SSL certificates underpin online security and privacy. Using an up-to-date version of SSL / TLS, they are a practically undefeatable mechanism for ensuring the privacy of data transferred between servers and web browsers. But SSL certificates have another job to do: they are used to verify the identity of domain owners, which needs more than math. It needs, among other components, a group of organizations to validate the identity of domain owners and create certificates — the Certificate Authorities.
Certificate Authorities (CAs) have a lot of power on the web. When a domain owner wants an SSL certificate, they must pay a CA or its agents to go through a process of identity validation. There are various levels of identity validation, with Extended Validation being the most thorough. When the applicant’s identity is verified, the Authority issues an SSL certificate signed by its root certificate (or an intermediate).
Certificates signed by Certificate Authorities are implicitly trusted by browsers. When a browser loads a site with a certificate, it will verify that it has been digitally signed by a Certificate Authority. If it has, the browser will assume the site is “who” it represents itself as. It’s important to note that — for the most part — browsers will trust any certificate signed by any Certificate Authority for any domain.
CAs exist because it’s impossible for browsers to know whether every SSL certificate in the world is valid — there are hundreds of millions and they change all the time. The browser just has to know that, if a certificate is signed by one of a few dozen certificate authorities, it should be trusted.
The CA system has an obvious flaw. It assumes that Certificate Authorities are always trustworthy. If a business owns the domain “example.com” and has a signed and validated SSL certificate for that domain, the business’ owners and customers should be able to have confidence that no one else has an SSL certificate signed by a Certificate Authority for that domain.
However, if a CA goes “rogue” or is hacked it may issue certificates for any domain it chooses, allowing the holder of the other certificate to pretend to be that business. Browsers have no way of knowing otherwise!
Google recently discovered that a Certificate Authority has issued over a hundred certificates for its domains without permission. It doesn’t appear that these certificates were used to dupe Google’s users, but they could have been. At the very least it shows lax controls at the CA, which had no idea about the scale of the problem or that its employees were creating hugely valuable SSL certificates without the permission of the domain owner.
Google and many others think that it is time we stop implicitly trusting Certificate Authorities and implement mechanisms to check whether they are behaving as they are supposed to. The company’s Certificate Transparency scheme is intended to reduce the opportunity for malicious or mistaken actions within CAs to put web users at risk. Until we have a system like Certificate Transparency in place, web users have to rely on browser manufacturers to police Certificate Authorities, which is far from ideal.