The past month there has been a lot of talk around TLS (aka SSL) and the certificates. Most are short term suggestions on quick workarounds to fix TLS certificates (mainly the high security tax). However two main problems of certificates I think can only be fixed with structural changes:
- Certificates are not connected to what they should certificate (the url).
- Certificates make no difference between pages for banks and bob’s small web 2.0 pages.
So what would be a solution? For one certificates should be given with domain names and follow the structure of dns. So if the university bar.edu gives the subdomain foo.bar.edu to a lab then the certificate should follow this model. So foo.bar.edu would have a certificate signed by bar.edu. So how would a browser know, that it is talking to the real foo.bar.edu (= the certificate is valid)? Well, it would see that foo.bar.edu is signed by bar.edu and bar.edu is signed by it’s registrar. And as the registrar is certificated by the ICANN (which the browsers would trust) we have a full trust path. Note that this would be at least as secure as our current certificate structure, as it relies on DNS anyways (Dan Kaminsky pointed this out in his presentation at black hat about the DNS flow he discovered).
Like this we would solve the problem of certificates being disconnected with the domain names (which we are trying to secure) and as they would be given with the registration of the domain we would avoid the cost problem. However we still have the problem that banks and bob’s web 2.0 page are treated the same despite different security needs. Well, we really didn’t consider that the banks need more security (this solution is fine for bob). The question we should be asking is what is it that the bank really wants to prove about herself? Is it really that the URL my-bank.com belongs to them? If that would be sufficient than what happens is a bad guy registers a similar but different domain like mybank.com or a typo like my-bnak.com?
What a bank really wants to prove to its customer is “Yes, I am a trust worthy bank”. So instead of just having the certificate signed once we will have it in addition signed by an CA for banks. And the user will get a nice icon of a bank in the addressbar so she sees this information instantly.
Having more than one CA sign the same certificate also offers more possibilities. We could have a CA that signs daily until the domain owner notifies them that it should be revoked (however I don’t know if this would be an improvement to the current revoking procedure). How about a certificate saying you are a software distributor (making the warning when downloading a “.exe” less with and more without this signature)? Or what about a certificate that verifies your identity (also tied with S/MIME? I’m not saying that most people will need more than the confidence that they are talking to the URL that is in there address bar, but adding the possibility might be useful in may situations.
Update: dria explains nicely Firefox 3’s new site identification button, which is a step in the right direction (but independent of suggestions I’m making here).