IETF Logo Mail Archive

Re: [TLS] Eleven out of every ten SSL certs aren't valid

Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 02 July 2010 03:54 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2903B3A684F for <tls@core3.amsl.com>; Thu, 1 Jul 2010 20:54:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.074
X-Spam-Level:
X-Spam-Status: No, score=-2.074 tagged_above=-999 required=5 tests=[AWL=0.525, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hBe5KLUP+Vdx for <tls@core3.amsl.com>; Thu, 1 Jul 2010 20:54:35 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id E119E3A67B3 for <tls@ietf.org>; Thu, 1 Jul 2010 20:54:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1278042887; x=1309578887; h=from:to:subject:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20asteingruebl@paypal.com,=20tls@ietf.org|Subject: =20Re:=20[TLS]=20Eleven=20out=20of=20every=20ten=20SSL=20 certs=20aren't=20valid|In-Reply-To:=20<5EE049BA3C6538409B BE6F1760F328ABEA99F4C6D0@DEN-MEXMS-001.corp.ebay.com> |Message-Id:=20<E1OUXKw-0004cc-8W@wintermute02.cs.aucklan d.ac.nz>|Date:=20Fri,=2002=20Jul=202010=2015:54:46=20+120 0; bh=vnWyZP+9WJl+1Kk0FJmb8fyLHSsYk4oONkztNGPyAG4=; b=Ois2/65HbnHoVA6hwOcNqkh+NE/tc+tkayz/OMvQhdVZxmS6cMnctahI u8JmuWYeD9Z7TLGtpmBq8TDTgzrlc8yvtEnCqqB5HSm64v7fg4Rp3YD6n Bfb7i3d1rrFkpjqSnp7+yt+wKdjYuERfvlEZgmNgEPNrkeCkxWNtuuQid s=;
X-IronPort-AV: E=Sophos;i="4.53,524,1272801600"; d="scan'208";a="13592857"
X-Ironport-HAT: UNIVERSITY - $RELAY-THROTTLE
X-Ironport-Source: 130.216.207.92 - Outgoing - Outgoing
Received: from wintermute02.cs.auckland.ac.nz ([130.216.207.92]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 02 Jul 2010 15:54:46 +1200
Received: from pgut001 by wintermute02.cs.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@cs.auckland.ac.nz>) id 1OUXKw-0004cc-8W; Fri, 02 Jul 2010 15:54:46 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: asteingruebl@paypal.com, tls@ietf.org
In-Reply-To: <5EE049BA3C6538409BBE6F1760F328ABEA99F4C6D0@DEN-MEXMS-001.corp.ebay.com>
Message-Id: <E1OUXKw-0004cc-8W@wintermute02.cs.auckland.ac.nz>
Date: Fri, 02 Jul 2010 15:54:46 +1200
Subject: Re: [TLS] Eleven out of every ten SSL certs aren't valid
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2010 03:54:36 -0000

"Steingruebl, Andy" <asteingruebl@paypal.com> writes:

>The problem of course is that this is purely anecdotal.  Cormac didn't cite
>any research pointers for that, and it is at the heart of the current debate.

You mean the fifty-three references he gave weren't enough?  (OK, most of them
aren't to evaluations of the effects of cert warnings, but several are).  A
related problem is that there's been so much work done on the (lack of)
effects of cert warnings, and certs in general, that he could have spent half
the paper just regurgiating all the existing work.

(I'm dreading someone asking "OK, list all these refs" because then I'll have
to go away and spend several hours digging them all up... how many do people
want before they say "OK, that's enough"?.  Cormac's paper has about eight,
and that's barely scratching the surface).

>Frankly, if you think most certificate warnings are false positives, and you
>also believe that they will forever be such, then why do any certificate
>verification at all?

Precisely.  Users just click past them anyway.  Let's just admit that what
users are getting now is effectively unauth'd DH and then try and give them
something that actually works.

>This line of reasoning essentially says "there aren't really any active MITM
>attackers, and won't ever be" so let's just do away with the whole mess of
>ever checking certificates.

No, it says that what we're doing doesn't work, has never worked, and as far
as anyone can tell will never work (and we have a multibillion(?) dollar
global cybercrime indistry to prove it), so lets look for alternatives that do
work.  So we can do away with the mess of certs not because there aren't any
attacks but because they cost a ton of money and effort without actually
working.

(That's one statistic I'd like to see, if there are X sites using CA-bought 
certs costing an average of $Y and it takes a site admin A time at $B an hour, 
how much is the PKI phantomime costing per year?  Cormac has already given 
figures for how much clicking past all the warnings costs on the user side, 
but what does it cost to create the mess in the first place?).

Peter.

v2.23.0 | Report a Bug | By Email