In April 2003 I became aware of the CAcert.org project and contacted their support for some questions I had about this program. I exchanged several emails with one of their founding Members, Duane Groth and summarized this exchange in the form of an Interview.
Christian: Your authentication scheme reminds me of the Thawte Web of Trust, but you extended their idea beyond email certificates to web server certificates. Are you a member of the Web of Trust? If so, could you send me a signed email in order for me to verify who you are? After all your web site is about security and trust and you ask for confidential information like national ID, but the ownership of your site appears a bit obscure (c.f. www.gkg.net/whois).
Duane: We're in the middle of forming a non-profit body to run the service, at which point the domains will become the property of the operating body along with the source, as will any decisions on open sourcing it.
Yes I am a notary under the WOT system Thawte has, and yes I did base the entire system on their concept, and extended it to web certificates as well. They themselves based the system on the earlier web of trust PGP have going.
Also any board members of the non-profit body will need to go and have statutory declarations signed off by police, which to get your ID checked this way is fairly strict (one step lower then getting a security clearance), so we don't expect anyone to do anything we ourselves aren't willing to do.
Then, the president of the non-profit board will have to go to the US and UK consulates to then be verified by them, so that we have are recognised as a legal entity beyond Australia.
So yes these things have been taken into account, and we will be doing everything possible to gain credibility and legal standing. If it means going round 20 or 30 consulates, so be it.
Christian: How do you intend to make the result of this identification process available to your users? Is there right now a way of identifying the members of the project? The fact that I have your Thawte signature is already a good start.
Duane: This hasn't been brought up previously, my guess is we'll publish the stat dec's on the website, along with any meeting minutes. I've added this to the ever growing list of agenda items for discussion, you've thought of some things I haven't and others I had and we're getting to.
Christian: Makes sense. In case I consider it necessary, I can contact the authorities to verify that the documents on the web site. Which makes me reason, why I didn't ask such questions to Thawte.
Duane: Stat dec's are, in this case, ID checks by the state police force, which they go through their database and verify you are who you say you are.
Most people accept most CAs as perfect, and don't question things as much as we should.
Christian: Only after some time of playing around with certificates people start to understand what the whole trust thing is about and why there is such a "bureaucratic" registration process with other CAs.
Duane: I'm still trying to explain to people what a CA is, why it exists and what benefits can be gained from it. Most people don't seem to care about privacy or don't have a clue about how easy it is to intercept email etc.
Christian: Is your software based on other projects like e.g. OpenCA?
Duane: The software is custom written PHP scripts to integrate with OpenSSL binaries, however we're in the process of implementing security measures that we don't exactly want to become common knowledge not only to protect the private root key, but to prevent fraudulently signed certificates as well, if and when the web server is breached.
Christian: Isn't this "Security by Obscurity"?
Duane: Yes, but the idea is by the time they work out how to beat the system they will have triggered many fail safes and the system will shut itself down. We also plan to use normal security methods as well, firewalling, tripwire, snort, etc.
We are in the progress of implementing ways of having it online and secured. As far as I can tell there is no benefit in a RA/CA system except to introduce an added level of complication and weakness into the system.
There are way to do this so that the likelihood of the key being compromised is so improbable even without it being offline. However there's no point making it common knowledge how to do so, that just makes it easier for someone that does compromise the system, even then it's still statistically unlikely that they could even forge a certificate, little own them getting the private key.
As I said in my first email to you, our security measures are well beyond what most commercial CAs go to, to protect their private keys.
Christian: I see your point, however this obscurity is somehow against the principles that cryptography stands for.
Duane: This isn't part of the crypto system, technically it's being used to protect the private key. Anyone in the system doing something out of the usual will be noticed and the system triggers alarms.
Imagine it as someone that knows how to break into a house, but then they fumble around in the dark trying to work out where the safe is.
The method is sound, but for the trips to be hit (so we know someone is in the system) they can't know what the triggers are. Otherwise we loose our advantage in intrusion detection, that is if they are clever enough to get into the system in the first place.
We are looking at this very seriously and taking any/all concepts on board to help secure things as much as possible. At this stage we have measures in the planning that go well beyond what most CAs are currently using.
Also hoping to introduce some improvements for people using these certificates for internal use in companies, or planning to, by being able to have issued a group ID, that will be attached to client certificates that can be authenticated against. This will be a type of subscription service when the person that asked for the ID to be issued will then pass that on to others that can then request to be admitted to that group, the group owner will then approve or deny the application to join (and can remove them from the group at any stage) and when the person goes to issue a client certificate will have the option to include the a group ID on it.
Idea behind this is to have group authentication, doesn't just have to be internal LAN, you could for example have a website where you only want to make sure only members of the group can see the pages, using this method instead of a shared password via htaccess etc.
Another nice feature we recently implemented: Well I've started to work on a logo/site seal thing similar to what other CAs have implemented, so far so good. Basically stick the following line
<script src="https://www.cacert.org/cgi-bin/siteseal.cgi" type="text/javascript"></script>
on any page you want the seal to appear, and it will only appear if you
currently have a valid certificate for the hostname that it appears, otherwise
you end up with a big red cross through it. E.g. http://www.cacert.org/
= valid http://www.cacert.com/ = invalid
Christian: As for "going beyond", you support client authentication, i.e. log in to your site with the certificate issued by your site. Do you also intend to run a timestamp server and issue "developer certificates" for code signing (c.f. MS Authenticode).
Duane: Yes but we haven't worked out a way of doing it securely, because if we issue trust for a certificate and someone does nasty things with it because we okay'd it, we could be in serious trouble.
Christian: Developer certificates require in fact an advanced level of assurence, because someone could for instance create a malicious ActiveX and sign it.
Duane: Timestamping isn't really an issue as such. As all it's used for is proving you signed a file at xyz time.
Christian: The idea is: If you sign code today and your developer certificate expires tomorrow, someone will still trust this code after tomorrow, because it was signed while the certificate was valid.
But let's spend some more words on security, which rises yet more questions. When I started my Free CA project, I soon came up with these:
It was obvious to me, that it was almost impossible for me to meet all these requirements, and what if some of them may go wrong? Will the legal consequences ruin me? How did you approach these issues?
Duane: This is yet another reason that we are going with the non-profit body, while we will try and write ourselves as a best effort situation, and legally not be responsible, we will be more then likely getting insurance for the board members so we're not personally liable.
Christian: This makes a lot of sense. At this time, your project is still in an early stage, where things can change frequently.
Duane: Very little has been formally passed, we only formed a board to look after things the other day.
This program is started in the hope that it will be useful, but WITHOUT ANY WARRANTY ...
Christian: GPL states something similar for free software and it makes sense to transfer this concept to free services.
Duane: I agree, while we try our best to provide such services for free, there is the possibility something bad could go wrong, also the possibility that what we're doing is a lot better then commercial alternatives.
Christian: Many people consider it necessary to have the CAs certificates imported into their browser by default. Since Mozilla is a free project, where everyone can contribute, your contribution could be your root certificate.
Duane: We're already in the process of doing so, this was done in part to gain us credibility for things like being in the certificate stores of Mozilla, and the derivatives.
Christian: Do you also issue "free certificates" as an "appetizer" until people realize the necessity for the extra effort to get certified? At least, this way, many people, even those, who don't take the effort, would import your root certificate.
Duane: CAcert still does the unverified certificate thing, but limits the length of certificate and won't allow names on client certificates, it verifies based on whois information, or just the email address and verifies this by way of email. Doubt there is another way of doing such an automated service.
Christian: I'm willing to join your program and help you to establish a community in Germany.
Duane: Yes that would indeed be a good thing for the project, as we currently have limited world wide penetration.
Christian: That's the "hen and egg"-problem: How to I become an assurer, if there aren't any assurers to certifiy me.
Duane: Get your identity assured by a TTP (Trusted Third Party), e.g. a Bank or a public authority. Have them fill in our TTP form.
Christian: Hmmm, I doubt, that the bank where I run my savings account will understand what this form is about, but at CeBIT. I got certified by S-Trust. With a form quite similar to yours. Will this satisfy your requirements? In addition to this, I sent your already emails signed with my Thawte certificate and you can look at their web site to verify that I am a Web of Trust notary.
Duane: We didn't yet decide how to treat certificates from other CAs in general, but in this specific case, please send us the S-Trust form.
On Friday, July 04, 2003 11:11 PM Duane Groth wrote:
We already accept foreign certificates to a point, i.e. if you have a cert with your name on it we will issue you 50 points, ... with a little govt. issued photo ID it goes up to more points...
Register at CAcert and send a signed email to support@cacert.org
Christian: Thank you, Duane for your patience to go through all these questions with me. I'll publish them on my Web site to save you from the effort to go through all this over and over again with every novice.
Duane: You are welcome to do so, but please be aware, that these are my own opinions, not official CAcert.org statements.
Here are statements from some members of the Thawte Web of Trust about CAcert.org:
On Friday, April 04, 2003 11:58 AM Christian Barmala wrote:
I was informed about a new CA, www.cacert.org that issues Email and Web Server certificates for free. It reminded me of the Thawte Web of Trust. However in contrast to Thawte, you have to import their Root. Did you know about this program? What do you think about it?
On Saturday, April 05, 2003 12:23 AM Ian Bruseker wrote:
Interesting. You're right, it's very similar to Thawte, only on a much smaller budget. ;-) I like the idea of free server certificates. Thawte had the right idea with free email certs, but now many more individuals have their own web servers (for blogs and other personal items), so I think it is time to extend the concept of free certs to servers too.
That I have to import their root cert into my browser isn't necessarily a knock against them. They've only been around 6 months. These things take time. Then again, I'm not sure what the requirements are for getting your root ca included with a browser (and it most likely varies based on the browser), so they may never get anywhere with Microsoft even if they try. It might stand a chance with the open source community though, to get included with Mozilla and Konqueror, for example.
The one real problem I see with them is a chicken-and-egg issue of credibility. They won't reach a critical mass of people to get anything like Thawte's WoT until people start signing up, but people aren't going to sign up until there is a perceived credibility to the system, which a large base would give. Right now it only seems to have a few people (possibly a few hundred) using the system. They have a system like Thawte's TTP (well, exactly like it from what I can tell), but why should I trust them enough to mail my personal details to a stranger in Australia? On the surface it doesn't sound any more absurd than sending my personal info to a stranger in South Africa as Thawte requires, but at the same time the one thing they are rebelling against in doing a free cert program is the thing that gives Thawte their credibility - Thawte is a big company with lots of money behind them. cacert.org seems to be asking people to mail info to an individual person. Why should I trust that person? I don't know. (The North American "who can I sue" mentality, I guess)
They'd probably have a better chance of ramping up if they were able to align themselves with a person or group who is already notable, to give themselves the required credibility by association. It seems like their goals might align well with the open source community (though not entirely I see, in reading the "Is the source code available?" section of http://www.nodedb.com/help.php, a related project), so they could try to align themselves with a well-known open source group like KDE or GNOME, or a person like Andrew Tridgell (I just chose his name since he's Australian). I think it's very wishful thinking to just hope people will trust you with info like their passport number and social insurance number just because you claim to be trustworthy. Personally, I'm not sufficiently convinced to trust them based on what I see on their site.
My thoughts.
Ian
On Saturday, April 05, 2003 12:23 AM Michael Daigle wrote:
I experienced deja-vu here, too, Christian :-)
I didn't know what to think, so I began the enrollment process. I couldn't take myself past the second page. I wasn't prepared to share a national id number with them. Thawte's policies were quite explicit and I was easily moved to trust them (okay, it took a few visits). I just couldn't find the comfort to give this information to CAcert.
Obviously, I like the idea behind their design - they "borrowed" Thawte's Web of Trust and Freemail programme.
Many people are lucky enough to understand how to use their certificate for email encryption. Trust issues and key management are not exactly friendly subjects to the uninitiated. I suspect some people will have problems or other issues surrounding the need to import a root certificate. Most are not likely to understand the significance. I'm comfortable with that sort of thing. I'm not involved in e-commerce, so I tend to use self-signed certificates with close contacts (greater key size than my Thawte Freemail). Of all the X.509 using people I know, few of them understand anything except how to press the button to sign or encrypt in their email application. They also don't want to know any more. They chose X.509 because all the other stuff is taken care of for them. People want out-of-the-box functionality. With Thawte, people get a product that works right away from someone they can trust. Oh boy...that sounded like a commercial.
On Saturday, April 05, 2003 2:44 AM <anonymous> wrote:
Thawte has gained additional credibility since they were bought by Network Solutions/RSA, both in terms of technical oversight and in terms of what they have to lose if they mess up. Theyr'e no longer just "some guys in South Africa", even though they're still some guys in South Africa. ;-)
On Monday, April 07, 2003 12:27 AM Lionel Elie Mamane wrote:
Note: As I remember things, they were bought by Verisign, which later got bought by Network Solutions. But I'm not 100% sure the things didn't happen in the other chronological order.
You kidding? Gaining additional credibility by being bought by the company that delivered certificates to the name of Microsoft Corp. to individuals not linked in any way with Microsoft? C.f.: http://www.counterpane.com/crypto-gram-0104.html#7
I certainly don't think they won any credibility in this transaction. Quite the contrary.
Lionel
https://www.cacert.org/usercert.php?email=support@cacert.org