10 2014, at 10:30)
I think that this misses the fundamental problem with SSL today on the web, which is that the browsers put too much trust in too many certificate authorities (both directly and indirectly, via delegated sub-CAs). As Simos says, this broad trust creates a massive attack surface where all an attacker needs is one CA that can be fooled, subverted, or coerced into issuing an imposter certificate.
The consequence of this is that real security improvements can only come about by extending less trust to certificate authorities in general. There are a number of approaches that are tackling this today, including Google's work on Certificate Transparency.
(Reducing the number of CAs that browsers trust is a massive minefield that is unlikely to be feasible or effective. Driving most commercial CAs out of business is not a fundamental improvement, eg note that the CA involved in the latest issue is a non-commercial one.)
[link]
From: DC Dan (Jul 11 2014, at 11:23)
Amazon (on the AWS side) takes security very seriously and selling certs would be a great addition to AWS.
[link]