Wrong Answers from Authoritative Parents: Building Trust through Convergence

10 10 2011

by Christian Roylo

Do you remember throughout your childhood when it seemed that your parents knew the answers to everything?  Then, as you reached your teenage years you figured out that no matter how much you trusted your parents, they did not always have the right answers?  You then turned to other sources for answers: your friends, teachers, extended family members, magazines, books, and television.

The state of practice in Internet security seems to now be in the “teenage” phase of life: a realization that that the traditional “authoritative parent” models of security may not always produce the right answers, and sometimes cannot even be trusted.  Driving factors for this paradigm shift include the arguments that authoritative parents are getting too old to handle their teenagers (current Internet security models were based on models designed for a “younger” Internet), or that parents are becoming “big brother” (interested in monitoring secure communications).  Thus, it is natural for Internet security models to follow the move towards dynamic and distributed trust models.

Bad analogy aside, there has been recent research suggesting that the current SSL Certificate Authority security model, which is based on trusting traditional “authoritative parents”, is flawed [1] and one proposed fix, dubbed Convergence, utilizes a dynamic and distributed trust model that could help users protect themselves against SSL certificate related attacks.

Security researcher Moxie Marlinspike introduced Convergence at the most recent BlackHat and DefCon conferences where he explained that he based his model on the “Perspectives” research project conducted at Carnegie Mellon University.  Unlike the traditional Certificate Authority system that employs a set list of immutable Certificate Authorities, Convergence works on the principle of collective trust through utilizing servers called “notaries”.  These notaries will verify a web site’s certificate by viewing them through different “network perspectives”, comparing certificates by observing them from different networks and geographic locations. [2]

The system was designed to address some of the security weaknesses of SSL such as the issuance of fraudulent certificates, which could be used to conduct man in the middle attacks and surreptitious monitoring.  Marlinspike’s release of Convergence could not have been timed better.  It was only months earlier that Certificate Authority Comodo Group Inc was attacked by an Iranian hacker who tricked Comodo in issuing fraudulent certificates for Gmail, Yahoo Mail, and Hotmail. [3]    Shortly after Convergence’s release, CA DigiNotar was attacked, resulting in the issuance of 531 fraudulent certificates for web sites such as cia.com, google.com, facebook.com, and other root CAs. [4]   Just today, GlobalSign is being reported to have stopped issuing SSL certificates while it investigates claims that it was a recent victim of an attack. [5]

The framework for Convergence is based on the idea of “trust agility” which consists of two fundamental principles that are missing from the current CA model.  This is described in a blog post by Marlinspike as [6]:

  1. A trust decision can be easily revised at any time
  2. Individual users have the option of deciding where to anchor their trust

Convergence, which is currently in beta-testing phase, is a web browser add-on that will replace the existing CA infrastructure.  When a user initiates a web site visit, Convergence will compare the certificate obtained from the visit initiation to the certificates that were obtained by the notary sites.  A mismatch of certificates indicates a fraudulent certificate.   Convergence, which can be downloaded at http://convergence.io/ , is currently only available for the Firebox browser.  Google announced that it is currently not planning on implementing it in Chrome.  [7]

Although Convergence is in its infancy, a big challenge for Marlinspike is reaching a critical mass of users.  This may help to influence Google and Microsoft to include it in its browsers and companies to sponsor additional notary servers.  However, Convergence had received a big boost when just last week, security firm Qualys stated that it would finance and support two notary servers [8].

As highlighted by the development of Convergence, Information security development should start to follow the natural progression of Internet itself.   As Internet innovations move towards distributed, cloud, social, web-of-trust, and crowd-sourced models, we should see (and welcome) information security models moving in this direction as well.

Whether Convergence is successful in reaching critical mass is something we will have to wait to see; however the fundamental principle of moving trust away from centralized authoritative parents to distributed models will likely be the future of security.  It is as certain as the teenager, mentioned at the start of this post, growing up to become a parent himself, and his teenage children turning elsewhere to seek answers.  When that happens, the cycle starts all over again and someone will come along to develop Convergence’s successor.


[1] Higgins, Kelly Jackson, “Researcher Exposes Flaws in Certificate Authority Web Applications”, 8/2/09, http://www.darkreading.com/security/application-security/218900378/index.html

[2] Marlinspike, Moxie, “BlackHat USA 2011: SSL And the Future Of Authenticity”, http://www.youtube.com/watch?v=Z7Wl2FW2TcA

[3] Bright, Bright, “Independent Iranian Hacker Claims Responsibility for Comodo Hack”, 3/28/2011, http://www.wired.com/threatlevel/2011/03/comodo_hack/

[4] Prins, J.R. “Interim Report, DigiNotar Certificate Authority breach ‘Operation Black Tulip’”, 9/5/2011, http://www.rijksoverheid.nl/ministeries/bzk/documenten-en-publicaties/rapporten/2011/09/05/diginotar-public-report-version-1.html

[5] Leyden, John, “GlobalSign stops issuing SSL certs, probes hacker claims”, 9/7/11, http://www.theregister.co.uk/2011/09/07/globalsign_suspends_ssl_cert_biz/

[6] Moxie Marlinspike, “SSL And The Future of Authenticity”, 4/11/2011,  http://blog.thoughtcrime.org/ssl-and-the-future-of-authenticity

[7] Goodlin, Dan, “Google: SSL alternative won’t be added to Chrome”, 9/8/2011, http://www.theregister.co.uk/2011/09/08/google_chrome_rejects_convergence/

[8] Goodin, Dan, “Qualys endorses alternative to crappy SSL system”, 9/30/2011, http://www.theregister.co.uk/2011/09/30/qualys_endorses_convergence/