Let’s Take Back The Certificate Authority (opens in new tab)

I ran the technical side of a global CA for 5 years (left the industry early this year) and I can tell you that while validation (outside of EV) is relatively simple, the technical/legal/audit aspects add up to a significant cost.

If you want to run a CA you need to obtain sufficient funding (on an ongoing basis, these aren't all one-time costs) to do things properly. Properly means expensive audits, expensive HSMs, expensive secure rooms with multi-factor authentication to enter, auditing of all actions, long-term record retention, reliable and performant OCSP responders, endless documentation (DR, secure hardware lifecycle policies, etc), being an active member of the CABForum to drive your agenda and keep abreast of changing industry requirements, and much, much more. Of course, by doing so you are attempting to upend a multi-billion dollar industry, so expect a political fight with the CAs and potentially the browsers as well...

These problems are part of what lead people to prefer replacing the industry (DANE, Convergence, TACK) over building a non-profit CA in the existing model. Of course, replacement comes with its own huge set of obstacles.

All that said, if you're a company with a bunch of money you want to spend on this problem, let me know. I am willing to lend a hand.

I disagree with this completely. The CA Model is absolutely flawed, and this is just patching a flawed model. I'd love to see a push for [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Na...) - where you publish your public key in DNS. When doubled with DNSSEC, this means your IP address is irrefutably tied to your domain and so is your TLS public key.

A lot of folks don't realize this but it's not just web browsers that you need to worry about. When your app connects over SSL to any service that it's consuming you need to be properly authenticating the remote server. For external HTTP requests (ex: to an external REST services) many programming languages/environments piggy back on the host machine's list of trusted roots (ie. the same ones that your browser uses) but a lot do not. They may just skip over the authentication piece of the SSL handshake.

This is especially true for database drivers. If your database driver includes a "use SSL" flag but you're not actually specifying a pre-shared certificate to authenticate the remote server then it's probably not authenticating the remote server[1]. Think about that for a second ... How would it?

I wrote about this a little while back[2] and gave a talk that went into this in a bit more detail this week (slides should be up next week). The gist of it is that if you don't authenticate the remote server (by authenticating its SSL cert) you're vulnerable to a MITM attack every time you connect. Not just the first time, every time. With SSH we're used to pinning remote host keys the first time you connect but with SSL there's no such thing[3] and you have to be careful to handle it properly.

[1]: I say "probably" here because it's technically possible that your remote server has an SSL certificate that is signed by the same set of trusted CAs that you use for HTTP requests and your DB driver actually validates it but it's not likely. Most database SSL certificates are either self-signed or self-signed via a CA signing cert controlled by a DBaaS. For example for RDS, Amazon signs the SSL certificates for all MySQL databases with a single CA signing cert: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_M...

[2]: http://blog.jackdb.com/post/55178133114/using-self-signed-ss...

[3]: No reason there couldn't be SSL cert pinning and it's something we've considered for our product. However you can't really automate it (you need a user to say "this is okay...") so we decided to have it be a manual step that you can just click to fetch/import: http://blog.jackdb.com/post/55349902000/auto-importing-ssl-c...

Doesn't this already exist in the form of CAcert?

How does this proposal compare to TACK: http://tack.io ?