Wandering Thoughts archives

2018-05-31

What is the long term future for Extended Validation TLS certificates?

One of the things I wonder about with Extended Validation TLS certificates is what things will look like for them in the long term, say five to ten years. I don't think things will look like today, because as far as I can see EV certificates are in an unstable situation today since in practice they're invisible and so don't provide any real benefits. Commercial Certificate Authorities certainly very much want EV certificates to catch on and become more important, but so far it hasn't happened and it's quite possible that things could go the other way.

So here are some futures that I see for EV certificates, covering a range of possibilities:

  • EV certificates become essentially a superstition that lingers on as 'best practices' among large corporations for whom both the cost and the bureaucracy are not particularly a factor in their choices. These organizations are unlikely to go with CAs like Let's Encrypt anyway, so while they're paying for some TLS certificates they might as well pay a bit more, submit some more paperwork, and get something that makes a minor difference in browsers.

  • EV certificates will become quietly irrelevant and die off. CAs won't be able to do enough EV certificate business to make it worth sustaining the business units involved, so they'll quietly exit the unprofitable business.

  • Browsers will become convinced that EV certificates provide no extra value (and if anything they just confuse users in practice) and will remove the current UI, making EV certificates effectively valueless and killing almost all of the business. Browsers hold all the cards here and at least Mozilla has openly refused to commit to any particular UI for EV certificates. See, for example, Ryan Hurt's "Positive Trust Indicators and SSL", which also dumps some rain on EV certificate problems.

    One thing that could tip the browser balance here is scandals in CAs issuing (or not issuing) EV certificates improperly. If EV certificates seem not necessarily routinely worth extra trust, it becomes more likely that browsers will stop giving them any extra trust indicators.

  • CAs will persuade browser vendors to make some new browser features (in JavaScript, DOM and host APIs, CSS, etc) conditional on the site having an EV certificate, on the grounds that such sites are 'extra trustworthy'. I don't think this is likely to happen, but I'm sure CAs would like it to since it would add clear extra value to EV certificates and browsers are making APIs conditional on HTTPS.

    (A 'must be HTTPS' API restriction has a good reason for existing, one that doesn't apply to EV certificates specifically, but that's another entry.)

  • CAs will persuade some other organization to make some security standard require or strongly incentivize EV certificates; the obvious candidate is PCI DSS, which already has some TLS requirements. This would probably be easier than getting browsers to require EV certificates for things and it would also be a much stronger driver of EV certificate sales. I'm sure the CAs would love this and I suspect that at least some companies affected by PCI DSS wouldn't care too much either way. However, some CA moves on EV certificates might harm this.

    (On the other hand, some large ones would probably care a lot because they already have robust TLS certificate handling that would have to be completely upended to deal with the requirements of EV certificates. For instance, Amazon is not using an EV certificate today.)

On the balance the first outcome seems most likely to me at the moment, but I'm sure that CAs are working to try to create something more like the latter two since EV certificates are probably their best hope for making much money in the future.

(I also wonder what the Certificate Authority landscape will look like in five to ten years, but I have fewer useful thoughts on that apart from a hope that Let's Encrypt is not the only general-use CA left. I like Let's Encrypt, but I think that a TLS CA monoculture would be pretty dangerous.)

EVCertificatesEndgame written at 23:35:58; Add Comment

Extended Validation TLS certificates are basically invisible

Extended Validation TLS certificates are in theory special TLS certificates that are supposed to give users higher assurances about the website that they're visiting; Certificate Authorities certainly charge more for them (and generally do more verification). There are some fundamental problems with this idea, but there's also a very concrete practical problem, namely that EV certificates are effectively invisible.

Today, the only thing the presence or absence of an EV certificate does is that it changes the UI of the browser URL bar a little bit. Quick, how often do you pay any attention to your browser URL bar when you visit a site or follow a link? I pay so little attention to it that I didn't even notice that my setups of Firefox seem to have stopped showing the EV certificate UI entirely (and not because I turned much of it off in my main Firefox).

(It turns out that the magic thing that does this in Firefox is turning off OCSP revocation checks. I generally have OCSP turned off because it's caused problems for me. It's possible that websites using OCSP stapling will still show the EV UI in Firefox, but I don't have any to check. By the way, if you experiment with this you may need a browser restart to get the OCSP preference setting to really apply.)

This matters because if EV certificates are effectively invisible, it's not at all clear why you should bother going through the hassle of getting them and, more importantly for CAs, why you should pay (extra) for them. If almost no one can even notice if your website uses a fancy EV certificate, having a fancy EV certificate is doing you almost no good.

(This is an especially important question for commercial CAs, since Let's Encrypt is busy eating their business in regular 'Domain Validated' TLS certificates. It certainly appears that the future price of almost any basic DV certificate is going to be $0, which doesn't leave much room for the 'commercial' part of running a commercial CA.)

The current invisibility of EV certificates is not exactly a new issue or news, but I feel like doing my part to make it better known. There's a great deal of superstition that runs around the TLS ecosystem, partly because most people rightfully don't pay much attention to the details, and EV certificates being clearly better is part of that.

(EV certificates involve more validation and more work by the CA, at least right now. You can say that this intrinsically makes them better or you can take a pragmatic view that an improvement that's invisible is in practice nonexistent. I have no strong opinion either way, and I'll admit that if you offered me EV certificates with no extra hassle or cost, sure, I'd take them. Would I willingly pay extra for them or give up our current automation? No.)

EVCertificatesInvisible written at 00:01:22; Add Comment

By day for May 2018: 6 11 27 31; before May; after May.

Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.