Restore the right to privacy with self-signed certificates

It seems that with every passing week we discover new ways that digital encryption and security is being subverted by government agencies domestic and abroad. It stands to reason that encryption can no longer be trusted if the master keys for that encryption become known to others. It’s far, far easier to get the keys than it is to crack the encryption, after all.

If this is the case, and certificates signed by certification authorities are compromised from the top down, then there’s simply no use in buying certificates any more. This should worry every CA out there. It should also worry every company that uses SSL to encrypt communications. No longer can any digital transaction be considered secure, nor any authentication data. If your single-sign-on Web app uses SSL provided by a CA, then all usernames and passwords must be considered compromised as well.

One of the major reasons that official certificates are purchased and used is to establish trust with the end-user. For public sites that use SSL encryption, an official certificate demonstrates two things: The site has been authenticated by a trusted CA, and the site owner has purchased the certificate for use in encrypting traffic to the site.

A certificate backed by a CA and bearing the site’s domain name serves both to encrypt the data and to cause the requesting browser or application to accept the certificate silently. Just about every browser and application that uses SSL encryption will throw a warning or an error if the certificate presented by a server is self-signed and cannot be traced back to a trusted certification authority, or does not match the requested domain.

This is a reasonable level of security, as it can prevent man-in-the-middle attacks, site redirections, and other nefarious schemes. Your data is encrypted, and you can trust that you’re actually communicating with your bank, or VPN, or stock brokerage site, without anyone being able to peer into the data, or steal it. Your browser doesn’t throw any warnings, and you get a nice little green box or lock icon in your browser assuring you that it’s safe.

However, if the keys to the various CA kingdoms are out in the wild and can easily be used to decrypt communications, suddenly the opposite is true. While your browser might trust the certificate, that certificate no longer means anything. It offers no real protection at all.

That’s where self-signed certificates come into play. With a self-signed certificate, your browser or application will throw that error and potentially make you jump through hoops to accept and use the certificate, but if you signed it, you know the keys aren’t available anywhere else. You can also make the key modulus as large as you reasonably can, without impacting performance.

The problem is that when Firefox throws up huge warnings and requires three clicks to accept the certificate, users are going to run away as fast as they can. In a perfect world, that’s how it should work, because that certificate can’t be traced to a trusted entity like GeoTrust or Thawte or another valid CA.

However, if it is established that valid CA keys are no longer private, then self-signed certificates would seem to be the way to go. For financial, legal, corporate, political, and private communications that need to be secure, the creation and maintenance of a private CA and the issuance of private certificates becomes a viable — and maybe the only — option. Instead of distributing root CA certificates and maintaining certificate revocation lists at the OS level, every company would have its own root cert, allowing clients to trust the certificates they issue.

This is already the case for internal security in many corporations and infrastructures, as many shops use private certificates within the network. However, within that closed-loop system, root certificate distribution to internal hosts is relatively simple. On a public scale, such as for Internet websites and applications, relying on self-signed certificates would be nowhere near as easy.

Frankly, it would make a huge mess of logistics and worrisome user acceptance. New methods would need to be created to make sure that client systems could handle a deluge of root certificates rather than the relatively small collection of trusted root CAs that are currently maintained, and secure methods of distributing root certificates to users would need to be developed.

It’s a poor design and realistically unsustainable, but it would be more secure than what we have now. If the keys to your stock brokerage site were compromised, it would only affect traffic to and from that site alone, not hundreds of thousands or millions of sites, as is the case for a global root CA. It would compartmentalize SSL encryption, and that would ultimately be a good thing, but it would come at a heavy price on all sides.

Of course, if SSL/TLS truly does have a backdoor implemented from the get-go, then all this would be for naught — the whole thing is a fraud.

The entirety of existing SSL communications and global root CAs starts and ends with trust. We trust that our OS vendor and our browser are maintaining accurate lists of root CAs. We trust that certificate revocation lists are being maintained. We trust that the companies that issue those certificates do not give away the keys by hook or by crook. We trust that our private communications are private.

At some level, it’s all trust. Once that’s gone, everything falls apart.

This story, “Restore the right to privacy with self-signed certificates,” was originally published at InfoWorld.com. Read more of Paul Venezia’s The Deep End blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.