[SSL Observatory] Number of CAs

Peter Eckersley pde at eff.org
Thu Dec 8 14:04:40 PST 2011 

On Wed, Dec 07, 2011 at 04:47:29PM -0700, Ben Wilson wrote:

> But I'm not sure where the use of this number will lead us, if we were to
> say for example that most system operators could live with 20 or 30 CAs.?
> Facing multiple simultaneous risks is nothing new. In our everyday lives we
> rely, simultaneously, on more than 20 or 30 people to do things right--I'll
> face that just driving home on the freeway tonight.

This is a really interesting analogy to the situation that TLS server
operators presently face.  It is also, I believe, a disanalogy in some
important risk assessment senses.

In the case of your drive home, it is true that you have to trust hundreds of
other drivers not to engage in reckless or malicious driving.  Your
strongest protection is that these other drivers would also endanger
themselves if they were careless and malicious.  The alignment of incentives
helps somewhat (and this is somewhat true for CAs, too).

Now let's consider the disanalogies.  The first is that the risks we're
talking about are multiplied across the millions of server operators and
billions of users who depend on TLS.  In that sense, it would be more
reasonable to compare the risks of CA proliferation to the road toll for your
entire metro area.  In other words, the risk is a serious problem, real
accidents are happening, they need to be prevented if possible.

A second disanalogy comes from the presence of known malicious actors.  We
know that state-supported actors have begun to attack TLS and CAs.  We can
also expect the commercial malware industry to begin attacking it if they
aren't already.  We know that these actors will figure out that they can
attack any CA's network connection in order to compromise any TLS server in
existence.  

So now reconsider the analogy from the perspective of a server operator that
knows they are targetted by these adversaries.  They are counting the number
of cars they have to trust on their drive home, given the knowledge that the
Russian mafia is definitely looking to hijack one so that they can cause
an unfortunate car accident.  Under these cirumstances, being forced to trust
/any/ other cars that you didn't get to choose and audit yourself starts to
become problematic.

Fortunately, I think this problem is fixable.  We just need to build the right
cross-checking protocols so that domains can't be attacked by CAs or third
parties other than those they chose to do business with.

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the Observatory mailing list