April 12, 2005

GeoTrust says existing PKI practices are worthless

GeoTrust published a three part attack on the current certification practices that leave users unprotected and wide open to phishing (Exec Summary, shots of Opera being spoofed, and a white paper). In essence, they say that current vetting procedures (which they call first generation) are easy to foil. In particular, Opera's display of the company name on the chrome is flawed, and will actually make matters worse, as that information is not and has never been reliable.

Simply because, they say, it's never been relied upon! So all sorts of garbage gets in there, something I discovered today when my newly installed TrustBar said that the name for www.DnsMadeEasy.com was Tiggee ! Where did that come from?

GeoTrust's solution is that the browser should display both the domain name, being:

"the only piece of data in a digital certificate that's confirmed, guaranteed to be unique, and is registered with an official public domain registry,"

and also:

"The name and logo of the CA who issued the certificate. Consumers will soon learn from news reports which CAs to trust and which CAs use sloppy procedures and should not be trusted."

Hallelujah to that! OK, so now a well known CA has broken ranks and revealed the awful dirty truth behind the PKI. It sucks. It's useless. What are we going to do about it? Or more importantly, what are the browser manufacturers going to do about it?

What this space...

Posted by iang at April 12, 2005 07:48 PM | TrackBack

somewhat related posting on the subject earlier today:

part of the issue with generalized 3rd party certification authorities ... is what should they go about certifying (and putting into a certificate) that might be of some use for future relying parties.

in the early 90s ... there was the idea of x.509 identity certificates. however it wasn't necessarily known what all future relying parties might find of use ... so there was a tendency to put more and more information in, grossly overloading certificates with privacy information.

in the mid-90s ... there started to be some awareness that such certificates represented extreme privacy and liability issues ... and there was some retrenchment to relying-party-only certificates. however, it is trivial to show that relying-party-only certificates are redundant and superfluous

finally there is the whole issue that digital certificates design point were for offline relying parties that had no previous contact with the originating party and had no recourse to any (other) information about the originating party (other than what was provided by a possible digital certificate ... i.e. the paper letters of credit paradigm from the sailing ship days).

that market niche is rapidly disappearing in the pervasive and ubiquitous online world.

what is primarily left are the no-value business processes that can't justify the highly quality and more valuable online, real-time information ... and resort to the offline digital certificates (as being less expensive). however, no-value business processes can't hardly justify the expenses associated with any high assurance and high integrity certification processes.

Posted by: Lynn Wheeler at April 12, 2005 09:51 PM


I have it on good authority that nobody in the SSL or CA world understands what you are saying. Which is just as well as otherwise they would just shoot themselves in a fit of depression.

Still I think there will always be some enduring value for the larger sites to go for something akin to identity certificates. But their usage is so asymmetrical and so small it doesn't justify the huge effort put into SSL and PKI; only if we can get more usage at the zero and low-cost ends does the investment get justified.

Posted by: Iang at April 12, 2005 10:00 PM

In the vast majority of cases, if I care about the real-world identity of my communication partner (such as my bank), I also have a means of exchanging keys with them in a reliable fashion. For example, when I visit the branch.
Otherwise, I usually only care about my partner is being the same as last time. In which case opportunistic key exchange is the way to go.
Thus, I have barely any reason to turn to a CA for establishing a communication partner's identity.

As far as certs of domain names go, I do not understand why we don't get one automagically when registering domains. After all, the registrar must vouch for our ownership of the domain anyway. Why not do it in a digital form? And what can a CA that is not a domain name registry certify? They can check the registry allright, but so can anybody else.

In Eastern Europe, the CA business is the hotbed of corruption. I have a sneaky feeling that it is not much different in other parts of the world, it's just people are less honest about it to themselves and each other.

Posted by: Daniel A. Nagy at April 12, 2005 10:38 PM

I can never understand what Lynn is saying either, between all those ellipses and pointers to irrelevant lists of posts. If he would learn to use capital letters and periods, and make his messages self-contained, then he might have a better chance of being heard. If his message is one that people don't want to hear, there is no reason to insert additional barriers by writing incomprehensibly.

Posted by: Cypherpunk at April 14, 2005 02:24 PM

The countermeasure seems to be a similar solution, which Herzberg and Gbara have proposed last year. They call it TRUSTBAR!

Good idea - unfortunately, not new!

Posted by: Sebastian at April 15, 2005 07:13 AM

So in quoting Tiggee as an example you've proven the point of why you need a cert that has the details inside.

"DNS Made Easy is a revolutionary service operated and designed by Tiggee LLC, a leader in the Internet industry"

If it were a domain cert you'd have no idea who was behind the site. At least now you have confidence that the Cert Auth has checked out Tiggee and they exist.


Posted by: Dave Jones at April 23, 2005 12:35 PM

Hey Dave,

I proved nothing like that, you just turned the case for cert information into its own proof, entirely circular.

Read what I wrote above: I commented on the odd name. But, I didn't then say the cert was unusable; in fact I've been relying on that cert for some time for domain stuff.

How could I possible rely on that cert? Well, I did some other checks, and keep doing other checks: they seem to do DNS and they keep doing DNS; I literally have no interest at all who is behind the site (Tigger, Poo Bear or any one of a thousand other children's characters is fine by me) as long as they keep doing my DNS!

It may be that the security industry is impressed with bed-time stories about how an identity cert will save us from fraud, but in the adult world, companies like an LLC in Delaware in the name of Tiggee are $100 a pop, and a cert in that name would then be $30 more. All totally legal.

Gee, now that I think of it, I know where I can get a fully legal entity for about $60. I suppose we could start a competition in the cheapest fully legal non-fraudulent identity-based SSL cert in a dodgy name?

Posted by: Iang at April 23, 2005 01:11 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.