What would be nice for SSL is out-of-band certificate binding
January 9, 2011
One thing that creates the the SSL CA problem is that websites have no secure out of band mechanism for asserting what SSL certificates they use (or that should be accepted from them). With such out of band information, incorrectly issued SSL certificates wouldn't be a concern because they wouldn't work.
Well, 'secure' is an imprecise word here. The problem with SSL CAs is that they create a situation where SSL has multiple trust roots; in this situation your security is only as strong as the weakest trust root. Both available evidence and strong suspicions point to that being not much security if it's important enough to someone. So what you need is a system without multiple equivalent trust roots.
In theory DNSSEC could solve this problem, once it becomes pervasive. In practice there are both trust issues and significant operations issues that, I think, make it infeasible.
The trust issue is that DNSSEC doesn't give the browser clear and visible end to end security. With SSL CAs alone, the browser does all of the certificate validation itself; however, with DNSSEC, the security of the out of band information is probably at least partially in the hands of resolver libraries and local DNS caches.
The short form version of the operations issues are that this is extra work for no particular benefit (and so is unlikely to get done at all) and, more importantly, that DNS information doesn't update instantly. Slow DNS updates means that changing a service's SSL certificate requires much more lead time and planning; you have to start advertising the new certificate alongside the old one several days in advance, and then keep the old one for a day or two afterwards. With the current situation, you can change your SSL certificate with a configuration file update and maybe a daemon restart, and change it back just as easily.
Written on 09 January 2011.
* * *
Atom feeds are available; see the bottom of most pages.