SSL is the protocol that underlies most of the Internet’s encrypted traffic, and lately many people have begun to realize that SSL is flawed in a pretty obvious and easily exploited way.
SSL relies on certificates to setup a secure connection between computers. Generating a certificate is easy, and it’s possible to create a valid certificate for any address on the Internet. Certificate authorities (or CAs) ensure trust and prevent mayhem by validating the certificate owner is who they claim to be and then adding a signature to a certificate labeling it as legitimate.
When you visit a secure website, your browser gets a certificate signed by an authority saying that this website is authentic. The browser compares that signature against its own built-in list of known certificate authorities (and their public keys). How many authorities does your browser know about? Try more than 600!
The SSL certificate authority model works well if you assume the authority treats its super-secret private key like the gold in Fort Knox: the key is only handled by a small group of Internet priests who open the vault in a solemn ritual, remove the key, calculate a signature using nothing but slide rules and chalkboards, and then hastily return their private key to the sacred vault. Obviously, most CAs skip this time consuming and expensive process and trust their computer systems to manage their private key securely in a way that’s resistant to theft by outsiders.
If you think 600 different people can secure their data perfectly, then have we got news for you. I could throw a party for 600 of the smartest people in the world, and chances are good that one of them would forget to wear deodorant. You simply can’t trust 600 different certificate authorities to properly manage their private keys.
And this is the problem. All it takes to compromise SSL is to get access to a single private key from one of the 600 certificate authorities. Once I have that, I can create a certificate claiming to be any site on the web, and your browser will accept it without question.
Fixing this problem won’t be easy. Already several proposals have been created, and many of them advocate eliminating the certificate authority (along with their multi-million dollar industry) entirely. Others have the CAs performing different roles, possibly even in conjunction with each other. Ars Technica recently published an overview of a couple of competing new standards.
Of course, deploying any protocol update will require the agreement of all the major browser vendors and possibly the existing certificate authorities (and they won’t go quietly if their role is reduced). And then it will take time for websites to generate new certificates and build out a chain of trust (however that would work).
Until then, it’s critical for end users to update their browsers and operating systems frequently. Certificate authority updates are published often, and having an outdated certificate in your browser is just asking for trouble. Automatic updating features are critical to ensuring proper application security for any app that relies on certificate validation.