SSL replacement? Convergence for replacing CA … Maybe

Pierluigi Paganini November 08, 2011

After the Diginotar case , another certification authority, the dutch KPN has released a statement announcing the termination of their service following the discovery that it has been compromised. KPN stopped issuing certificates after the detection of DDOS Tool on Server during an audit. First investigations have illustrated that the CA has been attacked four years ago.

What really scares KPN of the story is that the same company, even before being a CA, is a state telephone company, and this opens up frightening scenarios on the security of information managed by it so far.

After shocking hacker attacks on DigiNotar, GlobalSign, Comodo, and other SSL certificate authorities new scenarios and technologies are assuming great appeal.  Many expert says that  the CA model is dated and ill-suited to current needs. The alternative that more parties claim is “Convergence”.

The authentication process called Convergence implements a decentralized model which can allow anyone to run one or more “network notary servers”.

Convergence is radically different from the actual scenario where the Web of trust is based on a SSL server certificate signed by a CA and recognized by the user’s browser, based on recognition of the certificate authority.

The trouble is that the entire framework based on root CAs being impenetrable, which the recent CA attacks prove not true. Attackers can break into a CA and use its secret key to sign rogue certificates of their own invention compromising the entire chain of trust. There is also the possibility of CAs being compromised by criminals or governments to create rogue certificates. The signature on a rogue certificate checks out as authentic, brealing the entire chain of trust.

In the Convergence model a network notary server is connected to the Internet and is able to monitors websites building an history of the SSL certificate managed by each site. Notary servers or groups of notary servers may be operated by public organizations, private companies, or even individuals.

Notaries were in a position to track browser behavior by collecting a set of connection information  for each request and logging the SSL certificates it queried. Convergence attempts to guard against this by enabling each notary to serve in two distinct modes, either making SSL certificate queries, or acting as a relay (“bounce node” function).

Rather than validating an SSL certificate by checking for certificate authority approval, the browser validates a certificate based on the history related to the certificates observed by the network notaries over time. This mean that using a network notary servers located everywhere around the world and building an history of data, it is impossible for an attacker to launch a man-in-the-middle attack.

Rather than employing a traditionally hard-coded list of immutable CAs, Convergence allows you to configure a dynamic set of Notaries which use network perspective to validate your communication.

No more cost to acquire HTTPS certificate, it is one of the main advantages.

Any web-server in fact can simply auto generates an SSL certificate that can be observed by notaries and as a result trusted by user’s browsers. All that is necessary is that the server is plugged into the network and automated probing by notary servers takes care of the rest. Each notary can only make security decisions for the clients that have chosen to trust it and this mean that the security, integrity, or accuracy of a notary does not effect those who haven’t selected it.

Convergence allows you to choose who you want to trust, rather than having someone else’s decision forced on you. You can revise your trust decisions at any time, so that you’re not locked in to trusting anyone for longer than you want.

It is very fast.

So what is missing today because of the convergence will become a new de facto standard?

To be successful, the model will need a critical mass, actual notary number are still limited despite the rapid growth.

Other convergence problems are:

  • Market penetration. Google’s Adam Langley claimed that user statistics indicate “99.99% of Chrome users would never change the default settings,” and as a result, the default set of notaries shipped with the browser would need to offer extremely high uptime and handle a tremendous traffic load. That, in turn, would mean that “Google would end up running the notaries. So the design boils down to Chrome phoning home for certificate validation,” and Convergence support is therefore something that Google is not interested in adding.
  • Connection to “internal servers” and captive portals. Seems that intranet services that cannot be queried by notaries outside the internal network. Captive portals are widespread in public WiFi hotspots. A captive portal intercepts all HTTP and HTTPS traffic before the client sign-on is complete, so the browser cannot contact any notaries to verify that the portal itself is who it claims to be and not a clever phishing site.
I leave to  the reader every reflection on the topic, for sure we are faced with two models:

  • a model that is definitely dated revised in the light of recent events
  • a second promising model, however, must overcome great resistance

you might also like

leave a comment