Are self-signed certificates safer?

The conventional wisdom is that a Certifying Authority is necessary for a safe, encrypted connection to a Web site. The conventional wisdom might be wrong.

The conventional wisdom is that a Certifying Authority is necessary for a safe, encrypted connection to a Web site. The conventional wisdom might be wrong.

IT Security readers have already confronted the issue of whether the TLS/SSL Certifying Authority system is a scam. In theory, there is nothing to say that a CA, or Certifying Authority (or Certificate Authority, depending on who you ask) signing a given certificate really proves anything about the security of the connection. While certain types of phishing sites may be very unlikely to buy signed certificates, in the vast majority of cases a CA provides no practical guarantees of safety.

With the advent of the Perspectives approach to certificate authentication, even the "protection" CAs supposedly provide against phishing sites is, in principle, obsolete. Thanks to broadly cross-platform compatibility, the Perspectives extension provides a strong argument that Firefox is the most secure browser for TLS/SSL encryption.

The fact of the matter is that relying on a Certifying Authority to tell you when a PKI certificate is "legitimate" just adds an additional entity to the chain of entities you must trust when establishing a secure connection to a Website. With a system such as OpenPGP's public key cryptography protocol, the only entity you really have to trust is the entity with whom you are trying to communicate. Using traditional PKI, as in the case of SSL/TLS, a third entity in the form of the CA is added to the mix.

Things only get worse for the picture of the CA system from there. Wired reports that security researcher Chris Soghoian discovered an "Internet spying box" being sold to federal agencies by Packet Forensics. This device provides a "drop-in solution" for MITM attacks on TLS/SSL encrypted communications, allowing the feds to (for instance) eavesdrop on your communications with your bank on a supposedly secure connection.

This may just seem like a problem with TLS itself -- a vulnerability in the protocol or the encryption technology -- at first glance, something that can be fixed. Unfortunately, the situation is much more dire than that, at least as far as the CAs' desire to engender trust in the public is concerned. To quote the Wired article:

The boxes were designed to intercept those communications — without breaking the encryption — by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities.

In short, a device now on the market that can be used to eavesdrop on supposedly secure online transactions implicitly relies on the complicity of supposedly trusted Certifying Authorities. Anyone with an even passing familiarity with the way markets tend to work in the real world should start wondering how many CAs are already offering such "forged" certificates to government agencies, to make this device marketable in the first place. As a side note, one might also wonder whether "forged" is the correct term, when the "mint" that produces the legitimate certificates is also producing the "forgeries."

University of Pennsylvania computer security professor, and encryption expert, Matt Blaze suggests that governments may not be the only entities making use of the underlying vulnerability in the PKI model of certificate authentication:

If the company is selling this to law enforcement and the intelligence community, it is not that large a leap to conclude that other, more malicious people have worked out the details of how to exploit this.

Regardless of your feelings about governments spying on their own citizens without "probable cause", this development is an excellent demonstration of the problem of relying on a self-appointed "authority" as a validator of secure communications, holding the keys for your encrypted Internet connections. By contrast, a self-signed certificate -- treated by most browsers as somehow intrinsically less secure than CA-signed certificates -- requires no reliance on any additional parties' trustworthiness. With Perspectives offering an alternative means of out-of-band verification that the certificate offered by the site is the certificate you should expect, there does not seem to be any reasonable argument left against using a self-signed certificate. Why place your trust in any more people than you absolutely must when trying to maintain your privacy?