aboutsummaryrefslogtreecommitdiffstats
path: root/posts/tls_challenges.md
blob: 178323cdf5d9ed3c81298e411743a0f856c839d7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
---
title: TLS & Certificate Challenges
published: 2017-02-26
---

As a response to 
[this](http://blog.xot.nl/2017/02/26/fix-tls-lets-get-rid-of-certificates/) 
post about ditching certificates in TLS, I thought of some other approaches 
that may improve the situation for the user when dealing with phishing on the 
"modern" web. I also posted a comment there, but will expand a bit on that 
here.

A possible alternative, without getting rid of certificates right away, could 
be to reduce the possibility of users being phished using current deployed 
technology with some (minor) changes. Although, getting rid of 
[X.509](https://en.wikipedia.org/wiki/X.509), and 
[ASN.1](https://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One), would be a 
way to greatly reduce the attack surface by and of itself. Also the number of 
(semi) trusted CAs part of browsers is staggering.

### Reduce number of CAs

A possibly way towards getting more control over trust in the CA system, may 
be to greatly reduce the number of CA certificates in the browsers. Ideally 
it'd be restricted to a handful of CAs.

For [DV](https://en.wikipedia.org/wiki/Domain-validated_certificate) a limit 
number of CAs could be used, after all, if certificates are free, and so is the
tooling, maybe we only need a few, maybe only 
[Let's Encrypt](https://letsencrypt.org/).

The rest of the CAs would only provide 
[EV](https://en.wikipedia.org/wiki/Extended_Validation_Certificate) 
certificates. It would be great to have less than 20 CAs in your browser that 
have no ability to create sub CAs and must provide a complete 
[CT](https://en.wikipedia.org/wiki/Certificate_Transparency) log.

### Restrict the CAs

Furthermore, a CA could be tied to a (subset) of possible 
[(cc)TLDs](https://en.wikipedia.org/wiki/Country_code_top-level_domain) to sign
using some kind of X.509 extension. For example only European CAs can sign 
EV certificates for `.nl` or `.de` domains, but they would be unable to do so 
for `.us`.

### Browser Trust Levels

This way, different browser capabilities depending on the level of trust. For 
example, HTTP only would completely disable JavaScript, cookies and not even 
allow `<form>` submits. A DV certificate would allow "normal" operation, but 
block things like submitting credit card numbers or SSNs. Having an EV 
certificate would remove those restrictions.

Of course these suggestions could be implemented and rolled out in addition to 
each other, [TOFU](https://en.wikipedia.org/wiki/Trust_on_first_use) and for 
example 
[DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) 
with 
[DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) 
and we'd eventually settle on a mix of solutions where ideally the user is more 
safe from phishing and the attack surface of the technology will be 
substantially reduced.