Myths: SSL Is Broken; CAs Aren't Valuable

Posted 2013-09-10
value of SSL and CA security

By Rick Andrews

There is a lot of muttering going on at conferences and in online articles by both experts and interested amateurs about whether the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) ecosystem is broken. A vocal minority are even wondering if we should stop using certification authorities (CAs) altogether.

These questions are outgrowths of the misconceptions about TLS/SSL and CAs that continue to flourish in the industry.

Some claim that all SSL certificates are the same. Others say CAs don’t provide value and are not well-regulated—just look at the public failures! Another myth is that SSL itself is outdated and buggy.

Let’s set the record straight.

Is SSL Broken?

Some people say that SSL is broken and beyond repair. They argue that there is a need to find a replacement system for authenticating identities online. However, the SSL protocol has proven to be remarkably robust, and SSL certificates remain the world’s most reliable and scalable cryptographic system. The high-profile security failures involving SSL were due to the lack of proper internal security controls at the end-entity level, rather than a system-wide failure.

Most CAs are focused on tightening global standards to mitigate such incidents in the future. While no security solution is fully foolproof because of evolving threats, the best option for the future is one that focuses on making practical, scalable enhancements to the current system instead of trying to replace it with systems that are untried and untested in scale.

So is SSL an outdated system with too many vulnerabilities to work long-term? As a key component of Internet security for nearly 20 years, certificates from publicly trusted CAs remain the most proven, reliable and scalable method to protect Internet transactions. CAs continue to work in collaboration with the industry and security ecosystem players to enhance the SSL protocol and enable additional functionality that will continue to protect all users and meet evolving threats.

But not all types of certificates are the same. CAs issue a variety of certificates to handle different purposes. This includes code-signing certificates that protect applications from tampering and malware, SSL certificates that secure Website transactions, client-authenticated certificates used in enterprise public-key infrastructure (PKI) settings, and Secure Multipurpose Internet Mail Extension (S/MIME) certificates that authenticate email exchanges. CAs also offer TLS/SSL certificates with varying levels of validation.

Depending on the certificate, a CA may verify: the registration or control of the domain to the entity requesting a certificate; that the organization is a registered legal entity and the person requesting the certificate is authorized to act on its behalf; that the organization has a verified identity and phone number, legitimate business address and verified requester; and that both extended-validation (EV) and (OV) certificates include identifying information about the certificate holder in the organizational field of the certificate.

Some industry people believe that hundreds of intermediate CA certificates are issued by hundreds of different CAs, making SSL a commodity business with too many certificates to handle. Although hundreds of intermediate certificates may exist worldwide, Mozilla’s root store lists approximately 65 proprietary holders of trusted root certificates. In addition, nearly 90 percent of all Internet SSL certificates issued originate from the root certificates of the world’s five largest providers.

Each CA is subject to standards passed by the Certification Authority/Browser Forum (CA/B Forum) and is audited by an accredited third-party accounting firm. The CA/B Forum, initiated in 2005, is a standards body that strives to implement standards across all CAs, as well as browsers such as Chrome and Firefox.

Even so, we still hear protests that certificate revocation is either unnecessary or broken, and that its benefits do not outweigh the potential browser-performance issues. In truth, certificate revocation plays a key role in the SSL ecosystem as a leading authentication tool in determining whether a certificate should be trusted.

Billions of certificate status requests are sent each day to revocation response servers located worldwide. These servers inform the browser about whether or not a certificate should be valid, and they protect users by ensuring that browsers navigate to trusted pages. Many CAs are working with browsers and other parties to further improve existing methods and develop new revocation systems that effectively balance performance and security and provide a faster trusted experience for all Internet users.

Why Use CAs?

Do CAs provide enough value? For the past 20 years, CAs have been the guardians of online trust by putting their own reputations on the line. CAs invest a lot of effort in securing their internal operations and data centers, training their staff on best practices for certificate validation and issuance, and enforcing industry controls using periodic vulnerability and penetration testing along with annual third-party audits. Most CAs belong to the CA/B Forum, hold each other accountable and work to ensure that the incidents faced by a few CAs in 2011 are not repeated.

One misconception is that CAs are not regulated, when in reality CAs are subject to rigorous audits. Third-party qualified firms conduct the audits, and strict criteria are set forth by leading browsers before they are accepted into the browser root stores.

Solid and publicly available baseline requirements and guidelines establish global standards for certificate issuance and CA controls that will soon be included in those third-party auditing standards. Noncompliant CAs can be excluded from the root store by the browser companies.

Another complaint from people who are proposing alternative models of assurance is that CAs are limited, unresponsive and unwilling to accept new changes needed in the TLS/SSL protocol. In truth, it is nearly the opposite.

A large number of CAs participate in industry standards-making bodies, educational groups and research organizations that regularly assist in creating proposals and adopting standards. CAs actively work with browsers, relying parties and other stakeholders to enhance Internet security through practical, thoughtful measures and collaborative research. Much of this dialogue takes place in a public setting, such as CA/B Forum discussions.

Do CAs have any incentive to innovate and make needed changes? Absolutely! Because the CAs’ reputations are essential to their survival, they feel a sense of urgency to enact needed changes and are working together to enhance the SSL system. Every time news spreads that a CA has failed, the reputation of all CAs—and the system itself—suffers.

Therefore, most CAs work very hard to evolve the industry and maintain an aggressive and effective security posture toward their own systems and those of their clients. Mandatory standards recently adopted include baseline requirements, network security guidelines, and EV code signing and enhancements to EV SSL standards, while others are currently being debated.

The TLS/SSL ecosystem has matured over the past 20 years and has become the cornerstone of trust on the Internet. Because of the huge investments CAs have made for their own future and the state of SSL, it is safe to say that TLS certificates from CAs will remain an ever-improving fixture for years to come.

Although the concepts underlying digital certificates haven’t changed much, new ways to manage certificates, higher encryption levels and extended validation certificates are being developed. And while detractors can point to a small number of isolated incidents that have eroded trust in CAs, we think it’s fair to say that the development of better standards—along with the support and collective accountability of the CA/B Forum—will enable CAs to remain the guardians of trust for years to come.

Rick Andrews is on the steering committee of the Certificate Authority Security Council (CASC), an advocacy group of global certificate authorities committed to best practices that advance trusted SSL deployment and CA operations, as well as the security of the Internet in general.