The beginning of the presentation is surprisingly not devoted to providing a long and boring bio of the presenter. Let's keep that in mind as a nice intro to a talk: Sharing an anecdote with the audience. They will pay more attention to that than to a long list of achievements. Human beings like stories, remember!
The first part of the presentation deals with the news of the Comodo hack. He remembers that more than a quarter of the Internet's certificates are Comodo's. And, after the hack, actually, nothing happened to Comodo. The cool point here is that Comodo published the IP address from which the attack was supposedly performed and Moxie could identity the same IP address in his servers' logs, a day after the attack, trying to download his tool sslsniff. Moreover, the HTTP referrers that that IP address left in his logs did not hint at all that it was a highly sophisticated State-sponsored attack the one behind Comodo's.
Anyway, the story of Comodo illustrates, according to Moxie, the problem we have today related to the use of SSL as a secure protocol to identify sites on the Internet. He mentions the 3 requirements that a protocol like that should have:
- secrecy
- integrity
- authenticity (something that SSL does not really cater for)
It is then when Moxie introduces the concept of trust agility, something that would enable users to shift trust much quicker than with the current SSL certs. Trust agility should:
- be very easy to revise
- let users decide where to place the trust
What does he proposed then? He revives a Carnegie Mellon proposal called perspectives. It is based on checking that the certificate in the secure site is the same that the one held by an authority, the notary. These notaries will build a constellation of trust. However, perspectives will only validate the initial connection.
Based on perspectives, Moxie expands it and introduces convergence. Convergence includes a new authentication (expandable) protocol and provides a firefox add-on. In convergence, the user initiates the communication to check the certificate and decides the level of trust given to each certificate. The added value that this initiative provide consist of:
- no notary lag (local caching possibility)
- no privacy issues (detaching the site name from the requester via a proxy - using notary bouncing)
- mega-sites using a hundred different ssl certs (they exist but they are rare)
- captive portals (where a DNS query would help)
- who do I have to trust and for how long?
- a prescribed set of people, forever?
Enjoy the secure browsing!
Where does SSL lead us to? |