DEFCON 2011: SSL and the future of authenticity

Creative Commons photo courtesy of Joe Shlabotnik's Flickr photostreamI had the pleasure of attending Moxie Marlinspike’s DEFCON talk “SSL And The Future Of Authenticity.” Marlinspike is a great presenter and he doesn’t just point out the problems with what we are doing now, but proposes solutions, often with working proof-of-concept code.

Marlinspike didn’t disappoint and began the talk with a funny story, rather than the typical boring bio. More importantly, he followed this with a detailed explanation of the current problems with SSL and how we got to where we are today.

Chrome's certificate managerHe argues that the biggest issue is with authenticity. Authenticity today is verified by a list of “trusted” certificate authorities (CAs). Marlinspike points out that you must trust these CAs and today the average browser trusts more than 600. Can you say you trust each and every one?

Another issue is that CAs have had a history of not always doing their jobs properly, and occasionally demonstrating that they cannot be trusted.

What is the purpose of authenticity? Mostly to ensure that you are talking to the entity that you intend to and that no one else is listening. Authenticity provides protection against man-in-the-middle (mitm) attacks using tools like Marlinspike’s sslsniff.

This is the biggest problem with the existing CA system. Every major government in the world and many minor ones have the ability to sign any certificate they wish.

Could DHS get a certificate saying they are Google? I’m guessing they can. How about the People’s Republic of China (which blocks Naked Security)?

Marlinspike proposed that we use a system of notaries based upon research conducted by the Perspectives Project at Carnegie Mellon University.

Convergence logoHe announced his project, which builds on the research, called Convergence. The idea behind Convergence is to download the presented SSL certificate directly and then ask a series of trusted notaries to download the certificate and give it to you as well.

You can then compare the certificates to yours to determine whether your connection is being spied upon. This allows for the user to decide who to trust, and also eliminates the need to purchase certificates or trust CAs.

Convergence adds another layer on the Perspectives Project as well. To be sure that your queries are anonymous, you go through a proxy notary so that the notaries responsible for retrieving certificates will not know who may have requested the service.

It is a very interesting solution that still has a few kinks to be worked out. If you would like to try it, you can download a beta Firefox extension from

You can also download the notary code and run your own server. Friends can share notaries with one another to build their own personal trust web.

I was thinking you may even choose to trust two notaries that you know you *don’t* trust. Trust both the DHS and PRC and they are unlikely to agree about an attack against your privacy that either is conducting.

Creative Commons photo of Moxie soda courtesy of Joe Shlabotnik’s Flickr photostream.