Will New Free Certificate Authority Help Or Hinder Online Security?
from the first-things-first dept
A couple of weeks ago, Techdirt wrote about Let’s Encrypt, an interesting new project from the EFF, Mozilla and others to set up a free certificate authority (CA) that will allow anyone running a website to offer encrypted connections. That sounds like a great idea, since it will make snooping on web traffic much harder. But a post (on LinkedIn, unfortunately) by Alexander Hanff, Chief Privacy Officer at Connect In Private, wonders if it might actually make things worse. Here’s why:
Creating a new Super Certificate Authority is the equivalent of painting a huge red target onto the backs of all the people who use it.
Let’s not mix our words here, it will become a target — that much is completely indisputable, it would be utterly naive to believe the US Government will not target this new CA with court orders. What’s more, given the historical evidence, there is a strong chance that such orders will be for “super master keys” allowing them to pretend to be whomever they like [for man-in-the-middle attacks] and it will be done under the guise of National Security because of course a CA which provides free certificates for everyone is (in the eyes of law enforcement) a hotbed for criminals and terrorists — why on earth would a terrorist pay Verisign for an SSL certificate, leaving a paper trail, if they can obtain an anonymous certificate for free from Let’s Encrypt?
Techdirt asked the EFF to respond to this concern, and Peter Eckersley, the organization’s Technology Projects Director, replied as follows:
Mr Hanff is right to be concerned about structural flaws in the CA infrastructure, but he hasn’t understood the problem. This is something we’ve been working on for years: https://eff.org/observatory https://www.youtube.com/watch?v=9VAreZZhue4 and we certainly wouldn’t have picked a design to make the situation worse.
Anyone who looks at the CA infrastructure is going to think, “oh, there are expensive high security CAs, and weaker low security CAs, and hundreds of others run by various corporations and governments, I’d better pick one I can trust”. But it turns out not to matter which one *you* pick, because our web browsers have been designed to trust hundreds of them. So even if you buy from the one with the best combination of security and jurisdictional robustness, a would-be man-in-the-middle attacker will pick a weak one to use against you. We’ve seen this play out for instance with the Iranian attack on Gmail via a CA in the Netherlands, and a Turkish CA issuing improper certs for Google.
Let’s Encrypt’s first mission will be to solve the grand problem of HTTPS, which is that hundreds of millions of sites don’t use it at all. But it will also be engineered to begin addressing the structural flaws in the whole CA marketplace. For sites that it want it, we’ll assist in using mechanisms like pinning to protect against the hundreds of other CAs that the site isn’t using (pinning lets a site declare that only a small and specified number of CAs can sign certs for it). And for our own CA, we will use Certificate Transparency or equivalent mechanisms to ensure that if our operations were ever compromised or compelled in any way, that would be recorded and rapidly visible to the whole Internet.
As that points out, the first problem is to get people using encrypted connections; after that, we need to work on those “structural flaws in the CA infrastructure” that Hanff and Eckersley agree are a serious issue that needs addressing.