The State of the Web
Robin Alden, Rick Andrews,Bruce Morton, Jeremy Rowley, Wayne Thayer
The ExpertsRick AndrewsSenior Technical Director, Symantec CASC Member Jeremy Rowley
General Counsel, DigiCert CASC Member
Bruce MortonDirector, Certificate Services, Entrust CASC Member Robin Alden
Chief Technology Officer, Comodo CASC Member
Wayne ThayerVice President & General Manager, Security Products, GoDaddyCASC Member
Join the Conversation
#CASChangout bit.ly/16qyUTJ
About the CA Security Council• Comprised of 7 leading global Certificate
Authorities• Committed to the exploration and promotion of
best practices that advance trusted SSL deployment and CA operations
• The CASC works collaboratively to improve understanding of critical policies and their potential impact on the internet infrastructure
• https://casecurity.org/
Topics
• The move to 2048-bit certificates• The move to SHA2• TLS 1.2 • EV certificates• Revocation checking • Always on SSL• PFS• New gTLDs
The Move to 2048-bit Certificates• As computing power increases, companies
must move to more secure keys• Minimum 2048-bit RSA or NIST Suite B ECC
keys is recommended• Deadline – CAs to stop issuing SSL certificates
with less than 2048-bit RSA as of January 1, 2014
Who Recommends 2048?Who Reference
NIST Special Report SP 800-57 – Recommendation for Key Management
NIST Special Report SP 800-131A – Transition of Algorithms and Key Lengths
CA/Browser Forum Extended Validation (EV) Guidelines
CA/Browser Forum Baseline Requirements
Adobe AATL requirements and CDS certificate policy
Microsoft Microsoft Root Certificate Program – Technical Requirements
Mozilla Mozilla CA Certificate Policy – CA:MD5 and 1024
SHA-2: What and Why
• SHA-2 is the next generation cryptographic hash suite that replaces SHA-1
• Can’t continue to rely on strength of SHA-1
Algorithm and Variant
Output Size
(bits)
Collisions found?
Performance (MiB/s)
MD5 128 Yes 335
SHA-0
160
Yes
SHA-1 Theoretical attack (260)
192
SHA-2
SHA- 256/224 256/224
No139
SHA-512/384
512/384 154
The Move to SHA-2
Cost$0.00
$500,000.00
$1,000,000.00
$1,500,000.00
$2,000,000.00
$2,500,000.00
$3,000,000.00SHA-1 Collisions
2012 2015 2018 2021
Expect a rapid migration to SHA-2
NIST required many applications in federal agencies to move to SHA-2 in 2010Windows XP added SHA-2 in Service Pack 3
Join the Conversation
#CASChangout bit.ly/16qyUTJ
It’s Time for TLS 1.2
• Gain resistance to the BEAST attack• Adds more secure cipher suites• Server configuration enhances SSL security– Majors browsers now support TLS 1.2– You have to enable TLS 1.2
EV Certificates
• Purpose– Identity through the green bar– Instant reputation
• Adoption– 20-30% growth in 2013 (Netcraft, OTA)– 3-9% adoption rate (Netcraft, SSL Labs)
• Future– Increasing scope– Evolving standard
Revocation Checking
• CRL (Certificate Revocation List)• OCSP (Online Certificate Status Protocol)– OCSP Stapling
• Browser revocation checking
Join the Conversation
#CASChangout bit.ly/16qyUTJ
Always On SSL
• The 2 Big Myths of AOSSL– SSL is computationally expensive– The network latency of AOSSL will
present inevitable performance degradation
• What does AOSSL protect against?• How to make AOSSL work for you
Perfect Forward Secrecy (PFS)• Stored SSL communications can be decrypted
by attacking the server private key• Attacking keys can be done by compromise,
subverted employees, government demand, …
• PFS uses temporary individual keys for each session
• PFS means that each temporary key would need to be attacked to decrypt all
How to you do PFS?
• Server must support Diffie-Hellman key exchange
• Cipher suites DHE or ECDHE need to be supported:– TLS_ECDHE_RSA_WITH_RC4_128_SHA– TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA– TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA– TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
New Generic Top-Level Domains (gTLD)
• 1930 new gTLDs• ~70 approved so far• Collisions and certificates– SSAC and CAB Forum– 80% released, 20% held for evaluation, 2 on hold
• Deprecation of internal server names– Fall 2015– Revoke certificates within 120 days of contract
More Information
• Learn more about Encryption athttps://casecurity.org/2013/09/13/encryption-still-works-its-about-how-you-implement-it/
• Learn more about TLS 1.2https://casecurity.org/2013/09/19/its-time-for-tls-1-2/
• Learn more about EV Certificateshttps://casecurity.org/2013/08/07/what-are-the-different-types-of-ssl-certificates/
Join the Conversation
#CASChangout bit.ly/16qyUTJ
Contact Information
@CertCouncilcasecurity.orglinkedin.com/groups/Certificate-Authority-Security-Council-4852478/about