Linked by Thom Holwerda on Mon 5th Sep 2011 22:26 UTC
Privacy, Security, Encryption So, people from within Iran have hacked the Dutch company DigiNotar, allowing them to issue fake certificates so they could listen in on Iranian dissidents and other organisation within Iran. This is a very simplified version of the story, since it's all quite complicated and I honestly don't even understand all of it. In any case, DigiNotar detected the intrusion July 19, but didn't really do anything with it until it all blew up in their face this past week. Now, the Dutch government has taken over operational management of DigiNotar... But as a Dutch citizen, that doesn't really fill me with confidence, because, well - whenever the Dutch government does anything even remotely related to IT technology, they mess it up. And mess it up bad.
Thread beginning with comment 488654
To view parent comment, click here.
To read all comments associated with this story, please click here.
Alfman
Member since:
2011-01-28

Bill Shooter of Bul,

"Then that company switches CA roots to someone who is trusted. And they system works for everyone again."

I know you understand what is going on. However what you view as working system, I view as a broken model.

3rd party authentication, as with the CAs, is inherently problematic when the CA's security is lower than that of the websites using SSL. As it stands, any CA has the technical ability to create a fraudulent certificate for any website. No matter what precautions SSL users/websites take, they are dependent upon *ALL* CA's to not screw up.

The CIA probably was not a client of DigiNotar, and yet they were a victim of the leak. DigiNotar didn't even bother to tell anyone about the leak for several weeks - if there are more leaked keys out there, we'd have no idea.

I don't want to sensationalize this and blow the risks out of proportion, but 3rd party trust is a disturbing requirement of SSL.

I'd be a bigger proponent of a secure DNS based solution which guaranties that we are communicating with the registered owner of a domain name. Everyone with a domain name would be entitled to publish their own certificate in their DNS records and not have to use a CA for the privilege.

This would still require trust in one's hosting provider to supply the legit certificate via secure DNS, however since trusting a hosting provider is implicit anyways, it doesn't increase the scope of trust and it can be insourced to increase security.

Reply Parent Score: 2

Bill Shooter of Bul Member since:
2006-07-14

You raise some good points. I would be in favor of a better system that wouldn't allow any trusted CA to issue a cert for any site.

Given the current system that we have, the best bet is to restrict the number of CA's that you trust.

Reply Parent Score: 2

Alfman Member since:
2011-01-28

Bill Shooter of Bul,

"Given the current system that we have, the best bet is to restrict the number of CA's that you trust."

Well yes, but that only applies to what you can control. There are problems with managing CA's personally:


1. As a website owner, your choice of CAs doesn't increase your security. The authentication of your website is validated by the list of CAs in your user's web browsers.

2. As a user, it's reasonable to want to trust only specific CAs where I can attest to their security. However in reality real websites will use CAs who's security I cannot attest to. So, this may not be an option.

2b. Obviously you're talking about blacklisting a select group rather than whitelisting a select group. But the problem remains that you are trusting CAs who's security procedures haven't really been attested to and could in fact be as bad as DigiNotar.

I'm not even sure how bad DigiNotar's procedures actually were. All CAs are vulnerable to things like zero day exploits and disgruntled employees even when they do follow best practices.

Reply Parent Score: 2

Lennie Member since:
2007-09-22

(sorry, the whole thing became a bit large)

A long time ago there was one CA and people were not all that happy about that either.

DNSSEC (crypto keys for DNS) with DANE (which is a proposed RFC) would be the closest thing to what you talk about, is in a way a single CA-system.

DNS is a hierarchy, it starts at the 'root'.

With ICANN at the top (root) and operations of the crypto handled by ICANN/IANA and Verisign.

The DNS root-servers however are handled by different organisations around the world. One is a large ISP (Cogent), one again is Verisign, one is the RIPE (European IP-addresses organisation), an other is the US department of defense. The list is here: http://www.root-servers.org/

The money to run ICANN comes from the US department of commerce (if I'm not mistaken). Although the department did sign a contract saying they don't interfere with technical operations.

The money from IANA and RIPE comes mostly from the people that need the IP-addresses. IANA is like RIPE, they 'lease IP-addresses' to organisations like ISP's that need them.

While they normally only tell DNS-servers where to find the DNS-servers for .com (which is Verisign) they could in theory point it somewhere else.

However DNSSEC adds crypto in the mix and access to the crypto keys is limited to a bunch of people from around the world.

As you can see it is complicated. ;-)

But there is a root and thus it is kind of similair to a single-CA-system. But a lot of different people and organisations have a say in different parts of it.

A lot of the organisations are US companies (because of historic reasons ofcourse) and thus the US has some power of those organisations.

Not everyone likes that, the Internet should be 'owned' by everyone.

DANE depends on DNSSEC being deployed and that deployment has been slow. Some currently deployed software and firewalls are not compatible. After all it is the largest change to DNS since it was created almost 30 years ago. Just an example, some operating systems and DSL-routers need to be fixed before everyone can use it.

Edited 2011-09-07 10:53 UTC

Reply Parent Score: 2

Alfman Member since:
2011-01-28

Lennie,

Wow thank you for the informative posts. Yes I am aware upgrades would be necessary and that DANE is one of the proposals.

I don't actually think it's that complicated, but then again I study this stuff closely.

"Many home users have a DSL-router that is not capable of handling DNSSEC. Operating systems like Windows XP do not support it."

Really? That'd be a surprise to me since DNSSEC is just the existence of more records on top of DNS. If DNSSEC doesn't work across a router, it implies that the router isn't truly compliant with the DNS protocol. Not to say it's untrue, but why would a manufacturer go out of their way to break their DNS stack like this?


"Also some people think DNSSEC is to much like a one-CA-system. For example if something breaks everyone will have problems:"

Well, the main difference would be that the root keys would not be vouching for people's identity, only vouching for the accuracy of the DNS database, which we already implicitly rely on for the web to work anyways.

From my understanding of DNSSEC, verisign has zone-signing keys for the .com domain (with a relatively brief lifetime), but someone else can hold the key-signing keys - so it would require attacks to be successful on two fronts (in other words a completely broken DNSSEC would still be no worse than today's DNS).

Personally I would have three independent DNSSEC key signing organizations with three master KSKs - and require that at least two of them agree in order for "verisign's" ZSK to be valid. Cryptography redundancy schemes like this are very secure in practice.


Edit: In case it wasn't clear, the intention of the 3 keys is that the corruption of one entity (say by the US government) is insufficient to corrupting the whole system.

We could make DNSSEC KSKs arbitrarily redundant: 7 KSKs world wide, and require that 4 of them agree on ZSKs in order to be valid.

Edited 2011-09-07 17:09 UTC

Reply Parent Score: 2