There have been various stories over the past month adding to why SSL is a broken technology for securing our Internet connections (people have been saying this for years).
Modern web browsers contain many ‘root certificates’ these contain the public keys of the various ‘trusted’ certificate authorities that your web browser trusts, and in turn, you trust. Mozilla Firefox for example trusts a few hundred CAs that you are also obliged to trust (Listed in Preferences->Advanced->Encryption->View Certificates). Incidentally, when a CA has its certificate included in a browser’s root certificate list, if you visit an SSL website which that CA has signed then it is an auto-trusted connection and you get the nice secure padlock in your browser with no warnings.
Firstly I will highlight some issues that are inherent in a Public Key Infrastructure (which SSL is based on). So xyz.com goes to a CA (that you have blind trust in) to obtain an SSL certificate. If the CA is any good they will run significant background checks to ensure xyz.com and it’s owners are trusted and that the person applying for the certificate really owns xyz.com. These are some baseline standards you need for this PKI model to be remotely secure.
Now once a certificate has been issued correctly to xyz.com, if that certificate is stolen or leaked then there is a problem because SSL/PKI is traditionally an offline model i.e the CA shouldn’t have to be online. To counter this a CA will use a ‘revocation list’ which is a blacklist of bad certificates. So this list needs to be queried each and everytime an SSL connection is made. This has also been improved with the recent Online Certificate Status Protocol, which essentially queries the CA in real time for blacklisted certificates. All this assumes though that CA has been informed that the private certificate of xyz.com has been compromised. What if it has been covertly leaked or stolen with no one aware? Big problem! Is it always in a companies best financial interest to go public when they get badly hacked?
So so far, you are blindly placing trust in some company you’ve never heard of (because your browser’s developers trust them) that gets paid to issue certificates to people. And if an SSL private key is stolen and your CA doesn’t become aware of it then you could easily be victim to a man-in-the middle attack with no warnings what so ever.
Next, onto the more recent and scary stuff! 
—–>
In late March, the EFF mentioned some concerns about SSL and state agencies. Of course this seems completely plausible. Most companies have to cooperate with state-level surveillance if requested. It is something that has never really been discussed before though. The fact that a root-trusted CA might be handing out arbitrary certificates is slightly concerning, and essentially bypasses the high-level encryption involved in the connection.
At the end of March, a study showed it was worryingly easy to purchase an SSL certificate for a domain you don’t own. This highlights the great background checks that the CAs (whom we trust) do on people who approach them to buy certificates… Essentially the researchers created an account with a Web Mail provider with a name like ssladmin@…com then approached a CA (RapidSSL), went through the registration process and had an SSL certificate for that Web Mail domain in 20 minutes! This opens doors to man-in-the-middle attacks with no browser certificate warnings, making the SSL channel encryption useless.
In early April, Mozilla announced there was a root certificate included in Firefox to which they had no idea who owned it. Great! Luckily it turned out to be an old unused one from the RSA security company. If this certificate was owned by a bad guy, any site signed by that CA would be auto trusted by the browser. One would expect Mozilla’s book keeping to be a little better.
Then of course there is the simple fact that users are often oblivious to security warnings, there is a high probability that if I man-in-the-middle an SSL connection with a fake certificate the user will blindly ignore the invalid certificate warning the browser presents them with.
Certainly, whilst SSL is better than nothing you really do have to wonder what is going on behind the little secure padlock icon whilst doing your “Secure Browsing”. Time for something new?