Slashdot

when Microsoft released that update for IE that included lots of new CAs? Anyone think this one will be included in the next one? My guess is no, judging from Microsoft's general resistance to anything open.

But, we might be surprised. Opinions anyone?

ps. Maybe they should patch the browser first ;)

I'm sure Mozilla/Opera might, but what about Microsoft? If Internet Explorer doesn't support it's unfortunately not very useful.

The mythical "web of trust" we were supposed to have in Verisign/Thawte/etc... is finally comming true in a NON-PROFIT entity.

Too bad this cert isn't defaultly trusted by IE/FireFox.

Interesting side note: when I recieved the registration email from them, Outlook 2003 (yeah, I know...) marked it as "junk mail".

Many ISP's and low-budget group have self-signed certs. They're easy to make. Hopefully this project will make it easier. I have quite often seen sites with a self-signed cert and another page giving the fingerprint of the cert. Most vendors allow these, but they aren't "trusted".

The only reason the big companies charge so much (their claim, not mine) is the insurance they provide, and the fact that they are "trusted" by the various vendors.

Any new group wanting to be a trusted CA will face the liability issue -- if one of your customers sues you, even if you try to disclaim all liability up front, you will still face massive court fees. Even if you won in court, you would lose financially if not insured.

There is no technical or logistical problem with setting up a Free (and free) common-geek's CA, the problems are entirely legal ones. I know because I looked into it right after SSL came out. It looks like a good business plan, right up until someone takes you to court.

While I normally think the government should keep its nose out of most places, I think this is one place where the goverment could actually do some good. Just like many states and goverments proved offically accepted picture IDs to individuals, I think they could easily set up a service to provide offical digital IDs to all the citizens. Companies like Verisign may still have a role in providing corporate certs, etc, but I think the goverment is the best way to provide a universally recoginized digital ID to everyone.

The whole notion that a Cert authority is needed is essentially bogus in my opinion. We've been rolling our own certs for years for all but the main e-commerce web servers. Who wants to pay the outrageous extortion fees Verisign/Thawte charge and jump through the goofy hoops? I bite my lip and do this every two years for the main web server just so my clients don't totally (unnecessarily) freak out at the prospect of a dialogue box popping up in SSL mode warning them that Microsoft's "paranoia-protection-money" wasn't paid-off.

The Cert authorities are a joke. We registered one CA with Verisign with virtually no documentation, and another time, when renewing an existing, different cert, they demanded everything short of a blood test for "authentication." It's nothing short of criminal considering they charge $200+ for something that takes 10ms to generate that they make people wait weeks for, and in no way guarantees superior security, and they'll make certs for anyone with money so the identity checking is BS and moot.

I'm all for a free certifying agency, but you can also roll-your-own with OpenSSL.

Note: If you plan to use these certificates with Internet Explorer, Outlook, or Outlook Express then generate the certificate from within Internet Explorer. They can't be sucessfully imported into Internet Explorer. Believe us, we've tried...

Could this be the begining of a true 'open' certificate authority?

Stumbling blocks would be that Verisign would still be the expensive 'gold standard' for quite a while because its always been compatible from the earlydays in the most number of browsers, and another would be getting enough funding to pay for the identity check and other redtape that it takes to really be a 'trusted' cert authority.

I wonder what the cheaper CA's like thawte and geotrust think...

--

Somehow I don't feel all that secure when the site went down in 3 minutes...

This is one of those things we all say to ourselves "they should do this," yet it never happens. I'm really glad to see this. I can't wait until I can start recommending clients to them and supporting them with large (yet still much cheaper than Verisign/Thawte!) donations. :)

Does anyone else find it somewhat offputting that they include links to both validate their XHTML [w3.org] and validate their CSS [w3.org] on the bottom of their homepage, yet both return a number of errors stating that their page is neither valid XHTML nor uses valid CSS?

Even more oddly, for a brief instant when I went to their homepage, I got a default Apache index listing, rather than their homepage. It included links to things such as their PHP MyAdmin directory [cacert.org], a number of PHP files, and three zipfiles named Bruce-someversionnumbers.zip.

I don't see what everyone is crying about certs costing money for. Seeing as how i've setup online shops for several people using certs, I think for what they do, the cost is justified.

Not just anyone can get a CA cert. You have to be a business, I know verisign wants a copy of your business license, ect before they even issue you a cert.

Now we got this "open CA". Who is going to check if these are legitimate businesses? Will there be any checks done at all, or will it just be "by the truckload" as the headline said?

I'm all for saving a buck as much as the next guy, but when I shop online, knowing that the cert came from a trusted source that actually checks if it's issuing a cert to a legitimate business like verisign or thawte puts my mind, as well as the minds of a lot of others.

Just a question, how much this is different than www.wildid.com

My question is, since (currently) IE is the dominant browser, the value of this service is going to depend upon whether or not this new CA can be designated as "trusted" by Microsoft.

We know this ultimately comes down to how much Microsoft would charge for this certification. Does anyone have any idea what the costs are? I imagine it would be some sort of subscription arrangement where you have to pay in perpetuity to Microsoft in order to not have your trusted status revoked. But how much? And would Microsoft let an open CA even exist in the first place?

Most certificates certify nothing. The issuer guarantees nothing, and the "relying party agreement", if you can find it, promises very little, if anything.

For example, see the TrueSite Relying Party Agreement. [geotrust.com] "The Service is provided on an as-is basis without warranties of any kind".

Even Verisign's Relying Party Agreement [verisign.com], while it does offer some warranties, has a complicated scheme for weaseling out of Verisign's obligation to verify the certificate holder's identity. The relying party agreement refers you to the CPS Section 11 [verisign.com], says "Issuing authorities (and VeriSign, to the extent specified in the referenced CPS sections) warrant and promise to ... perform the application validation procedures for the indicated class of certificate as set forth in CPS Section 5, Validation of Certificate Applications [verisign.com]." There, Verisign says "The IA shall confirm that ... the information to be listed in the certificate is accurate, except for nonverified subscriber information (NSI). [verisign.com]" The linked definition of "nonverified subscriber information" is "Information supplied to a certification authority as part of a certificate application". So Verisign doesn't actually stand behind any of the information in their certificates.

This is much weaker than a signature guarantee by a commercial bank, where the bank guarantees to other parties that the person was properly identified. But it costs more.

I'd like to see banks belonging to Visa International and MasterCard issue digital certificates, and require that their certificates had to be on a page that accepted their credit cards. Certificates from banks would actually be worth something.

When I saw this news, my reaction was that it's great and I want to support it. Verisign et al have been too greedy for too long.

But we have to be careful that we don't let our "wish to believe" blind us to the need for some caution here. Take at look at CACert's site. You'll find carelessness, spelling mistakes, pieces that have not been thought out. Running a CA properly requires meticulous attention to detail, and their site shows the opposite. On the very first page when you sign up, it asks for your name, date of birth, and "country". Is that country of citizenship, or country of residence?

Then there's the reliance on "government ID". If somebody presents Nigerian ID, or Dominican Republic ID, what exactly is that worth? It's not worth anything, you can bribe officials in those countries (and many others) to issue whatever official document you want. Does that mean that citizens of Nigeria can never be trusted? That's well over 100 million people in just that one country, most of whom are honest and trustworthy. It's ridiculous to exclude so many people from receiving certificates just because their bureaucrats are corrupt, and it's completely contrary to the transnational spirit of the Internet.

In conclusion, the idea behind CACert is a good one, but the people running it don't seem to be doing a good job. I hope that somebody else takes up the idea and does it better. There is no reason why there should not be more than one volunteer-based CA.

X.509 binds names to keys; it's the name that matters in an X.509 system. But because there aren't enough bits in the human-language name to uniquely identify every entity of interest in the network, X.509 is based on X.500 naming, which mates the human-language name (common name, or CN) with that name's position in the global directory. Together they form the distinguished name, or DN.

X.500 naming, however, presumes a single, global namespace. The X.500 directory was intended to be a single directory for the entire planet providing unique, inescapable names for everyone.

Yeah, right. Like that's going to happen.

As a result, X.509 is carved into literally hundreds of local namespaces. But since we're stuck with the *name* as the principal, we have to use that X.509 name *globally*. There are multiple ugly kludges to get around the name problems as a result.

This makes X.509 complex, fragile, and difficult to deploy correctly.

But everyone (potentially) has a globally unique identifier-- the public part of an RSA key. Randomly generated, 2^42 512-bit RSA keys have a probability of colliding on the order of 2^(-429); even the SHA-1 hashes have a collision chance of 2^(-77). Keep in mind that we use 1024-bits as the default nowadays.

So if you use the public key as a name, it solves a whole raft of problems.

This is what SPKI/SDSI does. SPKI is key-centric; names are a local convenience; keys are bound to names instead of the other way around, and all names are local to that key. Every participant has a key pair. The public part is the identifier for the keyholder, and the keyholder authenticates himself simply by proving that he has the private part.

Keep in mind that the whole issue of binding keys to actual people can't be addressed by a PKI, it has to be addressed by strong key storage and access controls and is the same across for X.509 and PGP/GPG as it is for SPKI.

This is similar to the web of trust, but I don't need introducers (well-connected keys) to make it work right.

SPKI goes on to recognize that since authentication is simple, what we really need from SPKI is authorization. The whole of SPKI is intended to define a flexible method of allowing authorization *and authorization delegation* in a simple, distributed fashion. SPKI defines an authorization *language* so that authorizations can be chained *without the SPKI library knowing what the tokens actually mean*. This means that a single library can handle the permission sets of all applications. In addition, the language rules prevent all entities in the chain of delegations from being able to exceed the permissions he was granted.

Achieving the same under X.509 (using attribute certificates, for example) is next to impossible. ACs don't delegate (well, the standard itself says technically you can but you *shouldn't*); aren't truly distributed (i.e., the AC acts as a single choke point in granting permissions, which SPKI avoids), and doesn't model the way trust naturally flows in an organization of people (whereas SPKI allows you to source and pass around trusts in more natural ways).

Very cool stuff. SPKI shows up in all kinds of places. Carl Ellison's homepage provides the best jumping-off point if you want to learn more:

http://world.std.com/~cme/html/spki.html