RSA 2013: SSL Certificate Security in the Crosshairs
Can the SSL certificate authority system be improved? A panel at the RSA conference discussed several promising approaches.
SAN FRANCISCO: Over the course of the last several years, the security of SSL certificate authorities (CAs) has come under attack.
At the RSA Security conference this week, a panel of CAs and researchers discussed ideas that could help shore up the system of awarding SSL certificates.
DANE Leverages DNS
Yngve Pettersen, a software developer and security specialist for TLS Prober Labs, mentioned an approach known as DANE (DNS-based Authentication of Named Entities). DANE is defined by the IETF (Internet Engineering Task Force) 6698 RFC and leverages the DNS to validate the integrity of an SSL certificate. More specifically, DANE requires that DNSSEC is implemented on a DNS server, providing an additional layer of integrity to domain name information.
"DANE allows the owner of a domain to signal which site certificate can be used, which CAs can be used and which public keys can be used for a given host in a domain," Pettersen said.
However, one issue with DANE that Pettersen highlighted is the fact that it's not clear how effective certificate revocation would be handled.
Quentin Liu, senior director Engineering at Symantec, said that on the positive side, DANE is a great way to see if a CA has mis-issued SSL certificates. From a negative perspective, DANE includes a self-signing model, which Liu sees as a step backward for SSL.
Google Likes Certificate Transparency
Adam Langley, senior staff software engineer at Google, highlighted the benefits of a technology known as certificate transparency (CT).
The general idea is that certificates are a public trust because people are asked to trust them. With CT that trust is made public, enabling SSL certificate information to be published. The idea is that if something doesn't check out, a website owner can address issues.
"CT is an enhancement to the CA system, not an alternative," Langley said.
As is the case with DANE, the issue of revocation is not entirely clear, though from Google's perspective that's not a problem. Langley said that Google's Chrome Web browser pushes out new lists for certificates at a rapid rate, so users are always up to date.
Google will have source code for CT available by the end of the quarter and is working with SSL CA DigiCert on deployment as well.
Certification Authority Authorization
One of the reasons why SSL CA security is critically important today is because of high-level breaches in which CAs wrongly issued certificates.
Quentin Liu noted that the certification authority authorization (CAA) approach defined by IETF RFC 6844 is a good way of protecting certification mis-issuance from CAs.
Liu said there are many similarities between CAA and DANE. In his view, CAA is easier to adopt as it does not require DNSSEC and can be phased in on a per-CA basis, for every certificate customer.
Wayne Thayer, CTO of GoDaddy, is optimistic about another standard called key pinning.
"Key pinning is based on the idea of observational trust," Thayer said. "The idea is that you visit a site over SSL and you see a particular cert for a particular site, thus you are likely to see that key again."
The idea of key pinning has been in use at Google and is one of the mechanisms by which the company detected past attacks against SSL CAs.