Proposals for the future of certificates

Certificate authority Comodo, which has come in for a bit of a battering as a result of hacked certificates, has called for a great push forward. At the 80th meeting of the Internet Engineering Task Force (IETF) in Prague, vice president Philip Hallam-Baker presented a mechanism for limiting the mis-issue of certificates. "The risk of mis-issue is very, very large," explained Hallam-Baker, to laughter from the assembled experts. Multiple Comodo SSL registration authorities were the targets of hacks of the company's systems. In at least one case, certificates were issued without the knowledge of the relevant domain operator, forcing all browser vendors to issue updates.

The key feature of Hallam-Baker's proposal is the creation of a new Resource Record (RR) in the DNS specifying which certification authorities are entitled to issue certificates for that domain. Hallam-Baker has admitted to The H's associates at heise Security that the RR would moderate only some of the risk which came back to bite Comodo in the current incident, "As far as Comodo customers are concerned, this entry would not have helped." In addition, such entries in fake domain responses could themselves also be faked. The only means of protecting against this is the authentication of DNS responses using DNSSEC. The draft, by Hallam-Baker and two co-authors from Comodo and Google, proposes, however, that the use of DNSSEC should be optional.

Many experts see the future for certificates lying in a more general concept of marrying DNSSEC and SSL/TLS; this goes by the name DANE. Once secured using DNSSEC, the theory says that the DNS itself could become the trusted source for certificates. Users can decide for themselves whether they wish to purchase expensive certificates from vendors such as Comodo and Verisign or to create their own PKIX certificates. Some already view DANE as the killer app for DNSSEC, take-up of which has so far been patchy. Jim Galvin, vice-president of Afilias, told heise Security that at the end of the development process a new web server might be able to self-certify out of the box and be immediately secured by the spoof-proof certificate saved in the DNSSEC. This would make all domains accessible via https by default.

Experts such as Peter Koch from Germany's DENIC eG warn against raising false hopes. He notes that just because a DNS zone administrator has entered a certificate, it does not necessarily mean that he or she has checked its content. The traditional registry/registrar business does not provide for checks of this type. It is also to be expected that commercial certificate authorities are not likely to take the outsourcing of their business to domain registrars lying down.

Rapid implementation of the procedure outside the IETF might therefore be a more promising option. On a different track altogether is the 'Online Notary' project co-sponsored by the National Science Foundation, in which certificates are checked within the browser by various public online notary services. The concept is based on the assumption that attacks using fake certificates will be limited in time and space – one example might be a man-in-the-middle attack. If multiple trusted servers distributed across the internet see the same certificate at a given time and that certificate has not changed within the last week, it can be assumed that no such attack is taking place. The central design problem is to make certification changes, which are necessary from time to time, invisible to the user. An implementation of the concept, known as Perspectives, is available for Firefox and Chrome. There is also an open source implementation of the notary service software.

See also:

• Single hacker claims responsibility for Comodo certificate theft, a report from The H.
• SSL meltdown: Mozilla admits mistakes in its information policy, a report from The H.
• SSL meltdown: a cyber war attack?, a report from The H.
• SSL meltdown forces browser developers to update, a report from The H.

(Monika Ermert / crve)