TLS & Certificate Challenges
Published on 2017-02-26
As a response to this post about ditching certificates in TLS, I thought of some other approaches that may improve the situation for the user when dealing with phishing on the "modern" web. I also posted a comment there, but will expand a bit on that here.
A possible alternative, without getting rid of certificates right away, could be to reduce the possibility of users being phished using current deployed technology with some (minor) changes. Although, getting rid of X.509, and ASN.1, would be a way to greatly reduce the attack surface by and of itself. Also the number of (semi) trusted CAs part of browsers is staggering.
Reduce number of CAs
A possibly way towards getting more control over trust in the CA system, may be to greatly reduce the number of CA certificates in the browsers. Ideally it'd be restricted to a handful of CAs.
For DV a limit number of CAs could be used, after all, if certificates are free, and so is the tooling, maybe we only need a few, maybe only Let's Encrypt.
The rest of the CAs would only provide EV certificates. It would be great to have less than 20 CAs in your browser that have no ability to create sub CAs and must provide a complete CT log.
Restrict the CAs
Furthermore, a CA could be tied to a (subset) of possible
(cc)TLDs to sign
using some kind of X.509 extension. For example only European CAs can sign
EV certificates for .nl or .de domains, but they would be unable to do so
for .us.
Browser Trust Levels
This way, different browser capabilities depending on the level of trust. For
example, HTTP only would completely disable JavaScript, cookies and not even
allow <form> submits. A DV certificate would allow "normal" operation, but
block things like submitting credit card numbers or SSNs. Having an EV
certificate would remove those restrictions.
Of course these suggestions could be implemented and rolled out in addition to each other, TOFU and for example DANE with DNSSEC and we'd eventually settle on a mix of solutions where ideally the user is more safe from phishing and the attack surface of the technology will be substantially reduced.