Via Ed Felton, news of a medium-sized bombshell in Researchers Show How to Forge Site Certificates:
Today at the Chaos Computing Congress, a group of researchers (Alex Sotirov, Marc Stevens, Jake Appelbaum, Arjen Lenstra, Benne de Weger, and David Molnar) announced that they have found a way to forge website certificates that will be accepted as valid by most browsers. This means that they can successfully impersonate any website, even for secure connections.
This is a big deal. But as Ed explains, it is based on an making worse a known weakness in the “MD5 with RSA” hashing algorithm. It can be fixed by having Equifax, which uses this now shown-to-be-insecure hast, replace the hash with something better. And having Equifax (and anyone else using it) revoking all existing certs based on this now vulnerable hash. (Which will cause a new wave of people ignoring security warnings…)
And, as Ed wisely notes,
… this is a sobering reminder that the certification process that underlies web site authentication —- a mechanism we all rely upon daily —- is far from bulletproof.
The way certificates are used is generally a problem, since you don’t actually have to forge a certificate to get a naive user to accept it. (The browser reports a problem with the certificate and asks if it should be accepted anyway; the user typically hits the “You betcha” button). There have been some moderately interesting discussions in the IETF about how to deal with deprecating a widely-deployed hash – you may or may not be interested in http://www.ietf.org/internet-drafts/draft-ietf-opsec-routing-protocols-crypto-issues-00.txt
That’s true, because frankly the common user has no idea what option they have. Well, I want to read the page, ergo…
And I do like your ‘You betcha’ button.