On 28/03/17 08:23, Peter Gutmann via dev-security-policy wrote:
Martin Heaps via dev-security-policy <dev-security-policy@lists.mozilla.org> 

This topic is frustrating in that there seems to be a wide attempt by people
to use one form of authentication (DV TLS) to verify another form of
authentication (EV TLS).

The overall problem is that browser vendors have decreed that you can't have
encryption unless you have a certificate, i.e. a CA-supplied magic token to
turn the crypto on.  Let's Encrypt was an attempt to kludge around this by
giving everyone one of these magic tokens.  Like a lot of other kludges, it
had negative consequences...

It's not a kludge, though. Let's Encrypt is not (merely) a workaround for the fact that self-signed certificates are basically considered worthless. If it were, it wouldn't meet BR rules. Let's Encrypt actively performs validation of domains, and in that respect is as legitimate as any other DV CA.

We actually have *five* levels of trust here:

2. HTTPS with no validation (self-signed or anonymous ciphersuite)
3. HTTPS with DV
4. HTTPS with OV
5. HTTPS with EV

These are technically objective levels of trust (mostly). There is also a technically subjective tangential attribute:

a. Is not a phishing or malicious site.

Let's Encrypt aims to obsolete levels 1 and 2 by making 3 ubiquitously accessible.

The problem is that browser vendors have historically treated trust as binary, confounding (3), (4), and (a), mostly because the ecosystem at the time made it hard to get (3) without meeting (a). They also inexplicably treated (2) as worse than (1), which is of course nonsense, but I guess was driven by some sort of backwards thinking that "if you have security at all, you'd better have good security" (or, equivalently: "normal people don't need security, and a mediocre attempt at security implies Bad Evil Things Are Happening").

With time, certificates have become more accessible, everyone has come to agree that we all need security, and with that, that thinking has become obsolete. Getting a DV cert for a phishing site was by no means hard before Let's Encrypt. Now that Let's Encrypt is here, it's trivial.

So it's now being actively exploited... how could anyone *not* see this
coming?  How can anyone actually be surprised that this is now happening?  As
the late Bob Jueneman once said on the PKIX list (over a different PKI-related
topic), "it's like watching a train wreck in slow motion, one freeze-frame at
a time".  It's pre-ordained what's going to happen, the most you can do is
artificially delay its arrival.

And this question should be directed at browser vendors. After years of mistakenly educating users that "green lock = good, safe, secure, awesome, please type in all your passwords", how could they *not* see this coming?

The end nessecity is that the general public need to be educated [...]

Quoting Vesselin Bontchev, "if user education was going to work, it would have
worked by now".  And that was a decade ago.

This is strictly a presentation layer problem. We *know* what the various trust levels mean. We need to present them in a way that is *useful* to users.

Obvious answer? Make (1)-(2) big scary red, (3) neutral, (4) green, (5) full EV banner. (a) still correlates reasonably well with (4) and (5). HTTPS is no longer optional. All those phishing sites get a neutral URL bar. We've already educated users that their bank needs a green lock in the URL.

dev-security-policy mailing list

Reply via email to