SSL CAs have an impossible job (if you want them to be thorough)

October 12, 2012

In extremely idealized theory, the job of an SSL CA is to verify the identity of the entities that they issue certificates to. People are forever clamouring for real SSL CAs to live up to this idealized image; they want SSL certificates to 'mean something' instead of being given out to anyone who can scare up a domain name and a credit card that will pass basic billing verification. I've recently been struck by the somewhat depressing realization that this is an impossible job.

By this I do not mean that it would cost too much to implement real identity checking, or that it would be subject to all sorts of undetectable fraud and confusion, although both are true. What I mean is that even if you assume money is not an issue and other idealized situations, no system that involves human attention, checking, and judgement can possibly work at anything approaching the scale we need SSL CAs to work at.

The problem is that people habituate to things very fast. The human beings in SSL CA verification are essentially serving as gatekeeping sentries; their job is to dutifully inspect everything going past them just on the off chance that there is something wrong with it. Almost all of the time there isn't. It is human nature to habituate to this and from then on see what you expect to see (and not see what you don't expect to), almost regardless of what's really there.

What this means is that people almost literally cannot provide the verification you want unless they do it in such low volume that they can avoid habituating to good certificate requests. If people process certificate requests in volume, they are not really verifying them to the degree you want; over time, attackers will be able to slip any number of sufficiently small things past them. Or to put it another way, you've turned people into bad robots and as such they will robotically approve quite a lot of things.

(I'm not too broken up about this, since I don't think the model works in practice anyways for all sorts of reasons.)

Written on 12 October 2012.
« Controlling Linux TCP socket send buffer sizes
DTrace: counting, aggregates, and a nice undocumented printa() feature »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Oct 12 03:41:55 2012
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.