InfoSec: How Lawyers May Have Ruined The SSL System

Taher Elgamal, one of SSL’s creators, says he fought with Netscape lawyers to have browser makers be SSL certification authorities

SSL, the secure sockets layer where encrypted HTTPS connections between web servers and users are run, is less secure than it should be. But one of its biggest problems could have been solved at the birth of SSL in the mid-1990s, and lawyers are largely to blame, TechWeekEurope has been told.

One of the most significant problems facing SSL, which should be keeping internet use safe, is how the system relies on certificate authorities (CAs) to act as a middleman, providing accreditation to web service providers like Google and Facebook in order to prove they are who they say they are. When those CAs get hacked, however, cyber criminals can give themselves certificates and thereby spoof websites – Google.com, for example – and hijack users’ internet sessions. That’s bad. At the other end of the scale, CAs who lack integrity might let a government create their own certificates and spy on citizens. From an ethical point of view, that’s also bad.

These man in the middle attacks rely on a hacker to compromise their targets’ networks, or gain a foothold on the DNS side at an internet service provider. But that’s beside the point: the way SSL works today is inherently insecure. That much was made clear at the launch of SSL Pulse today at InfoSecurity Europe 2012.

At loggerheads with lawyers

Many want to see a change to the CA system, but according to one of the creators of SSL, today’s problems could have been avoided at the inception of the protocol. Taher Elgamal, who was one of designers of SSL when chief scientist at Netscape, told TechWeekEurope he battled with lawyers to make the browser maker responsible for the certification process.

“I was at Netscape, so I was guilty from day one. I told Netscape they should sign the root certificates,” Elgamal said. “Imagine if we had done that 18 years ago. If these were actually signed inside the browser, you could revoke one and it would just disappear immediately.

“We did not do that because Netscape didn’t want to be a CA. Basically it makes the browsers the root CAs. But it is [a better model] because you are trusting either Chrome, Safari or whatever, because it’s doing everything else.

“That is a very simple and direct fix and they [the browser makers] could do it now. There are liability questions that browsers do not want to be in the middle of. If something goes wrong, who is responsible?”

Elgamal admitted that allowing for the formation of the CA system was a mistake. “That was the wrong thing to do,” he added.

Yet Elgamal claimed he fought with Netscape to bring the accreditation process into the browser. “I lost that battle. The legal teams won that battle,” he said. “I am always blaming the lawyers, but in this case it’s actually correct.” AOL, Netscape’s owner, had not responded to a request for comment at the time of publication.

Unfortunately, there may be no way to enforce such a model now. Convincing the likes of Google, Microsoft, Mozilla and other browser makers would be very tricky. “There is nothing for them to gain. However, the world would be much better,” Elgamal said.

When CA DigiNotar was hacked in 2011 and a load of fake certificates were issued for Microsoft, Google and Yahoo domains, amongst others, browser vendors rushed to issue patches, effectively revoking trust in all DigiNotar-signed certificates. If Elgamal’s proposed model had been in place, browser companies could have done that instantly without having to release patches.

“Dealing with bad CAs is actually a very difficult problem, because there is no technology fix there,” he said. Cutting CAs out now would be very costly, Elgamal claimed, adding that it is hard to tell which proposal for fixing the system will win. Right now, it looks as though CAs will be allowed to exist and the best move may be to add greater auditing of these middlemen of internet security.

One of the more popular methods is Moxie Marlinspike’s ‘Convergence’ model. This would see  users handed the SSL certificates directly, before asking a number of “trust notaries” to download them too. It then relies on consensus from these notaries to authenticate the web transaction.

“Anything that moderates how CAs get accepted is very important,” Elgamal added. “You need a system that governs them.

“Something has to happen. It is too broken.”

Think you know security? Try our quiz!