I got an interesting call from 305-800-1000 claiming to represent Verisign. Whoever was calling (“they,” not necessarily Verisign, but I don’t have any reason to doubt that) had reviewed my site and found I was using a CACert certificate, which the caller accurately pointed out generates a warning in most browsers, and accurately pointed out might turn users away for no valid reason whatsoever except that I didn’t pay Verisign for the privelege of using encyrption and FireFox penalizes me for not having done so.
They thought I should “upgrade” to a Verisign cert.
I politely explained that I understood that CACert isn’t included in most default browsers and that it should be and that charging for certificates was a scam and that I absolutely would not be switching and I was doing my part to make the web a better place. Amazingly, the caller actually seemed to understand my off-script rant and thanked me for my time.
I hate the current cert model. It is totally broken. People seem to think that certs work as a trust tool and if only you give people big enough, annoying enough warnings they’ll not trust a free, expired (or perhaps even illegitimate) cert. The problem is that certs are a pain in the ass. Recently my BlackBerry started telling me Google Maps’ cert had expired. Did I not use maps until they fixed it? Would you? No, of course not. You just pick through an extra stupid dialog. The worst thing about the new FireFox update is the real estate wasted on cert validity and the astonishingly annoying “are you absolutely sure you trust this cert?” dialogs.
The only valid reason for SSL is so that when you’re at a coffee shop or on an untrusted networks, it is harder for people to sniff your passwords. That’s it. It completely fails as a validity check, no matter how big and red the policeman warning logo is. It always fails for a number of reasons:
- A bad cert doesn’t mean anything. “Green” certs are absurdly expensive (they should be free), expire, and are hard to manage so one frequently finds bad certs on known good sites.
- A good cert doesn’t mean anything. All it means is that the site paid and the URL matches. But even a place like a bank might have dozens of URLs for different parts of their service and so getting a green cert for www.my-bank.com is just as good as www.mybank.com. If the site looks the same, most people will log right in to either.
- Nobody pays any attention anyway. And they really shouldn’t.
In the end this is a disaster for net neutrality. There are some interesting debates about FireFox’s new, intrustive dialog boxes. The cold call I just got is a natural consequence of a FUD policy which in effect reduces interent security to the benefit of people selling certificates FireFox approves. If it turns out there is financial benefit flowing from the vendors of “approved” certificates to FireFox, I’ll never use it again. Even without impropriety, I think Mozilla has done a grave disservice to the internet.
Some very clever people have figured out how to create an exploitable real world MD5 hash collision. It is interesting work and suggests that the value of an MD5 signature to verify a certificate is lower than intended. In the end the work shows it is possible to spoof a web site in such a way that a browser’s normal security features for detecting false websites are defeated. But does it really matter?
That presumption, that a CA would be meaningful in preventing phishing or redirection or whatever by uniquely identifying a site as belonging to the entity in question because the user trusts the domain name, is prima facia absurd. Would you even think about going to www.bofa.com instead of www.bankofamerica.com or whatever? I wouldn’t; most banks would buy every variation of their name including common misspellings (www.bnkofamerica.com?), so that a misspelling seems to work wouldn’t surprise me at all. That a misspelling gets a cert thus means nothing either.
Further, what do you do when a cert fails, for example if the CA can’t be identified or the cert is expired or whatever? Do you back out of the transaction and call the bank to find out what’s going on? Do you think you could ever reach anyone at the bank who knew? Send them an email? (which would probably go to the fake bank anyway). I just accept the cert and move on.
Since CAs and certs are already a complete failure as a proof of identity mechanism, MD5 signature spoofing is also irrelevant for the vast majority of users.
HTTPS is useful for encrypting traffic. It shouldn’t be used for anything else. The whole signed CA/Cert thing is an impediment to this useful function for a useless feature that is merely cryptographically entertaining. Google’s and various browser mechanisms to identify malicious sites are far more effective, although a few users are likely to get scammed before the fraud is identified.