State of the Web

Post on 10-May-2015

275 views 0 download

Tags:

description

Please join the CASC for a Hangout covering that State of the Web. Topics covered : The move to 2048-bit certificates The move to ShA2 TLS 1.2 EV certificates Revocation checking Always on SSL PFS New gTLDs Members from Comodo, DigiCert, Entrust, and GoDaddy. Robin Alden- Comodo Jeremy Rowley- DigiCert Bruce Morton- Entrust Wayne Thayer- Go Daddy Rick Andrews- Symantec

Transcript of State of the Web

The State of the Web

Robin Alden, Rick Andrews,Bruce Morton, Jeremy Rowley, Wayne Thayer

The ExpertsRick AndrewsSenior Technical Director, Symantec CASC Member Jeremy Rowley

General Counsel, DigiCert CASC Member

Bruce MortonDirector, Certificate Services, Entrust CASC Member Robin Alden

Chief Technology Officer, Comodo CASC Member

Wayne ThayerVice President & General Manager, Security Products, GoDaddyCASC Member

Join the Conversation

#CASChangout bit.ly/16qyUTJ

About the CA Security Council• Comprised of 7 leading global Certificate

Authorities• Committed to the exploration and promotion of

best practices that advance trusted SSL deployment and CA operations

• The CASC works collaboratively to improve understanding of critical policies and their potential impact on the internet infrastructure

• https://casecurity.org/

Topics

• The move to 2048-bit certificates• The move to SHA2• TLS 1.2 • EV certificates• Revocation checking • Always on SSL• PFS• New gTLDs

The Move to 2048-bit Certificates• As computing power increases, companies

must move to more secure keys• Minimum 2048-bit RSA or NIST Suite B ECC

keys is recommended• Deadline – CAs to stop issuing SSL certificates

with less than 2048-bit RSA as of January 1, 2014

Who Recommends 2048?Who Reference

NIST Special Report SP 800-57 – Recommendation for Key Management

NIST Special Report SP 800-131A – Transition of Algorithms and Key Lengths

CA/Browser Forum Extended Validation (EV) Guidelines

CA/Browser Forum Baseline Requirements

Adobe AATL requirements and CDS certificate policy

Microsoft Microsoft Root Certificate Program – Technical Requirements

Mozilla Mozilla CA Certificate Policy – CA:MD5 and 1024

SHA-2: What and Why

• SHA-2 is the next generation cryptographic hash suite that replaces SHA-1

• Can’t continue to rely on strength of SHA-1

Algorithm and Variant

Output Size

(bits)

Collisions found?

Performance (MiB/s)

MD5 128 Yes 335

SHA-0

160

Yes

SHA-1 Theoretical attack (260)

192

SHA-2

SHA- 256/224 256/224

No139

SHA-512/384

512/384 154

The Move to SHA-2

Cost$0.00

$500,000.00

$1,000,000.00

$1,500,000.00

$2,000,000.00

$2,500,000.00

$3,000,000.00SHA-1 Collisions

2012 2015 2018 2021

Expect a rapid migration to SHA-2

NIST required many applications in federal agencies to move to SHA-2 in 2010Windows XP added SHA-2 in Service Pack 3

Join the Conversation

#CASChangout bit.ly/16qyUTJ

It’s Time for TLS 1.2

• Gain resistance to the BEAST attack• Adds more secure cipher suites• Server configuration enhances SSL security– Majors browsers now support TLS 1.2– You have to enable TLS 1.2

EV Certificates

• Purpose– Identity through the green bar– Instant reputation

• Adoption– 20-30% growth in 2013 (Netcraft, OTA)– 3-9% adoption rate (Netcraft, SSL Labs)

• Future– Increasing scope– Evolving standard

Revocation Checking

• CRL (Certificate Revocation List)• OCSP (Online Certificate Status Protocol)– OCSP Stapling

• Browser revocation checking

Join the Conversation

#CASChangout bit.ly/16qyUTJ

Always On SSL

• The 2 Big Myths of AOSSL– SSL is computationally expensive– The network latency of AOSSL will

present inevitable performance degradation

• What does AOSSL protect against?• How to make AOSSL work for you

Perfect Forward Secrecy (PFS)• Stored SSL communications can be decrypted

by attacking the server private key• Attacking keys can be done by compromise,

subverted employees, government demand, …

• PFS uses temporary individual keys for each session

• PFS means that each temporary key would need to be attacked to decrypt all

How to you do PFS?

• Server must support Diffie-Hellman key exchange

• Cipher suites DHE or ECDHE need to be supported:– TLS_ECDHE_RSA_WITH_RC4_128_SHA– TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA– TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA– TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

New Generic Top-Level Domains (gTLD)

• 1930 new gTLDs• ~70 approved so far• Collisions and certificates– SSAC and CAB Forum– 80% released, 20% held for evaluation, 2 on hold

• Deprecation of internal server names– Fall 2015– Revoke certificates within 120 days of contract

More Information

• Learn more about Encryption athttps://casecurity.org/2013/09/13/encryption-still-works-its-about-how-you-implement-it/

• Learn more about TLS 1.2https://casecurity.org/2013/09/19/its-time-for-tls-1-2/

• Learn more about EV Certificateshttps://casecurity.org/2013/08/07/what-are-the-different-types-of-ssl-certificates/

Join the Conversation

#CASChangout bit.ly/16qyUTJ

Contact Information

@CertCouncilcasecurity.orglinkedin.com/groups/Certificate-Authority-Security-Council-4852478/about