Martin Pool's blog

SSL sucks

mpt has a great post on why SSL sucks.

To me, SSL security certificates have always seemed particularly stupid usability-wise. As I understand it, the system works like this:

  1. Alice trusts Fred.
  2. Fred trusts Bob.
  3. Bob gets a certificate of trustworthiness from Fred.
  4. When Alice visits Bob's page, Bob shows Alice his certificate to demonstrate his trustworthiness.

The problems with this system are as follows:

  1. Alice doesn't really trust Fred.
  2. Fred doesn't really trust Bob.
  3. Getting a certificate is too hard, so Bob doesn't bother.
  4. When Bob shows Alice his certificate, Alice isn't paying attention.

Nice example of security having nothing to do with the length of your keypairs. (Or rather, I suppose, proper crypto is a necessary but far from sufficient condition.)

Compare and contrast to SSH host and user certificates: no key-distribution infrastructure by default, although you can build it. In the way they're normally used, all it does is give you some kind of indication that the host you're talking to is the same one that was previously on this address: and the remarkable thing is, much of the time that is an adequate protection. If you want a stronger assurance on the first connection, you can authenticate the host's fingerprint by some other means, such as getting it in signed email. If you're really hardcore you can do things like publishing a signed key in secure DNS. At no point is there a bogus requirement to pay Verisign.

biglumber.com is trying to bootstrap SSL certificates from the GPG web of trust. I think this is a pretty good concept, at least for sites accessed by the kind of nerd who knows what a GPG key is. It might be nice if this could be integrated into the client, rather than requiring eyeball comparison of hex fingerprints.

I suppose you could have a little standalone program that checked certificates on demand, and fed them to Mozilla...

Archives 2008: Apr Feb 2007: Jul May Feb Jan 2006: Dec Nov Oct Sep Aug Jul Jun Jan 2005: Sep Aug Jul Jun May Apr Mar Feb Jan 2004: Dec Nov Oct Sep Aug Jul Jun May Apr Mar Feb Jan 2003: Dec Nov Oct Sep Aug Jul Jun May