Since it seems like I spent all of last week pronouncing that ZOMG! SSL and Certificate Authorities is Teh Doomed!, I guess that this week I should consider the alternatives. Fortunately, the Tor Project Blog, we learn what life is like without CA’s
Browse to a secure website, like https://torproject.org/. You should get the intentionally scary “This Connection is Untrusted” certificate error page. However, you should expect this error as there are no more CAs to valid against. Click “I Understand the Risks”. Click “Add Exception”. Firefox should retrieve the certificate. Click “View”. This is where it gets interesting.
How do you validate the certificate? It depends on the other end. For sites I worry about, like my bank or favorite shopping stores, I call support and ask for the SSL fingerprint and serial number. Sometimes the support person even knows what I’m talking about. I suspect they just open their browser, click on the lock icon and read me the information. Generally, it takes some work to get the information. Further, I’ll compare the cert received through Tor and through non-Tor ssh tunnels on disparate hosts. However, you only have to do this checking once per cert. Once you have it, Firefox stores it as an exception and, if the cert doesn’t change between visits, doesn’t interrupt you with the cert error page.
Even this brings a few caveats:
Does the list of certs in my browser open me up to unique fingerprinting in some way? Would I notice if a Packet Forensics device was used? Unless someone screwed up, I doubt it. And a seldom asked question is, have I ever caught ssl certs being faked or changed by a man-in-the-middle? Yes I have.
And there’s the rub. Even without using the CA as a proxy for trust, a suitably privileged attacker could still MITM that traffic stream. So even going it alone is not a panacea, it arguably reduces risk of a successful non-government attacker (i.e. fraudster) by someone who breaches the CA’s verification processes.
Right now, though, I think that for most people, CA’s suffer the same shortfalls which Churchill famous ascribed to Democracy: “The worst form of online identity verification except for all those others that have been tried.”
Perhaps, as the challenges of PKI alternatives like the Web of Trust, demonstrate, Trust is an inherently un-scalable concept (online). If that is the case, how do we align and partition risk appropriately and, even more importantly, how do we do it in a manner that the average Internet user will get right, even if they don’t comprehend it?
Updated to correct a typo and clarify another