SSL And The Future Of Authenticity: A talk by Moxie Marlinspike

These lines are a subjective summary and collection of thoughts triggered by the presentation that Mr. Moxie Marlinspike, co-founder of the start-up whispersys (very recently acquired by twitter), offered at Black Hat USA 2011. The title of this talk was SSL And The Future Of Authenticity. It is still available on youtube (with more than 30000 views!). It is a security talk worth watching from both the content and the delivery viewpoints.

The beginning of the presentation is surprisingly not devoted to providing a long and boring bio of the presenter. Let's keep that in mind as a nice intro to a talk: Sharing an anecdote with the audience. They will pay more attention to that than to a long list of achievements. Human beings like stories, remember!

The first part of the presentation deals with the news of the Comodo hack. He remembers that more than a quarter of the Internet's certificates are Comodo's. And, after the hack, actually, nothing happened to Comodo. The cool point here is that Comodo published the IP address from which the attack was supposedly performed and Moxie could identity the same IP address in his servers' logs, a day after the attack, trying to download his tool sslsniff. Moreover, the HTTP referrers that that IP address left in his logs did not hint at all that it was a highly sophisticated State-sponsored attack the one behind Comodo's.

Anyway, the story of Comodo illustrates, according to Moxie, the problem we have today related to the use of SSL as a secure protocol to identify sites on the Internet. He mentions the 3 requirements that a protocol like that should have:
  • secrecy
  • integrity
  • authenticity (something that SSL does not really cater for)
Moxie refers to the inadequacy of SSL, designed in the 90s of the past Century, to solve our current challenges, with more than more than 2 million server certificates in the Internet and more than 600 certificate authorities out there. Worth mentioning is the SSL threat model from Ivan Ristic.

It is then when Moxie introduces the concept of trust agility, something that would enable users to shift trust much quicker than with the current SSL certs. Trust agility should:
  • be very easy to revise
  • let users decide where to place the trust
He then confronts the highly centralised trust model proposed by DNSSEC with the highly uncentralised trust model that certificates require. In a nutshell, that is the reason why he does not think that registrars, top level domain name administrators (e.g. Verisign) and country code domain name administrators will come to save us all. They all provide very reduced trust agility.

What does he proposed then? He revives a Carnegie Mellon proposal called perspectives. It is based on checking that the certificate in the secure site is the same that the one held by an authority, the notary. These notaries will build a constellation of trust. However, perspectives will only validate the initial connection.

Based on perspectives, Moxie expands it and introduces convergence. Convergence includes a new authentication (expandable) protocol and provides a firefox add-on. In convergence, the user initiates the communication to check the certificate and decides the level of trust given to each certificate. The added value that this initiative provide consist of:
  • no notary lag (local caching possibility)
  • no privacy issues (detaching the site name from the requester via a proxy - using notary bouncing)
The hiccups he identifies in the use of convergence are:
  • mega-sites using a hundred different ssl certs (they exist but they are rare)
  • captive portals (where a DNS query would help)
Finally, he poses to telling questions to the audience:
  • who do I have to trust and for how long?
  • a prescribed set of people, forever?
My 2 humble cents on this: I welcome initiatives such as perspectives and convergence. They clearly signpost the need for Internet-based economic activities to come up with something more resilient than our good old friend SSL. However, let's remember Betamax and VHS VCR systems example, where the solution conquering the market was not the most technically viable option. We need more than a good engineered proposal to conquer the secure site market, and sometimes we don't know where is (or will be) the tipping point.

Enjoy the secure browsing!

Where does SSL lead us to?


Luis Saiz said...

To many default "built-in" trusted CAs.