Trusted online communication is a truly vital aspect of the internet. From a technical perspective, we tend to rely on cryptographic protocols – most often Transport Layer Security and its predecessor Secure Sockets Layer – that certify the identity and the encryption of the parties communicating.
Web browsers often indicate when they’re on a site with a valid SSL certificate by showing a green lock and “https://” in the web address, which assures the site visitor that they’re on a trusted site.
Even with these protocols in place, however, trust is often difficult to forge because it requires us to believe in the many bodies tasked with overseeing SSL certificates and routing out misuse.
TLS and SSL rely on Certificate Authorities and a public key infrastructure to manage and vouch for certificates, and verify the relationship between a certificate and its owner.
In the past few years, events have made some question whether CAs can be trusted. For instance, in 2011, Iranian hackers were able to trick a CA affiliate into issuing fraudulent certificates for domains including mail.google.com, login.yahoo.com, and addons.mozilla.org.
Every Certificate Authority Needs to be Trustworthy
Paul Kocher, president and chief scientist of Cryptography Research and an architect of the SSL 3.0 protocol, says the SSL protocol is still relevant, but admits that there are problems with the current CA model.
Contrary to his original notion that each top-level domain would have two or three CAs, hundreds of entities now issue certificates, making it difficult to identify rogue CAs that aren’t following proper procedures.
Furthermore, rogue CAs hurt trust in the entire CA system, tarnishing the trust people have in good CAs. And the CA system provides little reward for CAs that do a better job.
“A CA who does a better job of verifying its customers doesn’t deliver a ‘better’ product in any material way because the consequences of a largely harm customers of other CAs,” Kocher says. He notes that Extended Validation SSL certificates – where CAs ensure that a business is whom they say they are – fall prey to the same problem. Customers will often choose to get an EV-SSL from the CA who has the simplest (and most lax) due diligence process and the lowest cost, rather than the one with the highest security.
This means that the sense of security we get from the green lock could sometimes be a false one. But it also points to the fact that SSL is just one element of security.
SSL is Just One Element of Security, But a Foundational Element
Ivan Ristic, who heads application security research at Qualys, notes that SSL alone doesn’t make a website secure. SSL won’t protect someone from application-level issues like XSS and SQL injection, nor will it patch or update software. What SSL does provide, he says, is “a secure foundation to build on.”
“For the large majority of sites, SSL and even the current Web PKI system are just fine,” he says. “Their biggest problem is not that someone can get to the keys, but that the main door is secure, but the windows are open. For example, probably more than 99 percent of all SSL sites could significantly improve their security by supporting new protocols, supporting Forward Secrecy, and new standards such as HTTP Strict Transport Security and Content Security Policy. That’s a lot of low hanging fruit right there.”
Ristic says SSL certificates and the CA model are still relevant and that there’s no better solution for providing reasonable secure communication among parties from across the world who have never met before.
Can SSL Be Better? Can Security Be Done Better?
The real question we should be asking, Ristic says, isn’t whether SSL is still relevant, but instead: “Can we do better?” And if so, should we improve the current system, or replace it?
Kocher says that the SSL protocol isn’t really the problem, but we can work to improve security through its implementation.
“The limitations of the CA model in web browsers’ SSL implementations are very real, although I’d characterize the problems as security policy issues rather than problems within the SSL protocol itself,” he says. “SSL essentially defers to the implementation, e.g. the browser, decisions as to what certificates are acceptable for establishing a given connection. As a result, the solutions require changing or enhancing how browsers decide if a site is trustworthy, but largely don’t change the underlying SSL protocol.”
Kocher says efforts such as the Certificate Transparency initiative, which quickly brings CA abuses out into the open, will help fix the CA problem. The HSTS initiative, he says, is also crucial since it’s designed to help deal with attacks that strip SSL and force traffic out into the clear.
There are, he says, matters that may be more difficult to solve such as site impersonation, “in which a malicious site may use a domain like ‘google-secure-login.com’ can impersonate Google’s login page in order to steal passwords).”
Don’t Abandon What Works in SSL Certificates and the CA Model; Build on It
But Kocher contends that the CA model for issuing SSL certificates is obviously still relevant. “All of the solutions being contemplated enhance, rather than discard, the current model. End users can’t each perform their own due diligence on every communication partner, so we’re always going to need CAs to help establish trust. Thus, despite the limitations of certificates, they are immensely useful and aren’t going away.”
Ristic says that in order for SSL and other security protocols to provide security, we must foster a deeper and more nuanced understanding of what security is, why it is important, and how to implement it.
“I would argue that the biggest problems we have come from that fact that we (as a society) are not yet mature enough to appreciate security and work towards having it,” Ristic says.
“For most, security is still something that stands between them and getting things done. Until that changes, no technology is going to be able to help us. Having said that, it’s clear that many pieces of the current ecosystem were designed many years ago, when our understanding of security was much more shallow. The challenge now, as I like to say, is to fix the engine while the plane is flying.”