(801) Everything in PKI but the Kitchen Sink (in 30 minutes or less) Jeremy Rowley

The new gTLDs will break the internet! Certificate authorities (CAs) are completely unregulated. CAs havent changed since the 90s. Browsers dont even check revocation anymore. All certificates are the same so the CA doesnt matter. SSL is no longer secure! Common Incorrect Assumptions

CAs generate roots and issue certificates Public v. private CAs Audit Criteria Browser Requirements Operations defined by CPS About 65 public CA entities RAs verify identities Multi-factor authentication Audit Criteria Operations defined by standards Pending Regulations/Standards Qualified SSL Certificates ISO update NIST CP CAs and RAs

Low standard: SSAC 085: The SSAC recommends that the ICANN community should seek to identify validation techniques that can be automated and to develop policies that incent the development and deployment of those techniques. The use of automated techniques may necessitate an initial investment but the long- term improvement in the quality and accuracy of registration data will be substantial. Established standards: CA/Browser Forum EV/OV/DV Used by Browsers/Public CAs NIST LOA1-LOA4 Used by government and healthcare Kantara LOA1-LOA4 International Standards FBCA Rudimentary, Basic, Medium, Medium Hardware, High Used in government, aerospace, and healthcare Validation Standards

Domain Verification WHOIS Domain challenge Demonstration of control Organization Verification Organization name and address Certificate authorization Verified contact Extended Validation Jurisdiction of Incorporation Telephone and Place of Business Signing Authority Other Attributes Membership in a community Credentials Validation Process

Major industry improvements since 2006 Higher security standards Better identity vetting process Minimum security requirements for trust 2048 Move to SHA2 No compromised cipher suites/hash functions Security standards Non-trusted certificate causes browser warnings Chained to trusted root Valid and unexpired Issues Cookies Publishing revocation information Outdated domain information Transactional Security

Revocation Information All major browsers perform some level of certificate revocation checking OCSP CRL CRL Sets OCSP Stapling All SSL public CAs provide revocation information via OCSP Cache times vary by browser Longest is 7 days OCSP stapling provides OCSP response with the certificate Eliminates communication with CA Current server distributions support stapling

Internal Names Internal Server Name.example,.corp,.mail ~20,000 certificates Common/recommended practice until 2011 Used by Exchange, blackboard, and other software ICANN Name collision risks (.corp,.home) MITM attack risks Paypal letter – 13 domains CA/Browser Letter Add.mail Barriers to Remedies Established systems Long-lived certificates Training of server operators Costs

Mitigating Risks Related to Internal Names CA/Browser Forum Previous deprecation – November 2015 Accelerated deprecation – 120 days of contract signing 120 days selected to account for.corp (adopted July 2013) Advanced notice from ICANN CAs Internal server name tools Outreach to customers ICANN Collision Mitigation Not release.corp and.home Evaluate 20% Release 80% Opinion.mail should be included 20% is too high (many names are not that prevalent)

Certificate Transparency (CT) Public logs of all certificates Signed proof in certificate Detect mis-issuance Being deployed in Chrome Certificate Authority Authorization (CAA) DNS record specifying authorization Prevents mis-issuance Requires no browser changes Already deployed by Mozilla and Google Key Pinning Associates domain with specific certificate Can pin root, intermediate, or end-entity Potential bricking problem Deployed in Chrome DNS-Based Authentication of Named Entities (DANE) Relies on DNSSEC Specifies public key in DNS Several modes, including public certificates Not deployed in major browsers Developments Industry Improvements

Next Steps Improve research and multi-stakeholder collaboration Many improvements need additional consideration Implement improvements where needed and as completed Many proposals will take time to deploy and need further refinement Discuss the 20% Many of these can likely be approved sooner than later, with a few that simply should not be granted Make continuous improvements Monitor emerging security threats and continue looking for ways to improve security Improve WHOIS Significant benefits in security with notice to CAs of registrant changes Work with CAs CAs are interested in improving the landscape, and DigiCert is taking a lead role, especially with CT Most CAs are excited about new developments Look forward to the future Many smart people are working on these issues, and the future looks good

EV Guidelines, Baseline Requirements, Code Signing, Security Requirements CA/Browser Forum OCSP stapling adoption, research in PKI, disseminating accurate information CASC Updated audit criteria, more stringent standards ETSI/Webtrust New standards in identity vetting and operations ISO Draft certificate policy, updated identity vetting requirements NIST New technology, Pinning, CAA, CT, DANE, evaluating implementations IETF New and improved WHOIS information ICANN Developing and promoting SSL best practices OTA Industry Movers