How about the TLD NICs sign your certificates when you register the domain?
Ideally they have already verified your name, company and address, and you have to trust them to some extend anyway, because they are responsible for the name servers
Ehm no thank you, not all of us want to give away such information for personal projects, there are many reasons for people wanting to register domains privately (beside spammers harvesting whois)
If you give your registrar invalid contact information, your domain is subject to deletion by policy. Proxy registration is OK, as long as the contact information works.
At some point you have to give your information whether it's to the registrar or the proxy company. What is wrong with them using the same information to handle the certificates on your behalf ?
I don't know which one was first, but I wish they would cooperate to establish a standard protocol for notaries.
The model of notaries that observe SSL certificates from multiple points in the internet seems greatly superior and ultimately more trustworthy than the CA model to me. It's not perfect, but it solves the most common man-in-the-middle scenarios and is potentially extensible to become even more robust.
Perspectives/Convergence really is a great system, but it unfortunately still has several problems:
- it completely leaks your browsing history: you basically ask a notary "what's the certificate you see for kinkyneighbors.com?". Convergence addresses this, though
- it requires network-heavy intermediaries for all the browsing of all the people around the world.
- it still doesn't solve authenticity: an attacker could very well be controlling all connections arriving at your house, or leaving the target's server, and fool everyone
Convergence/Perspectives should be coupled with certificate pinning, aka storing _really_ trusted authorities (ie verified by hand) on your computer. Guess what ? [Moxie's next project is just that [0]
(For anyone curious, I highly recommend Moxie's talk [1] about Convergence, it does a great job at explaining what's the problem, what's Convergence and how it can solve at least part of it)
Convergence is a great idea, but, sadly, the project appears to be dead. The last commit to the repo was 2 years ago, and (as far as I know) the Firefox plugin has been broken for a very long time.
We (Qualys) are running several notaries and are part of the default configuration, and we're seeing very little traffic.
The CA is supposed to verify and say "hey this certificate belongs to this company".
What we need is for anyone to setup their cert without a CA (self-signed) and then the CA provides the verification is companies really want it.
This is what happens when you try and dual purpose something. If the certificate was just about encryption then my assumption is that you wouldn't really need CAs.
It's worthless in the face on an active adversary, but it works very well as a countermeasure for passive mass surveillance.
I do think it's a dangerous idea, though. The difference between 'secure' and 'insecure' is (at least partially) understood by most technical and non-technical people, and sometimes they can make a good decision on their requirements. The difference between passive and active adversaries is much more subtle, and I doubt people can think this through with as much clarity.
No, it's not worthless. It /raises the cost/ of an attack, by forcing an adversary to implement a more complicated, expensive MitM attack, instead of simply using passive eavesdropping/packet-sniffing.
And to those bringing up the tired, old rebuttal of this providing "worse" security due to a false sense of protection: that's only relevant if the browser is written idiotically and suggests this is in some way the same security as the fully-authenticated version. They should not be showing a "closed padlock" and changing the address bar color for self-signed SSL!
If enrolling your key in a PKI controlled by world governments seems like a good replacement for a bad private PKI, yes, by all means, pursue DNSSEC as an alternative.
> Only if the middle man was already doing the attack on your first visit to the website.
Keep in mind certificate pinning is a fairly (very!) recent addition to the internet security landscape. Before then MITM more or less completely broke encryption.
> Keep in mind certificate pinning is a fairly (very!) recent
> addition to the internet security landscape
As with much technology it is a re-invention of how we used to do things.
Many corporate websites still use client-side certificates to ensure that the client is talking to the correct server.
In the early days of Internet banking, some bank sites used to do the same; I received a cert from my bank on a shiny 'CD-ROM'. Sadly they discontinued that validation along with publishing their PGP key for secure e-mail. A step backwards.
Like I said, it offers no protection against man in the middle attacks. It doesn’t matter whether it protects against some other techniques because you know, the attacker will just simply use the technique it doesn’t protect against. It is really simple as that.
Encryption without verification only protects you from passive attackers, though. Frankly I fail to see the point, since it's not secure enough for sensitive data, but still has the disadvantages (performance, cache busting) of SSL.
This. It's worse then useless because it's the illusion of security.
It's too bad, because some type of web-of-trust mechanism for HTTP would be an incredible idea - it doesn't solve the trust problem entirely, but it would enable users to share their trust profiles amongst or against trusted individuals.
