Shostack + Friends Blog Archive


"High Assurance" Certificates

Following up on previous posts on the concept of high assurance certificates (“Web Certificate Economics“), I’d like to draw attention to a CSOOnline blog post, “Phishers Now Targetting SSL:”

The spoofing has taken a number of forms, which appear to be becoming highly sophisticated. They vary from exploiting browser flaws, to hacking legitimate sites or even just frames on these sites, as a way of presenting what appears to be a legitimate banking site to visitors.

More sophisticated still, certificates can be purchased for domains that sound similar to banking websites, allowing the criminals to present the SSL lock icon, normally taken as a security guarantee.

Even though such attacks will trigger browser warnings regarding the certificate spoofing, Netcraft believes that many ordinary users will simply ignore these messages and proceed.

See also, “More than 450 Phishing Attacks Used SSL in 2005.” I’d really like to see usability studies, in which these higher assurance certificates and their user interfaces are presented to users, to see how well they’ll work. It’s great to see people thinking about the problem, but usability requires testing. I continue to believe that there are ways to preserve the internet channel in the face of these attacks, and that those ways are not centered on invocations of assurance, but techniques that break classes of attack. I’d like to see that tested, as well. Because I can talk a good game, but, err, usability requires testing.

(Today’s certificate from Perntacostalsofoc, on Flickr.)