Marlinspike: Certificates have 'real problems'

Security technologist Moxie Marlinspike tells ZDNet UK why he thinks there are major problems with trust in digital certificates after a series of certificate authority hacks in 2011
Written by Tom Espiner, Contributor

Last year, hackers perpetrated a series of digital certificate compromises, striking at a deep level with potentially far-reaching effects both for internet users and the hacked companies.

In March, news broke of a hack of Comodo, when an intruder obtained nine fraudulent digital certificates. Then in September it emerged that hundreds of thousands of Iranians may have had their Google communications intercepted after a compromise of Dutch certificate authority DigiNotar. DigiNotar declared itself bankrupt after the hack resulted in the Dutch government revoking trust in its certificates.

Certificate authority GlobalSign stopped issuing certificates while it investigated a hack on its systems in September. It later found that its SSL certificate had been exposed during the attack on an external server.

A major problem with certificate compromise is the undermining of trust in numerous security mechanisms. An attacker can set up a website that looks bona fide, and trick people into thinking they are visiting one website when it is in fact another. An attacker can also white-list malware on an operating system to gain full control of a device.

Security technologist Moxie Marlinspike has come up with a technology called Convergence, designed to overcome the need for organisations to rely on digital certificates. He spoke to ZDNet UK about the technology, trust, and anonymity.

Q: Last year a number of certificate authorities were compromised. Do you think the certificate authority model is broken?
A: There are very real problems here. My thesis is that what we have now lacks what I call 'trust agility'. We've made a decision somewhere along the line to trust these organisations, and now it's very difficult for us to untrust them.

So, they don't have a tremendous amount of incentive to continue engendering our goodwill, or behaving appropriately, or employing the best security practices.

Why is it difficult to revoke trust in them?
Comodo is a good example. Right now, Comodo should apply somewhere between a quarter and a fifth of the certificates on the internet. So if I, or a browser vendor, decides that they no longer trust Comodo, and remove them from their trust database, that means that that quarter to a fifth of the internet will basically break — you wouldn't be able to look at those websites any more, until they've all gotten different certificates from different certificate authorities.

That's a really tough business decision for a browser vendor to make — that they're going to break a quarter to a fifth of the internet for their users, or, that they are somehow going to try and co-ordinate a quarter to a fifth of the internet to migrate to some other certificate authority.

Your Convergence project seems to be making the trust model open source, or making a collective decision, through various different trusted authorities.
The major objective is to provide trust agility: the idea that we still rely on third parties to certify a communication, but that you can untrust them at any time. You can make a decision to trust some organisation or set of organisations, but at any time you can revise that decision if you decide that they no longer warrant your trust.

It does additionally provide properties that allow you to rely on organisations to collectively certify communications. So you can decide you don't want to trust any individual organisation, but five different organisations. If they all agree, then you consider that an indication to be certified.

The system of notaries — doesn't that rely on some kind of user technical savvy, and is that beyond the purview of most people, and most employees of organisations?
The way I see it is that ideally Convergence would be based in web browsers — web browsers using Convergence as the mechanism for certifying secure communications. The web browser would come with a default set of notaries, just like today a web browser comes with a default set of certificate organisations. Most users would never change their notaries, and they would depend on their browser to make those appropriate decisions for them. I think that's entirely reasonable. Users could decide to modify the notaries if they liked.

How would you define a notary?
A notary is very similar to a certificate authority. The only difference is that the trust relationship is inverted. Right now servers initiate a trust relationship with a certificate authority, which means that one server or website will make a decision about the organisation that's going to certify all the traffic for all users around the world, whereas notaries are selected by the client — the client initiates the trust relationship, first connecting to the notary and asking it to certify communications.

The major problem with the model right now is that if the certificate authority is compromised, then that affects all users for all websites.

With the certificate authority model, are there any particular security problems with servers initiating the trust relationship?
The major problem with the model right now is that if the certificate authority is compromised, then that affects all users for all websites. They can continue to operate purely because even after a compromise it's difficult to untrust them.

My problem with VeriSign as a manager of TLDs [top-level domains] is that I think it would be unwise to place all our trust there. Under the DNSSEC model there would be reduced trust agility. Even as unrealistic as it might be, today I can remove VeriSign from the trust database in my browser or my operating system, but I can never change the fact that they are the organisation that manages dot.com and .net domains.

Are attacks on certificate authorities inevitably state sponsored?
My intuition is that of the attacks that we've seen with organisations like Comodo and DigiNotar, [they] were not state-sponsored attacks. You have a not very bright hacker, based on...

...the statements that he made in his communiqués.

The reason why I don't feel this is state sponsored is that: one, I'm sure there are state-sponsored attacks happening all the time, but most countries simply have their own certificate authority and so it's very easy for them to intercept secure communication — they don't have to hack anybody. Their ability to intercept communication is baked in.

For really well-funded entities, like nation states that for whatever reason do not have their own certificate authorities — Iran, for example — they can just simply buy a certificate-authority certificate through a programme called GeoRoot, which is run by GeoTrust, which is owned by VeriSign. That would allow them to immediately have a certificate-authority certificate they could use to intercept any communications they want.

With Convergence, the notaries could be guaranteed by security companies. Symantec is a security company that owns VeriSign SSL, so why not use Symantec as a trusted entity?
Sure, it depends on who you trust. I feel that all security companies are not equal. Different people might trust different organisations for whatever reason. I feel there is some difference between collective trust versus [individual] trust. I feel like I can identify some sort of an organisation, where even if I might not trust each of them individually, and absolutely, I would trust their collective response. I would trust them not to be colluding with each other.

I wanted to ask you about SOPA and PIPA. Do you think they're going to change the information security landscape? Do you think they are going to lead more people to try out encryption?
It's possible. In terms of the information-security landscape, the lesson for me here, whether or not this stuff passes, is that it came close to passing, and that they are trying to pass legislation like this.

A lot of people are looking at this legislation and thinking that the future of DNSSEC hangs in the balance. If this passes, then people are, "Oh, well, we shouldn't deploy DNSSEC, but if it doesn't pass, then we'll deploy DNSSEC." And to me, the question is its own answer.

DNSSEC depends on trust in government. If governments are going to start messing with DNS responses, or intercepting DNS queries, they can very easily do that with DNSSEC. DNSSEC depends on a hierarchy of trust in centralised organisations that are either controlled by nation states through the cc top-level domains or by organisations that happen to be in the purview of the government through the global top-level domains.

To me then the question is its own answer. If people are even thinking about doing this, then we shouldn't put our eggs in that basket. It's extremely likely that even if it doesn't happen now, then it will happen at some point in the future. We should be looking for entirely different solutions.

I think of this kind of stuff from the perspective of a technologist. I'm not in a position to lobby for or against, and really I want nothing to do with it. On the technical side, if this kind of legislation did pass, it would only increase the development of a tamper-proof internet. People would immediately start working on solutions that would prevent people from tampering with the internet in this way.

I guess that's a good thing?
I think it's something we should do one way or the other. This is the writing on the wall — we're looking into the future with that legislation. We should be prepared.

There is a lot of government interest in being able to look at communications. On the other hand, there are some compelling cases for people wanting to be anonymous and have anonymous communications, especially when they are trying to effect some kind of social change. What is your view on the balance between people wanting to effect social change and law enforcement wanting to intercept communications?
My feeling is that right now, law enforcement is doing all right. Their mechanisms for intercepting communications are pretty extensive. This question is like, choose your team, and I know what team I'm on — I'm on team anonymity. Law enforcement has not built a lot of trust.

If you look at the mechanisms they are using to intercept people's communications and trap people, it doesn't feel like they're really doing it appropriately. There's a lot of politics about this. If you look at what's been happening in the US with wire-tapping, it's totally insane. That kind of stuff is really driving people towards technical solutions that allow them to preserve their privacy.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards