Submitted via IRC for TheMightyBuzzard
Since the early days of the SSL/TLS protocols, the security community has been struggling with various attacks that have made many press headlines.
[...] The Transport Layer Security (TLS) protocol as it stands today has evolved from the Secure Sockets Layer (SSL) protocol from Netscape Communications and the Private Communication Technology (PCT) protocol from Microsoft that were developed in the 1990s, mainly to secure credit card transactions over the Internet.
It soon became clear that a unified standard was required, and an IETF TLS WG was tasked. As a result, TLS 1.0 was specified in 1999, TLS 1.1 in 2006, TLS 1.2 in 2008, and TLS 1.3 will hopefully be released soon. Each protocol version tried to improve its predecessor and mitigated some specific attacks.
As is usually the case in security, there is a "cops and robbers" game going between the designers and developers of the TLS protocol and the people who try to break it (be it from the hacker community or from academia). Unfortunately, this game is open-ended, meaning that it will never end and has no winner.
Not precisely news but it's good to stop, reflect, and look forward now and then.
Source: https://www.helpnetsecurity.com/2017/07/03/tls-security/
(Score: 2) by Pino P on Wednesday July 05 2017, @04:32PM (3 children)
Then what's the alternative to the CA model that doesn't involve physically visiting each partner with whom you wish to communicate?
Before you say "build a web of trust through key signing parties", that isn't practical for at least two reasons.
How would these web of trust problems be fixed without re-creating problems with the CA system?
Certificate Transparency is one countermeasure against this attack. It's already required for EV certificates and certificates issued by CAs that have been put in a penalty box. HTTP Public Key Pinning is another countermeasure that works on a client's subsequent visits to a site. DANE is supposed to do the same through DNS lookups, but it hasn't been deployed widely for a couple reasons: the DNSSEC root zone signing key was historically too short (1024-bit RSA until nine months ago [verisign.com]), and some domain registrars (such as GoDaddy) have charged extra to manage DNSSEC.
(Score: 2) by Justin Case on Wednesday July 05 2017, @04:52PM (2 children)
Choices:
1. One bad CA can pwn the world.
2. MyBank.ru has certificates from 8 CAs I trust, 20 I've never heard of, and 5 I despise. Is it still MyBank.ru?
3. MyHackedBank.ru has certificates from 20 I've never heard of, and 5 I despise. Is it still MyBank.ru?
(Score: 2) by Pino P on Saturday July 08 2017, @09:16PM (1 child)
How are members of the general public, as opposed to information security professionals, supposed to determine which CAs are trustworthy?
(Score: 2) by Justin Case on Sunday July 09 2017, @02:37PM
I'm not part of the crowd claiming that the big bad Internet can be made safe for the ignorant masses.
But even if they default to the (admittedly bad) assumption "trust them all" they'd be no worse off than where we are today.