I believe that web browsers must start including the ultimate issuer in an always-visible user interface element.
You are viewing this website at glyph.twistedmatrix.com. Hopefully securely.
We trust that the math in the cryptographic operations protects our data from prying eyes. However, trusting that the math says the content is authentic and secure is useless unless you know who your computer is talking to. The HTTPS/TLS system identifies your interlocutor by their domain name.
In other words, you trust that these words come from me because
glyph.twistedmatrix.com is reasonably associated with me. If the lock on
your web browser’s title bar was next to the name
stuff-glyph-says.stealing-your-credit-card.example.com, presumably you might
be more skeptical that the content was legitimate.
But... the cryptographic primitives require a trust root - somebody that you
“already trust” - meaning someone that your browser already knows about at the
time it makes the request - to tell you that this site is indeed
glyph.twistedmatrix.com. So you read these words as if they’re the world
according to Glyph, but according to whom is it according to me?
If you click on some obscure buttons (in Safari and Firefox you click on the
little lock; in Chrome you click on the lock, then “Connection”) you should see
that my identity as glyph.twistedmatrix.com has been verified by “StartCom
Class 1 Primary Intermediate Server CA” who was in turn verified by “StartCom
Certification Authority”.
But if you do this, it only tells you about this one time. You could click on a link, and the issuer might change. It might be different for just one script on the page, and there’s basically no way to find out. There are more than 50 different organizations which could certify that could tell your browser to trust that this content is from me, several of whom have already been compromised. If you’re concerned about government surveillance, this list includes the governments of Hong Kong, Japan, France, the Netherlands, Turkey, as well as many multinational corporations vulnerable to secret warrants from the USA.
Sometimes it’s perfectly valid to trust these issuers. If I’m visiting a
website describing some social services provided to French citizens, it would
of course be reasonable for that to be trusted according to the government of
France. But if you’re reading an article on my website about secure
communications technology, probably it shouldn’t be glyph.twistedmatrix.com
brought to you by the China Internet Network Information Center.
Information security is all about the user having some expectation and then a suite of technology ensuring that that expectation is correctly met. If the user’s expectation of the system’s behavior is incorrect, then all the technological marvels in the world making sure that behavior is faithfully executed will not help their actual security at all. Without knowing the issuer though, it’s not clear to me what the user’s expectation is supposed to be about the lock icon.
The security authority system suffers from being a market for silver bullets. Secure websites are effectively resellers of the security offered to them by their certificate issuers; however, the customers are practically unable to even see the trade mark - the issuer name - of the certificate authority ultimately responsible for the integrity and confidentiality of their communications, so they have no information at all. The website itself also has next to no information because the certificate authority themselves are under no regulatory obligation to disclose or verify their security practices.
Without seeing the issuer, there’s no way for “issuer reputation” to be a selling point, which means there’s no market motivation for issuers to do a really good job securing their infrastructure. There’s no way for average users to notice if they are the victims of a targetted surveillance attack.
So please, browser vendors, consider making this information available to the general public so we can all start making informed decisions about who to trust.