New PKI problem: Resolved

By John Viega
January 1, 2009

Every CA that was potentially vulnerable to this week's problem with public key infrastructure has phased out MD5-based signatures, meaning it is now impossible to launch the attack that the researchers described.


But, despite plenty of experts assuring people there's nothing to worry about (including Bruce Schneier), plenty of people continue to overreact. For instance, I've seen plenty of people that still believe that all existing MD5 certificates are vulnerable, though they are not.


People who do seem to grasp the attack still seem worried that bad guys have already done this, even though it is unlikely, because of the R+D expense a bad guy would have needed to invest, and the large risk of failure associated with that work. No, there are plenty of more cost effective things bad guys were probably doing with their money. But, even if one or two bad guys did manage the attack, I expect the CAs (most of them were managed or owned by Verisign) to mine their logs and manually validate and possibly revoke anything that looks suspicious.


Lots of geeks have said they're going to remove the CA credentials for those CAs that were potentially vulnerable from their browser/operating system, so they'd never risk being hit by a rogue CA that used this attack. They can do that if they want, but it is bad advice for the general public. Since many legitimate sites use these CAs, the average user will get more of those annoying dialog boxes when there isn't an attack, desensitizing the user even further, making them even more likely to click "okay" when a bad guy's certificate pops up one of those warnings.


That's the thing a lot of people seem to be forgetting. Almost anyone in the world will click through those dialog boxes and put themselves in jeopardy. That's what the bad guy is doing today. Even though it's still possible to create a rogue CA (with more money and less technical skill than the attack in question), it doesn't matter much to the bad guys, as they can get really far in intercepting SSL/TLS connections without it. All because most people do click through.


So, the Internet is still broken, but no more broken than normal. The risk level is acceptable for the average user, even though if a single user were being targeted, there's a good chance an attack would be successful. This is how it's always been. Let's go back to our lives.


----
If you want to complain or discuss, feel free to message me on twitter, @viega.


You might also be interested in:

News Topics

Recommended for You

Got a Question?