2011 was something of a watershed year for security discussions about digital certificates. Before the year was up, the world’s certificate authorities and registration authorities experienced three high-profile breaches: Comodo, DigiNotar and KPN. In each case, the difficulties surrounding the revocation of bad certificates were laid bare.
For some, this prompted an examination of solutions to the current system, which relies on communication between the Certificate Authorities (CAs) and browser vendors such as Google, Mozilla and Microsoft. In a presentation at the RSA Conference in San Francisco Tuesday, representatives from Google, Opera Software, Mozilla and security firm Trend Micro offered up their own potential solutions to the challenge.
What is clear is that the current system is not working, opined Google software engineer Adam Langley, and “the proof is in the pudding.”
Certificates can be revoked for a number of reasons. For example, if the owner notifies a CA the certificate needs to be revoked, or if for example a CA is found to have improperly issued a certificate. When a decision is made by the CA to revoke the certificate, it publishes the revocation in the Certificate Revocation List (CRL). However, the time it takes to get this information to the browser vendors who need it has some in the industry considering other approaches.
Among them, noted Langley, is online certificate status protocol (OCSP) stapling. Internet Explorer added support for this in version 7 of Windows Vista, as well as all versions of Mozilla Firefox. It is also supported by versions 8.0 and higher on Opera, Apple Safari on Mac OS X and Google Chrome. However, the approach has its downside. OCSP stapling supports only one OCSP response at a time, which does not cut it for sites that use multiple certificates for a single page.
Other approaches have pros and cons as well, the panelists said.
Google recently announced plans to stop querying CRLs and databases relying on OCSP. Instead, Chome will leverage its automatic update mechanism to keep a current list of certificates that have been revoked, which would enable the list to take effect without the user having to restart the browser.
Anyone taking a look at their browser’s latest certificate revocation list during the past year can see it has gotten bigger, noted Ed Skoudis, chief technology officer at Counter Hack Challenges, in a separate presentation Tuesday.
“This is a problem,” he said. “You can alternatively if you are bad guy trick the certificate authority, or registration authority into giving you a certificate. The whole goal of this is for the attacker to avoid the browser pop-up message saying, ‘warning this is an un-trusted SSL connection’.”