ssl certs: just enough security?

Via Twitter (@jaysonstreet) I opened up an article by Dan Goodin (TheRegister) with the sensational title, “How is SSL hopelessly broken? Let us count the ways
. This just begs comment.

1. It’s still a human problem. I’m not sure I would go so far as to call SSL hopelessly broken. Then again, I’m not writing a story aimed to be sensational and gain views. What we have here is the age-old problem of human involvement in a well-meaning system. All of the weaknesses presented in the article center around poor implementations, user convenience (which strangely is not what EV SSL changes did), and a drive for profits in the CA industry. All of these are not a problem for SSL to solve, but rather for groups of people to solve and make better choices. Good luck with that.

We often get wrapped up saying security is a human problem by beating “users” over the head, and maybe even including administrator mistakes. But implementation decisions and poor oversight are just as much a human problem as a user who opens every Adobe email attachment they receive.

2. Silly questions. Should browsers not trust every CA root cert (and probably give errors by default, which will suck)? Should CAs do far more to only issue truly valid certs (and pass that cost to whom exactly)? Should CAs beef up their OCSP infrastructure (and cause my corporate software to make even more strange call-outs to unexpected places) so that it can be made a critical path for trust (even when 99% of the certs probably won’t be revoked)?

I don’t think there are easy answers and maybe not even any answers for these questions. So maybe this does say that SSL is hopelessly broken. But would *any* alternative ever be better? Money, convenience, and profits will always beat up against security, so I’m not sure. It’s still an implementation/human issue. Should CAs be held accountable? I don’t like that approach, but I don’t really have a good argument off the tip of my fingers for why…

3. Identity. I’ve been reading some Gunnar Peterson lately, and I’ve seen him talk about identity-based security being the future (or now). I don’t completely follow or understand that yet, but I can see that SSL infrastructure has the same problem.

4. Strange article points. Don’t get me wrong, this article is necessary and good, but it does have some absolutely strange moments. The comparison of CAs to CitiGroup and AIG is just bizarre and nonsensical. The implication that browser-makers should play traffic/moral cop with which CA roots to include in their browsers is dumb (especially when the example of Google/China/CNNIC is doubly based on rumors). The article also focused way too much on the recent Comodo affair, for no real benefit to the central hypothesis.

And one missed point about poor certificate implementation/issuance in the predictability of PRNGs in OpenSSL which some CAs, I believe, were using. I can’t find reference to it other than OpenSSL in general, though.

But this begs the question of just how much attacking should CAs do to themselves in order to prove their adequacy? I’ve grown more sympathetic to the realistic approach that you do what you can, but you *have* to set yourself up to detect and respond and fix any issues someone else finds in the future. If you wait until you’ve achieved perfect security, your product/company will fail.

Yeah, that sounds a lot like, “Just Enough Security.”