New Perspective on SSL Certs

Browsers are getting rather tough on sites that either use self-signed certificates or have expired certificates. A new certificate validation technique helps restore a bit of confidence that you're not experiencing a man-in-the-middle attack when certificate warnings arise.

Two students (Dan Wendlandt and Ethan Jackson) at Carnegie Mellon School of Computer Science have come up with a novel approach that gives a much broader perspective on a given SSL certificate (or SSH key for that matter).

The duo developed a new set of tools, including a plugin for Firefox, that can query a system and look at its certificate or key fingerprint from a variety of points around the Internet.

As you know, a man-in-the-middle attack involves three players: The user ('A' in this example), the attacker ('B' in this example) and the destination site ('C' in this example). So the data flow of an attack pattern looks like this: A -> B -> C or A The a self-signed certificate is involved it's far easier for the attack to mimick that certificate and thereby insert himself or herself between point the user and the user's intended destination site.

Wendlandt and Jackson's approach is to get some outside help verifying the key by asking at least 4 other systems (called 'Notary Servers') around the Internet what they see when they look at a destination site's key. The theory is that an attacker is more unlikely to be able to take over the routes between a given destination and all the Notary Servers, and therefore is likely to be able to spoof a key.

So if all the Notary's see the same key that your system see's then there's some amount of increased confidence that a man-in-the-middle is not taking place.

You can read all about it at the duo's related Web page and give it whirl using the plugin or their test Web page.

Pretty cool idea. And if it were rolled out in a widespread fashion with enough trusted Notary Servers then such a system could, in theory, replace the need to use a trusted certificate authority to sign keys. I'm not so sure that would actually happen, but the potential is definitely there.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.