When infosec equipment vendor Blue Coat was issued an intermediate Certificate Authority (CA) signed by Symantec, not only did it create an uproar in the security industry, but it also (again) raised the question of why we're still using CAs.
Blue Coat has been in the limelight for its network monitoring and filtering devices finding their way into the hands of rather nasty regimes, and the granting of a CA had security industry pundits up in arms.
The fear was that wIth a trusted CA, Blue Coat devices might be able to fool users into thinking their TLS protected connections are safe when in fact their data is being intercepted.
Not great if you’re a political dissident in a country that does not take kindly to opposition, or if a government wants to find out your company’s trade secrets.
However, that fear seems to have been overblown.
Here's what Blue Coat told iTnews:
"After investigating the matter, Symantec has determined that the intermediary CA Symantec temporarily issued to Blue Coat was used privately and internally at Blue Coat and was used properly. Symantec maintained full control of the private key and Blue Coat never had access. Speculation that it was used in any other manner is unfounded. We expect Symantec will issue a statement shortly.”
Symantec’s still working on that statement but the security company’s already in the dog box with much of the internet for certificate cock-ups.
So it’s unlikely the company would want its already dented reputation in this particular area to be further undermined by allowing the trusted CAs it signs to be used for man in the middle attacks. If Symantec wanted to be untrusted by major browser vendors, producing MITM-enabling certs might just be the way to do it.
Leaving that aside, the CA that Symantec issued to Blue Coat couldn’t be used for undetected MITM attacks due to certificate pinning and other safeguards in popular browsers; there would be warnings alerting users that SSL security had been broken.
Which is not to say that kerfuffle didn’t serve a purpose. Despite X.509 certificates for SSL/TLS being opaque, it's comforting that there are watchers watching the watchers, trying to maintain the integrity of the system.
Do we need CAs?
CAs remain a weak link in today’s SSL/TLS “encrypt everything" world. Mistakes are made by CAs, there are rogue CAs, and the entire system seems untrustworthy when it should be the opposite.
As it happens, somebody’s already thought of a way to dump CAs. The formidable cryptographer Moxie Marlinspike has come up with the Convergence system that uses dynamic, distributed notaries that you decide if you want to trust, rather than relying on hard-coded digital certificates.
'Trust agility' is how Marlinspike puts it. His 2011 Blackhat presentation explains the thinking behind the flexible Convergence alternative to CAs:
It's clever, but five years on from Marlinspike's talk, we’re still struggling with CAs, despite what appears to be a good alternative.
This is because Convergence has a fatal flaw: there is little or no commercial aspect to the system, like there is with money-making CAs selling signed certs.
Convergence and other CA alternatives like Namecoin (which uses blockchains for SSL validation) could still happen, but it’d require one or more internet giants like Google and Facebook to start adopting them and wind down CAs.
It hasn't happened yet, but give it a few more years and the inevitable mistakes and abuses that the CA system invites means it could indeed be “not long for this world”, as Marlinspike wrote in 2011.
It won’t be a day too soon when that happens.