Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[jamesd]

--
On 6 Jul 2002 at 9:33, R. A. Hettinga wrote:
> Thawte has now announced a round of major price increases.  New
> cert prices appear to have almost doubled, and renewals have
> increased more than 50%. While Thawte proclaims this is their
> first price increase in five years, this comes at a time when we
> should be seeing *increased* competition and *lower* prices for
> such virtual products, not such price increases.  But of course,
> in an effective monopoly environment, it's your way or the
> highway, so this should have been entirely expected.

IE comes preloaded with about 34 root certificate authorities, and
it is easy for the end user to add more, to add more in batches.
Anyone can coerce open SSL to generate any certificates he
pleases, with some work.

Why is not someone else issuing certificates?

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 FgD9xqiaNt/GIr99+cDvezUuY9K7pVf/sr8sYLtx
 2U+1rnhprPRzvE4aLRCq4ADtyF4DDrnAKjbwHgbFn

Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[Greg Broiles]

At 03:48 PM 7/10/2002 -0700, [EMAIL PROTECTED] wrote:
> --
>On 6 Jul 2002 at 9:33, R. A. Hettinga wrote:
> > Thawte has now announced a round of major price increases.  New
> > cert prices appear to have almost doubled, and renewals have
> > increased more than 50%.
>[...]
>Why is not someone else issuing certificates?

See  for 
recent data re SSL certificate market share; Geotrust, at 
, has 11% of the market, and appears (from their 
web pages; I haven't bought one) to be ready to issue SSL server certs 
without the torturous document review process which Verisign invented but 
Thawte managed to make simultaneously more intrusive and less relevant.


--
Greg Broiles -- [EMAIL PROTECTED] -- PGP 0x26E4488c or 0x94245961

Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[David Howe]

[EMAIL PROTECTED] <[EMAIL PROTECTED]> was seen to declaim:
> IE comes preloaded with about 34 root certificate authorities, and
> it is easy for the end user to add more, to add more in batches.
> Anyone can coerce open SSL to generate any certificates he
> pleases, with some work.
> Why is not someone else issuing certificates?
Mostly because of the alarming things IE/NS/Whatever says if you haven't
already got the root cert in your browser when you visit a site relying
on a "homebrewed" cert. Certainly some time ago, the OpenCA project were
giving away ssl certs for free to all comers; the software they produced
is open source (and at sourceforge) so anyone could open their own CA
with whatever authentication criteria they wish (and indeed, the owner
of news.securecomp.org (nntp) is in the early stages of a X509-based CA
on a hierachical but distributed model (ie, regional CAs you can apply
personally to with proof of ID)
Doesn't help much when the sheeple won't trust anything that doesn't
come pre-installed by microsoft though.

Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[Jay Sulzberger]

On Wed, 10 Jul 2002 [EMAIL PROTECTED] wrote:

> --
> On 6 Jul 2002 at 9:33, R. A. Hettinga wrote:
> > Thawte has now announced a round of major price increases.  New
> > cert prices appear to have almost doubled, and renewals have
> > increased more than 50%. While Thawte proclaims this is their
> > first price increase in five years, this comes at a time when we
> > should be seeing *increased* competition and *lower* prices for
> > such virtual products, not such price increases.  But of course,
> > in an effective monopoly environment, it's your way or the
> > highway, so this should have been entirely expected.
>
> IE comes preloaded with about 34 root certificate authorities, and
> it is easy for the end user to add more, to add more in batches.
> Anyone can coerce open SSL to generate any certificates he
> pleases, with some work.
>
> Why is not someone else issuing certificates?
>
> --digsig
>  James A. Donald

Because the buyers of certificates have a different model of what they are
buying.  They neither know, nor can they care, because they do not know,
about the subtle "protocols" published over the last twenty-five years that
supposedly, if executed carefully, provide certain "guarantees".  No.  The
customers know that to get stuff they want, such as permission to put the
label "Your credit card information is secure.  We use Thawte Certificates,
Thawte, the Guarantor, your Rock of Assurance." on their PAY HERE NOW web
page, they must buy a certificate from Thawte, and not from Captain Gull
Enterprises, Division of Certificates.  The customer knows that crypto is
subtle, and only a well known large corporation can be trusted.  After all,
they have the resources, and the name, and if you do not use them, and
something goes wrong, well perhaps a canny lawyer might be able to show
that you were not using the industry standard, which might lose you the
case.

oo--JS.

RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[Peter Gutmann]

"Lucky Green" <[EMAIL PROTECTED]> writes:

>"Trusted roots" have long been bought and sold on the secondary market as any
>other commodity. For surprisingly low amounts, you too can own a trusted root
>that comes pre-installed in >95% of all web browsers deployed.

I'd heard stories of collapsed dot-coms' keys being auctioned off, that being
the only thing of value the company had left.  It makes the title of Matthias'
paper even more appropriate.

(However, I do think that anyone wanting to compromise your security will use
 this morning's MSIE hole to do it rather than buying a CA key.  OTOH it'd be a
 great universal skeleton key for government agencies charged with protecting
 the world from equestrians).

Peter.

Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[Sean Smith]

>IE comes preloaded with about 34 root certificate authorities, and
>it is easy for the end user to add more, to add more in batches.

A colleague of mine just loaded a new root into IE, and pointed
out that when one does this, the new root is apparently BY DEFAULT
enabled for all purposes, including some interesting ones
like "Digital Rights" and "Windows System Component Verification."

I just tried this, and it appears to be the case.  (But I haven't 
yet tried to see whether Windows will happily use my root for these 
OS-specific purposes)

--Sean











-- 
Sean W. Smith, Ph.D. [EMAIL PROTECTED]   
http://www.cs.dartmouth.edu/~sws/   (has ssl link to pgp key)
Department of Computer Science, Dartmouth College, Hanover NH USA

RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[anonimo arancio]

On 12 July 2002, Peter Gutmann <[EMAIL PROTECTED]> wrote:
> (However, I do think that anyone wanting to compromise your security will use
>  this morning's MSIE hole to do it rather than buying a CA key.  OTOH it'd be a
>  great universal skeleton key for government agencies charged with protecting
>  the world from equestrians).



Damn those equestrians and their great horse sense!

RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[jamesd]

--
On 11 Jul 2002 at 1:22, Lucky Green wrote:
> "Trusted roots" have long been bought and sold on the secondary
> market as any other commodity. For surprisingly low amounts, you
> too can own a trusted root that comes pre-installed in >95% of
> all web browsers deployed.

 How much, typically?

And who actually owns these numerous trusted roots? 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 y1gI63PXnGNK7Iznu3+gY+/0JLBPRaEEV/OWwPub
 20YHSnGmtg7lQW0NdXU4WMeKWfIQmlq3u3F/wjkOo

Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[RJ Harvey]

Thanks for the tip!  I just got a new cert from Geotrust,
and it was such an amazing contrast to those I've gotten
from Verisign and Thawte!  They apparently take the verification
info from the whois data on the site, and you really can do
the process from start to finish in 10 minutes or so.

The cert shows that it's issued by Equifax, however.

rj

At 04:31 PM 7/10/2002 -0700, Greg Broiles wrote:
>At 03:48 PM 7/10/2002 -0700, [EMAIL PROTECTED] wrote:
>> --
>>On 6 Jul 2002 at 9:33, R. A. Hettinga wrote:
>> > Thawte has now announced a round of major price increases.  New
>> > cert prices appear to have almost doubled, and renewals have
>> > increased more than 50%.
>>[...]
>>Why is not someone else issuing certificates?
>
>See  for 
>recent data re SSL certificate market share; Geotrust, at 
>, has 11% of the market, and appears (from their 
>web pages; I haven't bought one) to be ready to issue SSL server certs 
>without the torturous document review process which Verisign invented but 
>Thawte managed to make simultaneously more intrusive and less relevant.
>
>
>--
>Greg Broiles -- [EMAIL PROTECTED] -- PGP 0x26E4488c or 0x94245961
>
>
>
>-
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to 
>[EMAIL PROTECTED]

Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[lynn . wheeler]

and just to make sure there is a common understanding regarding SSL cert
operation ... the browser code

1) checks that the SSL server cert can be validated by ANY public key that
is in the browser preloaded list (I haven't verified whether they totally
ignore all of the "cert" part of these preloaded public keys ... things
like expiration date ... that these preloaded public keys are in the
preloaded list appears to be sufficient ... details like the preloaded
public keys happened to be wrappered in these certificate containers is
almost extraneous).

2) validates the signature on the SSL server cert with the corresponding
public key

3) checks if the website domain/host name is the same (or in some cases
similar) to the domain/host name specificed in the SSL server cert. I have
noticed that browsers tend to pretty much ignore the contents of these SSL
server certificates ... things like expiration date ... except the public
key, the domain/host name, and the signature (and the signature only has
real meaning within the context of
the infrastructure associated with the public key in the preloaded list
with the lowest trust/integrity level;
this is analogous to security weakest link ... a bank vault with a 4ft
think vault door doesn't do much good
if the vault has no walls).

4) uses the public key in the SSL server cert to validate communication
with the server.

all of this happens automagically from most users' standpoint (probably
less than one percent of the population even knows that there is such a
thing as a preload list).



[EMAIL PROTECTED] on 7/10/2002 at 9:12 pm wrote:

Both Netscape 6 and MSIE 5 contain ~100 built-in, automatically-trusted CA
certs.

 * Certs with 512-bit keys.

 * Certs with 40-year lifetimes.

 * Certs from organisations you've never heard of before ("Honest Joe's
Used
   Cars and Certificates").

 * Certs from CAs with unmaintained/moribund websites ("404.notfound.com").

These certs are what controls access to your machine (ActiveX, Java,
install-
on-demand, etc etc).

  * It takes 600-700 mouse clicks to disable these certs to leave only CAs
you
really trust.

(The above information was taken from "A rant about SSL, oder: die grosse
 Sicherheitsillusion" by Matthias Bruestle, presented at the KNF-Kongress
 2002).

>Why is not someone else issuing certificates?

How many more do you need?

Peter.

RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[Trei, Peter]

> Lucky Green[SMTP:[EMAIL PROTECTED]]
> 
> 
> James wrote:
> > On 11 Jul 2002 at 1:22, Lucky Green wrote:
> > > "Trusted roots" have long been bought and sold on the 
> > secondary market 
> > > as any other commodity. For surprisingly low amounts, you 
> > too can own 
> > > a trusted root that comes pre-installed in >95% of all web browsers 
> > > deployed.
> > 
> >  How much, typically?
> 
> I'd rather not state the exact figures. A search of SEC filings may or
> may not turn up further details.
> 
> > And who actually owns these numerous trusted roots? 
> 
> I am not sure I understand the question.
> 
> --Lucky
> 
I think I do. A 'second hand' root key seems to have some
trust issues - the thing you are buying is the private half
of a public key pair  but that's just a piece of information.
How can you be sure that, as purchaser, you are the *only*
possessor of the key, and no one else has another copy (the
seller, for example)?

Peter Trei

Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[Adam Shostack]

On Fri, Jul 12, 2002 at 11:18:12AM -0400, Trei, Peter wrote:
| > I'd rather not state the exact figures. A search of SEC filings may or
| > may not turn up further details.
| > 
| > > And who actually owns these numerous trusted roots? 
| > 
| > I am not sure I understand the question.
| > 
| > --Lucky
| > 
| I think I do. A 'second hand' root key seems to have some
| trust issues - the thing you are buying is the private half
| of a public key pair  but that's just a piece of information.
| How can you be sure that, as purchaser, you are the *only*
| possessor of the key, and no one else has another copy (the
| seller, for example)?

Who cares?  If I can get a key thats in the main browsers for 90% off,
who cares if other people have it?

I understand that getting the public half of the 2 main browsers will
run you about $250k in fees, plus all the setup work.  If I can buy a
slightly used Ncipher box whose public key bits are in the browsers
for a 10th to a 5th of that, the extra copies of the bits aren't all
that worrisome to me.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit

[Lucky Green]

Adam wrote:
> On Fri, Jul 12, 2002 at 11:18:12AM -0400, Trei, Peter wrote:
> A 'second hand' root key seems to have some 
> trust issues 
> | - the thing you are buying is the private half of a public key pair 
> |  but that's just a piece of information. How can you be 
> sure that, 
> | as purchaser, you are the *only* possessor of the key, and 
> no one else 
> | has another copy (the seller, for example)?
> 
> Who cares?  If I can get a key thats in the main browsers for 
> 90% off, who cares if other people have it?
> 
> I understand that getting the public half of the 2 main 
> browsers will run you about $250k in fees, plus all the setup 
> work.  If I can buy a slightly used Ncipher box whose public 
> key bits are in the browsers for a 10th to a 5th of that, the 
> extra copies of the bits aren't all that worrisome to me.

Precisely. Nor would worrying make any difference, since all CAs
preinstalled into the browser are equal from a user perspective. The
security  your CA, or VeriSign's CA, or anybody's CA can afford their
customer is subject to an upper bound set by the preinstalled CA with
the laxest certificate issuance standards in existence.

In other words, anybody who selects a public CA on a factor other than
price likely fails to understand the trust models that underlie today's
use of Certificate Authorities.

However, $250k will not nearly get you into the major browsers. Getting
into Netscape is easy. You just hand them the cash and the floppy with
your public key. Getting into MSIE is a lot harder. MSFT has never
charged to include a CA's key in MSIE and MSFT does not intend on
charging in the future. But after the root CA bonanza for MSIE 5, MSFT
instituted policy changes.

To get your CA's key included in MSIE, the CA must have passed an SAS 70
audit. (The CA also must offer its certificates to the public).

The infrastructure, policy, staff, and auditing costs of passing such an
audit will run you upwards of $500k.

By the end of the day, getting a new root into the browsers will cost
you about, give or take a few hundred k, $1M.

Which makes the slightly used nCipher box an even better value. :-)

--Lucky Green