Go to page content

Plaintext
Information that makes security stakeholders better off

Article — by Alfonso De Gregorio, 09 September 2011

An Experimental Convergence Notary Service

Using network perspective for validating your communications security

At secYOUre we started operating an experimental Convergence Notary service.

For the past decade (and more), security practitioners have been warning about the architectural shortcomings, misaligned incentives, and every piece of brokenness related to today (x.509) PKIs.

From an economics perspective incentives are misaligned and we lack breach disclosure laws for Certification Authorities (CAs). So, looking back at the  Diginotar broken arrow and the Comodo-gate, it should come at no surprise that CAs are willing to hush up breaches as long as they can, get colluded browser vendors to cover up the same breaches, while consumers keep striving for cheaper certificates and issuers for higher margins.  

From a security architecture point of view, current practices and mechanisms are not supporting the certification and validation of digital identities as they should. As cases in point, it is a common practice for CAs to cross-certificate, making the entire infrastructure as weak as the weakest link, or also to validity check certificates using blacklist-based mechanisms (OCSP) — one of the dumbest ideas in security.

The last security incidents show, if ever was the need for it, how it is hard to entrust the authenticity of our communications to a PKI that already experienced two major failures since the beginning of the year, and when other CAs may have been breached and awaiting the discovery.

Solving the PKI failures we are experiencing requires a multi-dimensional approach. Information asymmetries need to be reduced. At the same time, we need to address the architectural issues, replacing broken mechanisms with properly-designed mechanisms that actually works.
 
This is not going to happen anytime soon. In the meanwhile, there is something we can do today to improve our security posture while accessing SSL-protected web sites.  
  

Convergence

Convergence is a secure replacement for the Certificate Authority System. Convergence is about validating the security of our communications using network perspective gained by dynamic set of Notaries the we, as users, may choose to trust at a given time. This contrasts with the current status quo, where web browsers comes with an hard-coded list of (almost) immutabee CAs.

With Convergence, each user can reverse her/his trust decisions at any time, so she/he is not locked in to trusting anyone for longer than she/he wants.

As remarked on the project website:

Convergence makes it easy for anyone to run their own trust notary. Each notary can only make security decisions for the clients that have chosen to trust it — so the security, integrity, or accuracy of a notary does not effect those who haven't selected it.

Using Convergence and the secYOUre experimental Notary is very easy and fully backward compatible with the existing deployment of certificates.

If you are a website operator, you are not required to change anything.

If you are an end-user here is the way to go:

  1. Install the Firefox add-on;
  2. Install the secYOUre Notary;
  3. Select who you trust by clicking the new icon on the top-right corner next to the URL bar;
  4. Be done with Certification Authorities.

You will never get self-signed certificate warning anymore and everything will work transparently, according to your trust profile.

For more, make sure to visit the Convergence web site for details and keep following this blog.