Home New Notaries Needed For SSL Certs

New Notaries Needed For SSL Certs

Tim Greene, writing this week in Network World, brings up the latest developments in improving SSL certificates. As many of you recall, earlier this year we had two big security breaches involving these certs, including a situation where Comodo issued and then revoked a series of nine fake certificates. While the fakes weren’t actually used, it was a close enough call.

The problem is that your browser has a hard-coded list of certificate authorities (CAs).

If you haven’t ever been to this part of your browser settings, you can bring it up now (Firefox is Tools/Options/Advanced, Chrome is Tools/Options/Under the Hood, etc.) and see a long list of CAs, some from companies that you may recognize (Microsoft, Thawte, Verisign) and many from companies that you probably have never heard of. (How many of us had ever heard of Comodo before the cert hack reported earlier this year? My point exactly.)

Every time you go to a site using https:, it checks in with these CAs to determine if the cert from the destination website is legit or not. Most of the current browser versions will report on the identity of the website in the address bar and whether or not it checks out. If you go to PayPal.com, for example, it automatically redirects you to https: and you can click on the notification to see the cert as shown here:

To combat the bad guys, many more sites are now using SSL protocols: Gmail now defaults to it for reading your emails, for one notable example. But all this security infrastructure goes out the window if the certs can’t be trusted.

Getting a cert is easy: it just costs money (here is one place you can comparison shop for them) and even your friendly registrar can quickly provide one. You can also self-sign your website with your own cert, which will bring up a warning in most modern browsers for your visitors. When you purchase a cert, a chain of trust is established between the CA and your website using the cert, as you can see in the PayPal example above.

But what if this circle of trust is compromised, as the character played so brilliantly by Robert DeNiro asks in the “Focker” films? That is why we need an Internet SSL notary public for SSL certs. Unlike the notaries that we all use from time to time for our paperwork, the process would involve a crowdsourced collection of certs that people already have trusted, rather than a single entity that would vet the certs from on high.

And this being the Internet, of course there are two different proposed notary standards, called Perspectives, from a team at Carnegie Mellon, and Convergence from an independent test lab. They both make use of Firefox plug-ins, and both are relatively new and unused by the vast majority of sites and the browsing public. The idea is just like picking which search engine site you will use by default, you can also choose which collect of notaries to trust for your SSL certs.

Whether these notary efforts will catch on isn’t a sure bet: indeed, they have to be widely deployed before they are truly useful, and support more than just Firefox browsers too. But we definitely are overdue for better SSL root CA infrastructure, otherwise we will suffer the same fate as Ben Stiller’s character.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.