Rarely do we get to see the internal workings of an Internet company, especially when it comes to security issue. But with open source software, everything is in the open, and we can read about upcoming features and changes in a product at the same time as developers discuss these changes. Chrome itself is a Google product and isn’t open source, but it’s heavily based on Chromium, its open source cousin, hosted by Google and worked on by hundreds of people from all around the world. This past month we’ve seen one such discussion thread happening on the mailing list of Chromium, which hints at some certificate handling changes that Chrome and Chrome OS users may expect in the coming year.
Key length requirements
The first change has to do with key lengths. For a long time now, SSL certificates could be of any key length between 1024 and 4096 bits. Any modern website should use at least a 2048 key length, because 1024 is considered too weak. This isn’t so much about brute force attacks, but the way RSA keys are implemented. Security experts all over the web have been trying to get people to use higher bit keys such as 2048 or 4096. Now, Chrome is going to go a step further, and will warn users when RSA keys are too weak. Starting in Spring 2014, a warning will appear for sites and Certificate Authorities that no longer meet the baseline requirements that Google set out to be supported by Chrome. Right now these warnings will only appear on newly issued certificates. There are some root CAs which still support 1024 RSA keys, and this will be a temporary exception.
The benefit to users is clear. If you see a padlock in your browser, you assume that your connection is encrypted and secure. Low key certificates simply can’t match those requirements anymore. Whether it be the massive NSA data centers, or organized crime, there are computer systems now able to crack 1024-bit RSA keys. The researchers who originally found the weakness said it could be done in around 100 hours, which is far from the “decades” we typically think of when talking about encryption. Google estimates that less than 1% of sites still use these keys, so the warning should be quite rare.
The second change to Chrome will be to improve the safety of Extended Validation (EV) certificates. These are SSL certificates where the issuer affirms that they did extended background checks before issuing the certificate. As a result, when a user goes to the website, the address bar turns green to indicate the use of an EV certificate. However, the whole certificate chain that the web depends on suffers from various problems, which Google is trying to solve by launching the Certificate Transparency project. Soon, Chrome will start requiring sites to have certificates that comply with this project if they want to appear as an EV certificate.
A browser is easily able to find out if an encryption certificate is fraudulent. But it’s much harder to find out if it was created by a valid CA, but in an unauthorized way. For example, not that long ago a Dutch CA was hacked and several certificates were created for Microsoft, Apple and other large Internet companies in order to dupe Iranian users. These are valid in every way, and would fool any browser, even though they were created fraudulently.
The Certificate Transparency project aims at making it impossible for a CA to issue an SSL certificate for a domain without that domain owner being notified. It also provides a public log providing cryptographic proof that a certain certificate has been used, so it’s easy to see if something malicious is going on. Finally, the project provides the ability for monitors to connect to those logs and find out any suspicious activities, such as a new certificate being issued for a large domain from an unknown source.
There is no time frame yet as to this particular change to Chrome and Chrome OS, but it seems certain that if companies want to keep their green name in Chrome, their CA will need to play nice with this project. The benefit to users is also fairly evident. By providing those extra security measures, it ensures that the likelihood of a fraudulent certificate getting through will be much reduced.
These changes don’t fix everything that’s wrong with the current web security model, but once again, it’s interesting to see Google take the first steps in trying to improve the current model. Just like when the company tried to bootstrap their SPDY project to speed up the web, now by leveraging the popularity of Chrome, they are doing the same with security.