SSL And The Future Of Authenticity
Moving beyond Certificate Authorities
Wednesday, September 28, 2011 Comodo
Wednesday, September 28, 2011 Web Firm Suspects Iran Hacked Into It Internet-Security Company Says It Was Tricked Into Authenticating Fake Sites, Opening Access to Data, Not Money
Wall Street Journal, March 15th, 2011
Wednesday, September 28, 2011 The Damage
★ mail.google.com
★ www.google.com
★ login.yahoo.com
★ login.skype.com
★ addons.mozilla.org
★ login.live.com
Wednesday, September 28, 2011 “This [attack] was extremely sophisticated and critically executed...it was a very well orchestrated, very clinical attack, and the attacker knew exactly what they needed to do and how fast they had to operate.” -- Melih Abdulhayoglu, Comodo Founder
Wednesday, September 28, 2011 “All the IPs were from Iran...”
-- Melih Abdulhayoglu, Comodo Founder
Wednesday, September 28, 2011 cyber
Wednesday, September 28, 2011 “All of the above leads us to one conclusion only: that this was likely to be a state-driven attack. ” -- Melih Abdulhayoglu, Comodo Founder
Wednesday, September 28, 2011 picture
Wednesday, September 28, 2011 hack --> war
Wednesday, September 28, 2011 “What does this mean?”
Wednesday, September 28, 2011 “How would they use them?”
Wednesday, September 28, 2011 sslsniff
Wednesday, September 28, 2011 “ ”
Wednesday, September 28, 2011 212.95.136.18 [16/Mar/2011:09:56:03 +0000] “GET http:// www.thoughtcrime.org/software/sslsniff/index.html HTTP/1.1” 200 “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13 Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0E)”
Wednesday, September 28, 2011 212.95.136.18 [16/Mar/2011:09:56:03 +0000] “GET http:// www.thoughtcrime.org/software/sslsniff/index.html HTTP/1.1” 200 “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13 Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0E)”
Wednesday, September 28, 2011 212.95.136.18 [16/Mar/2011:09:56:03 +0000] “GET http:// www.thoughtcrime.org/software/sslsniff/index.html HTTP/1.1” 200 “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13 Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0E)”
Wednesday, September 28, 2011 212.95.136.18 [16/Mar/2011:09:56:03 +0000] “GET http:// www.thoughtcrime.org/software/sslsniff/index.html HTTP/1.1” 200 “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13 Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0E)”
Wednesday, September 28, 2011 referrer
Wednesday, September 28, 2011 Wednesday, September 28, 2011 ...it was a very well “orchestrated, very clinical attack, and the attacker knew exactly vs what they needed to do and how fast they had to operate. ” -- Melih Abdulhayoglu
Wednesday, September 28, 2011 And more embarrassing Google search referrers...
“SSL protocol mitm howto iptables prerouting”
Wednesday, September 28, 2011 Wednesday, September 28, 2011 He just wouldn’t shut up!
Wednesday, September 28, 2011 “ If there were a Secure and Trusted DNS this issue would be a moot point! We need a Secure and Trusted DNS! ” -- Melih Abdulhayoglu, Comodo Founder
Wednesday, September 28, 2011 Comodo admits two more resellers pwned in SSL cert hack How deep does the rabbit hole go?
The Register, March 30th, 2011
Wednesday, September 28, 2011 New hack on Comodo reseller exposes private data And then there were four
The Register, May 24th, 2011
Wednesday, September 28, 2011 What happened to Comodo?
Wednesday, September 28, 2011 nothing
Wednesday, September 28, 2011 “ Melih Abdulhayoglu named entrepreneur of the year at RSA 2011. ”
Wednesday, September 28, 2011 problem
Wednesday, September 28, 2011 A Secure Protocol • Secrecy • Integrity • Authenticity
Wednesday, September 28, 2011 early 90’s
Wednesday, September 28, 2011 ! information
Wednesday, September 28, 2011 ! e-commerce
Wednesday, September 28, 2011 ! web applications
Wednesday, September 28, 2011 tiny
Wednesday, September 28, 2011 < 5 million
Wednesday, September 28, 2011 > 4 billion
Wednesday, September 28, 2011 < 10 “secure” sites
Wednesday, September 28, 2011 > 2 million
Wednesday, September 28, 2011 intense pressure
Wednesday, September 28, 2011 4am decisions == javascript
Wednesday, September 28, 2011 A Secure Protocol ✓Secrecy ✓Integrity ‣ Authenticity
Wednesday, September 28, 2011 A Secure Connection
Client PayPal
Wednesday, September 28, 2011 A Secure Connection
Attacker
Client PayPal
Wednesday, September 28, 2011 entirely theoretical
Wednesday, September 28, 2011 certificates and certificate authorities
Wednesday, September 28, 2011 “...a bit of a hand wave.”
Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 cyber war
Wednesday, September 28, 2011 happening every day
Wednesday, September 28, 2011 login.live.com?
Wednesday, September 28, 2011 Mike Zussman just asked for it.
Wednesday, September 28, 2011 Eddy Nigg got mozilla.com ...with no validation
Wednesday, September 28, 2011 VeriSign issued “Microsoft Corporation”
Wednesday, September 28, 2011 SSL-In-A-Box.com
Wednesday, September 28, 2011 These are the people securing the internet.
Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 State Sponsored?
Wednesday, September 28, 2011 Wednesday, September 28, 2011 good news
Wednesday, September 28, 2011 “total ripoff”
“total ripoff and mostly worthless”
Wednesday, September 28, 2011 problem?
Wednesday, September 28, 2011 Campus Berlin-Buch
Westsaechsische Hochschule Zwickau
FIZ CHEMIE Berlin GmbH DFN-CERT Services GmbH
Forschungsverbund Berlin e.V. Humboldt-Universitaet zu Berlin Universitaet Flensburg
T-Systems SfR Deutsche Nationalbibliothek
Hochschule Furtwangen Universitaet Erlangen-Nuernberg T-Systems SfR GmbH
Hochschule Bremerhaven Fachhochschule Flensburg GeoForschungsZentrum Potsdam
Jacobs University Bremen gGmbH Universitaet Erfurt
IFW Dresden e.V. Universitaet Marburg
Universitaet Augsburg Leibniz-Rechenzentrum
Universitaet Muenster IFM-GEOMAR Fachhochschule Landshut
Universitaet Leipzig Fachhochschule Ansbach
HAWK Fachhochschule Hildesheim/Holzminden/Goettingen Hochschule Kempten Rheinische Fachhochschule Koeln gGmbH
Uni-Konstanz Universitaet Stuttgart
Fachhochschule Luebeck Fachhochschule Bielefeld
Universitaet Potsdam Hochschule Anhalt (FH)
Friedrich-Loeffler-Institut
Hochschule Fulda Beuth Hochschule fuer Technik Berlin
Universitaet Ulm Fachhochschule Rosenheim Fachhochschule Ingolstadt Technische Universitaet Berlin
Universitaet Jena Hochschule Biberach IPK Gatersleben Max-Planck-Institut fuer Zuechtungsforschung
Universitaet Mannheim NEC Europe Ltd. Bundesanstalt fuer Wasserbau Fachhochschule Stralsund
Universitaet Dortmund Hochschule Bremen Deutsches Elektronen-Synchrotron DESY Stiftung Tieraerztliche Hochschule Hannover
Technische Fachhochschule Georg Agricola zu Bochum Universitaet Bielefeld Fachhochschule Aachen Otto-Friedrich-Universitaet Bamberg
Fachhochschule Osnabrueck Universitaet Bremen Paedagogische Hochschule Heidelberg Technische Universitaet Braunschweig
Institut fuer Photonische Technologien e.V. Universitaet Bayreuth Universitaet Wuerzburg Universitaet zu Koeln Technische Universitaet Chemnitz
Hochschule fuer Technik und Wirtschaft Berlin Hochschule fuer Technik Stuttgart Universitaet Passau Hochschule fuer Musik und Theater Hannover
Helmholtz-Zentrum fuer Infektionsforschung GmbH Ruhr-Universitaet Bochum Mitteldeutscher Rundfunk Fritz-Haber-Institut der Max-Planck-Gesellschaft Berlin-Brandenburgische Akademie der Wissenschaften
Berufsakademie Sachsen Staatliche Studienakademie Bautzen Max-Planck-Gesellschaft Fachhochschule Giessen-Friedberg Staatliche Hochschule f. Musik u. Darstellende Kunst Stuttgart
Johann Wolfgang Goethe-Universitaet Forschungszentrum Dresden-Rossendorf e.V.
Max-Planck-Institut fuer Biophysik Universitaet zu Luebeck Hochschule fuer Musik und Theater Leipzig
Technische Universitaet Darmstadt Technische Universitaet Hamburg-Harburg Universitaet Kiel Hochschule Darmstadt Heinrich-Heine-Universitaet Duesseldorf
Medizinische Hochschule Hannover Universitaet Osnabrueck Hochschul-Informations-System GmbH Mathematisches Forschungsinstitut Oberwolfach gGmbH
Leibniz-Institut fuer Polymerforschung Dresden e.V. Fachhochschule Augsburg Leuphana Universitaet Lueneburg Paedagogische Hochschule Schwaebisch Gmuend
Regionales Hochschulrechenzentrum Kaiserslautern Deutsches Klimarechenzentrum GmbH Universitaet der Bundeswehr Muenchen Fachhochschule Braunschweig/Wolfenbuettel Zentrum fuer Informationsverarbeitung und Informationstechnik AC CAMERFIRMA S.A. Deutsches Zentrum fuer Luft- und Raumfahrt e.V. (DLR) Hochschule fuer Technik, Wirtschaft und Kultur Leipzig Deutsches Institut fuer Ernaehrungsforschung (DIfE) Max-Planck-Institut zur Erforschung von Gemeinschaftsguetern AC Camerfirma SA CIF A82743287 Helmholtz-Zentrum Berlin fuer Materialien und Energie GmbH Bayerische Staatsbibliothek ESO - European Organisation for Astronomical Research Swisscom AC Camerfirma SA state-institutions Hochschule Mittweida (FH) - University of Applied Sciences Georg-August-Universitaet Goettingen Technische Fachhochschule Berlin Universitaet Hamburg Hochschule Karlsruhe - Technik und Wirtschaft ComSign Ltd. Bank Leumi Le-Israel LTD Konrad-Zuse-Zentrum fuer Informationstechnik Berlin (ZIB) Technische Universitaet Dresden Bibliotheksservice-Zentrum Baden-Wuerttemberg Ludwig-Maximilians-Universitaet Muenchen
AC Camerfirma S.A. ComSign Hochschule fuer Wirtschaft und Umwelt Nuertingen-Geislingen Fachhochschule Oldenburg/Ostfriesland/Wilhelmshaven Forschungszentrum Juelich GmbH Paedagogische Hochschule Ludwigsburg Akademie fuer Lehrerfortbildung und Personalfuehrung Dillingen
Helmut-Schmidt-Universitaet Universitaet der Bundeswehr Hamburg Wissenschaftszentrum Berlin fuer Sozialforschung gGmbH Hochschule Bonn-Rhein-Sieg Universitaet Duisburg-Essen Leibniz-Zentrum fuer Agrarlandschaftsforschung (ZALF) e. V.
Georg-Simon-Ohm-Hochschule f. angewandte Wissenschaften FH Nbg Technische Universitaet Ilmenau Universitaet Regensburg Bundesanstalt f. Geowissenschaften u. Rohstoffe C=TW, O=Government Root Certification Authority
Fachhochschule Weihenstephan DFN-Verein Freie Universitaet Berlin Technische Universitaet Clausthal Microsoft Trust Network xE8xA1x8CxE6x94xBFxE9x99xA2
Hochschule Magdeburg Stendal (FH) Fachhochschule Frankfurt am Main Leibniz-Institut fuer Atmosphaerenphysik
Helmholtz-Zentrum fuer Umweltforschung GmbH - UFZ Deutsches Institut fuer Wirtschaftsforschung e.V. (DIW Berlin) Technische Universitaet Dortmund Hochschule fuer angewandte Wissenschaften - FH Deggendorf C=hk, O=C&W HKT SecureNet CA Class B Leibniz-Institut fuer Analytische Wissenschaften - ISAS - e.V. Hochschule fuer Grafik und Buchkunst Leipzig Hochschule fuer Wirtschaft und Recht Berlin Otto-von-Guericke-Universitaet Magdeburg Wells Fargo WellsSecure Wells Fargo Deutsches Institut fuer Internationale Paedagogische Forschung Universitaet des Saarlandes Gesellschaft fuer Schwerionenforschung mbH (GSI)
VISA Deutsches BiomasseForschungsZentrum gemeinnuetzige GmbH Deutscher Bundestag Martin-Luther-Universitaet Halle-Wittenberg A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH
Serasa S.A. Hochschule fuer angewandte Wissenschaften Fachhochschule Hof Hahn-Meitner-Institut Berlin GmbH Fachhochschule Bonn-Rhein-Sieg
Fachhochschule fuer Technik und Wirtschaft Berlin FernUniversitaet in Hagen Universitaet Greifswald Bauhaus-Universitaet Weimar STIFTUNG PREUSSISCHER KULTURBESITZ Baltimore Ministere education nationale (MENESR) Hochschule fuer angewandte Wissenschaften Fachhochschule Coburg Max-Planck-Institut fuer Gesellschaftsforschung Hochschule Ostwestfalen-Lippe Hochschule fuer Kuenste Bremen
Deutsche Telekom AG, Laboratories Hochschule Mannheim Bundesinstitut fuer Risikobewertung SHECA EUnet International UniTrust PrvnxC3xAD certifikaxC4x8DnxC3xAD autorita, a.s. Deutsches Krebsforschungszentrum (DKFZ) Freistaat Sachsen
Leibniz-Institut fuer Plasmaforschung und Technologie e.V. Hochschule Ravensburg-Weingarten Leibniz-Institut fuer Neurobiologie Magdeburg
Echoworx Corporation Fachhochschule Wuerzburg-Schweinfurt Technische Universitaet Bergakademie Freiberg Fachhochschule Erfurt Technische Universitaet Muenchen Halcom Agencia Catalana de Certificacio (NIF Q-0801176-I)
Hochschule fuer Angewandte Wissenschaften Hamburg Hochschule Wismar Hochschule Zittau/Goerlitz Universitaet Rostock
Kath. Universitaet Eichstaett-Ingolstadt Leibniz Universitaet Hannover Universitaet Giessen Fachhochschule Kiel AS Sertifitseerimiskeskus DIRECCION GENERAL DE LA POLICIA Saunalahden Serveri Oy
Fachhochschule Brandenburg Hochschule fuer Gestaltung Karlsruhe Duale Hochschule Baden-Wuerttemberg RWTH Aachen INDIA PKI
Helmholtz Zentrum Muenchen Hochschule Heilbronn Fachhochschule Aschaffenburg IZENPE S.A. Consejo General de la Abogacia NIF:Q-2863006I Dhimyotis CBEC Universitaet Kassel NORDAKADEMIE gAG Fachhochschule Neu-Ulm Ministere Education Nationale (MENESR)
Bergische Universitaet Wuppertal Hochschule Esslingen
EDICOM C=hk, O=C&W HKT SecureNet CA Class A xC4x8CeskxC3xA1 poxC5xA1ta, s.p. [IxC4x8C 47114983] Universitaet Siegen Universitaet Heidelberg Land Niedersachsen India PKI
Alfred-Wegener-Institut Hochschule Merseburg (FH) Mahanagar Telephone Nigam Limited
Badische Landesbibliothek Technische Fachhochschule Wildau Netrust Certificate Authority 1 Belgacom VAS Latvijas Pasts - Vien.reg.Nr.40003052790 Mahanagar Telephone Nigam Limited National Informatics Centre
TuTech Innovation GmbH Physikalisch-Technische Bundesanstalt Gouv
Fachhochschule Regensburg Bundesamt fuer Kartographie und Geodaesie Buypass AS-983163327 A-Trust ViaCode IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8 Gesellschaft fuer wissenschaftliche Datenverarbeitung Hochschule Ulm service-public gouv agriculture
Fachhochschule Dortmund Hochschule Offenburg Universitaet der Kuenste Berlin Port Autonome de Marseille
admin C=hk, O=C&W HKT SecureNet CA Root Universitaet Bonn Fachhochschule Wiesbaden Hochschule Niederrhein PM/SGDN Ministere en charge des affaires sanitaires et sociales
AOL Time Warner Inc. Hochschulbibliothekszentrum NRW Bundesamt fuer Strahlenschutz Fachhochschule Jena Secteur public xC3x89cologie DxC3xA9veloppement et AmxC3xA9nagement durables
Hochschule Muenchen Fachhochschule Muenster Hochschule Aalen E-CERTCHILE MINEFI MinistxC3xA8re xC3x89cologie, DxC3xA9veloppement et AmxC3xA9nagement durables
Karlsruhe Institute of Technology Universitaet Karlsruhe Charite - Universitaetsmedizin Berlin PTT Post Coventry City Council
Fachhochschule Hannover Deutsches Herzzentrum Berlin Universitaet Freiburg HafenCity Universitaet Hamburg Trustis Limited First Data Digital Certificates Inc. TxC3xBCrkiye Bilimsel ve Teknolojik AraxC5x9FtxC4xB1rma Kurumu - TxC3x9CBxC4xB0TAK B.A.T. Universitaet Tuebingen GESIS Fachhochschule Suedwestfalen POSTA MessageLabs BESSY Fachhochschule Gelsenkirchen
Autoridad Certificadora Raiz de la Secretaria de Economia, OU Ministere de la Justice Autoridad Certificadora de la Asociacion Nacional del Notariado Mexicano, A.C., O Hochschule Amberg-Weiden Deutscher Wetterdienst Paedagogische Hochschule Freiburg
Japan Certification Services, Inc. Deutsche Telekom AG HS-Harz
Fraunhofer Dioezese Rottenburg-Stuttgart Hochschule Neubrandenburg x00Ax00-x00Tx00rx00ux00sx00tx00 x00Gx00ex00sx00.x00 x00fx00xFCx00rx00 x00Sx00ix00cx00hx00ex00rx00hx00ex00ix00tx00sx00sx00yx00sx00tx00ex00mx00ex00 x00ix00mx00 x00ex00lx00ex00kx00tx00rx00.x00 x00Dx00ax00tx00ex00nx00vx00ex00rx00kx00ex00hx00rx00 x00Gx00mx00bx00H
Government CA/serialNumber TeliaSonera T-Systems Enterprise Services GmbH eSign Australia
Deutsche Post World Net C=AT, ST=Austria, L=Vienna, O=Arge Daten Oesterreichische Gesellschaft fuer Datenschutz/[email protected] CEDICAM Belgium Root CA2 BAH Department of Education and Training FNMT-RCM InfoNotary PLC Servicio de Certificacion del Colegio de Registradores (SCR) Certplus KEYNECTIS E-Telbank Sp. z o.o. Belgium Root CA Government CA CERTINOMIS TxC3x9CRKTRUST Bilgi xC4xB0letixC5x9Fim ve BilixC5x9Fim GxC3xBCvenlixC4x9Fi Hizmetleri A.xC5x9E. (c) KasxC4xB1m 2005 Wednesday, September 28, 2011 GlobalSign Generalitat Valenciana QuoVadis Limited, Bermuda C=SI, O=ACNLB GlobalSign nv-sa Ford Motor Company - Enterprise CA TxC3x9CRKTRUST Elektronik Sertifika Hizmet SaxC4x9FlayxC4xB1cxC4xB1sxC4xB1, C Thawte, Inc. TxC3x9CRKTRUST Elektronik Sunucu SertifikasxC4xB1 Hizmetleri, C beTRUSTed AURA - Gemini Observatory KIBS AD Skopje QuoVadis Trustlink Schweiz AG
certSIGN Northern Arizona University Mobile Armor Enterprise CA QuoVadis Limited ACE Limited Jabber Software Foundation Nestle Jo Tankers Autoridad de Certificacion Firmaprofesional CIF A62634068/emailAddress StartCom Ltd. Coop Genossenschaft Autoridad de Certificacion Firmaprofesional CIF A62634068 E-ME SSI (RCA) ABB Ltd. Alpha Miami University Migros Disig a.s. ICC-CPI Firmaprofesional S.A. NIF A-62634068 thawte, Inc. E-ME PSI (PCA) BGC-OffSubCA ADMINISTRACION NACIONAL DE CORREOS WISeKey I.CA - Qualified root certificate, O E-ME SI (CA1) Audkenni hf. Ford Motor Company - Enterprise Issuing CA01 DigiNotar B.V. ESG BV An Post Coop Touring Club Suisse (TCS) Giesecke and Devrient Comodo Japan Inc.
C=au, O=SecureNet CA Class B C=au, O=SecureNet CA Root Serasa Etisalat Digicert Sdn. Bhd.
Thawte Consulting ICP-Brasil XRamp Security Services Inc ZF LGPKI C=hk, O=C&W HKT SecureNet CA SGC Root MSFT Thawte Consulting cc agentschap Centraal Informatiepunt Beroepen Gezondheidszorg
C=au, O=SecureNet CA Class A Bechtel Corporation Cybertrust Thawte Consulting (Pty) Ltd. Staat der Nederlanden IPS Certification Authority s.l. ipsCA
InfoCert SpA Certipost s.a./n.v. VeriSign, Inc. Fundacion FESTE CDC KAS BANK N.V. Kas Bank NV Getronics PinkRoccade Nederland B.V. QuoVadis Trustlink BV I.T. Telecom GDT-SubCA-Public Postecom S.p.A. Sun Microsystems Inc Macao Post Telekom-Control-Kommission Digital Signature Trust GDT-EntSubCA-Public Betrusted Japan Co., Ltd. VeriSign Japan K.K. Xcert EZ by DST AffirmTrust U.S. Government Sacred Heart University CA Munich Re Group
Betrusted US Inc Centro Nazionale per l’Informatica nella PA MULTICERT-CA Siemens Issuing CA Class Internet Server V1.0 Unizeto Technologies S.A. VeriSign Trust Network Unizeto Sp. z o.o. American Express Channel Server CA 3 Comodo Limited GTE Corporation Trustwave Holdings, Inc. E-Sign S.A. Microsoft Root Certificate Authority
SwissSign AG TAIWAN-CA.COM Inc. Syncrude Canada Ltd SecureTrust Corporation Ministerie van Defensie Microsoft Corporation
YandexExternalCA Siemens Issuing CA Class STE C=au, O=SecureNet CA SGC Root Hongkong Post Chunghwa Telecom Co., Ltd.
Actalis S.p.A. global FINMECCANICA Microsoft Internet Authority ABA.ECOM, INC. Elektronik Bilgi Guvenligi A.S. xE4xB8xADxE8x8FxAFxE9x9BxBBxE4xBFxA1xE8x82xA1xE4xBBxBDxE6x9Cx89xE9x99x90xE5x85xACxE5x8FxB8 LUPKI01 Marks and Spencer Group plc SignKorea ComSign Advanced Security CA TradeSign Cybertrust Japan Co., Ltd. Sempra Energy
Equifax Secure KISA yessign Autoridad Certificadora del Colegio Nacional de Correduria Publica Mexicana, A.C., O TxC3x9CRKTRUST Elektronik xC4xB0xC5x9Flem Hizmetleri, C TAIWAN-CA DigiCert Inc. GAD eG
Dell Inc. Anthem Inc CrossCert
ANCE Certisign Certificadora Digital Ltda. SAIC KICA Colegio de Registradores de la Propiedad y Mercantiles de EspaxC3xB1a Sociedad Cameral de CertificacixC3xB3n Digital - CerticxC3xA1mara S.A.
Cybertrust Inc adidas AG
SECOM Trust.net KBC Group Thawte I.CA - Standard root certificate, O D-Trust GmbH Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988 IPS Internet publishing Services s.l. SIA S.p.A. SCEE IPS Seguridad CA SCEE - Sistema de CertificaxE7xE3o ElectrxF3nica do Estado
Sonera EBG BilixC5x9Fim Teknolojileri ve Hizmetleri A.xC5x9E. Entidad de Certificacion Digital Abierta Certicamara S.A. National Institute of Informatics Intesa Sanpaolo S.p.A. Cisco Systems
Digital Signature Trust Co. SECOM Trust Systems CO.,LTD. NalcoExternalPolicyCA-1 Secure Business Services, Inc.
Vodafone Group Network Solutions L.L.C. Certicamara S.A. Entidad de Certificacion Deutscher Sparkassen Verlag GmbH Skaitmeninio sertifikavimo centras Japanese Government NetLock Kft. Fuji Xerox Cybertrust, Inc DigiCert Inc NetLock Halozatbiztonsagi Kft. FNMT
ValiCert, Inc. Trusted Secure Certificate Authority Microsec Ltd. Microsoft Root Authority Vaestorekisterikeskus CA Actalis S.p.A./03358520967 Government of Korea
Starfield Technologies, Inc. Servision Inc. Sempra Energy Secure Server CA1 Certeurope IDEACROSS INC. KAGOYA JAPAN Inc. GAD EG
RSA Data Security, Inc. America Online Inc. Wachovia Corporation RSA Security Inc. XiPS Microsoft Secure Server Authority
TaiOne International Ltd. Unicert Brasil Certificadora Positive Software Corporation
MasterCard Worldwide INTEC Communications Inc. The Go Daddy Group, Inc. GLOBE HOSTING CERTIFICATION AUTHORITY
SunGard Availability Services RegisterFly.com, inc.
Earthlink Inc AusCERT
NalcoExternalIssuingCA-1 The USERTRUST Network
SHCRoot Saphety WebSpace-Forum, Thomas Wendt Entrust.net Registry Pro
Network Associates WebSpace-Forum e.K.
RSA Security Inc Accenture Digi-Sign Limited EUNETIC GmbH
O=Mortgage and Settlement Service Trust CA shcica Equifax CENTRAL SECURITY PATROLS CO., LTD.
TC TrustCenter GmbH SCEE - Sistema de CertificaxC3xA7xC3xA3o ElectrxC3xB3nica do Estado AddTrust Sweden AB Telstra Corporation Limited GoDaddy.com, Inc. Intesa Sanpaolo S.p.A. CA Servizi Esterni MindGenies COMODO CA Limited WoSign, Inc.
Firstserver, Inc. DRS-TEM Wotone Communications, Inc. Register.com GANDI SAS
eBiz Networks Ltd SGssl
Comodo CA Limited Configuration, CN OVH SAS
Intel Corporation UGIS S.p.A. TERENA
Google Inc First Data Corporation TDC Internet
Telstra RSS Issuing CA1 Aetna Inc. Entrust, Inc. AddTrust AB
General Electric Company UIS-IntB-CA DigiNotar
NTT DOCOMO, INC. GeoTrust Inc. CNNIC SSL FreeSSL
GeoTrust, Inc. TDC RBC Hosting Center OptimumSSL CA
UIS-IsuB1-CA The Walt Disney Company CA
Jack Henry and Associates, Inc.
Equifax Secure Inc.
GeoTrust Inc
TC TrustCenter for Security in Data Networks GmbH CNNIC
ChainedSSL Nederlandse Orde van Advocaten
The Walt Disney Company Commerce CA
EON
The Walt Disney Company Enterprise CA
Energie-Control GmbH
ARGE DATEN - Austrian Society for Data Protection
ARGE DATEN - Austrian Society for Data Protection and Privacy
e-commerce monitoring GmbH Campus Berlin-Buch
Westsaechsische Hochschule Zwickau
FIZ CHEMIE Berlin GmbH DFN-CERT Services GmbH
Forschungsverbund Berlin e.V. Humboldt-Universitaet zu Berlin Universitaet Flensburg
T-Systems SfR Deutsche Nationalbibliothek
Hochschule Furtwangen Universitaet Erlangen-Nuernberg T-Systems SfR GmbH
Hochschule Bremerhaven Fachhochschule Flensburg GeoForschungsZentrum Potsdam
Jacobs University Bremen gGmbH Universitaet Erfurt
IFW Dresden e.V. Universitaet Marburg
Universitaet Augsburg Leibniz-Rechenzentrum
Universitaet Muenster IFM-GEOMAR Fachhochschule Landshut
Universitaet Leipzig Fachhochschule Ansbach
HAWK Fachhochschule Hildesheim/Holzminden/Goettingen Hochschule Kempten Rheinische Fachhochschule Koeln gGmbH
Uni-Konstanz Universitaet Stuttgart
Fachhochschule Luebeck Fachhochschule Bielefeld
Universitaet Potsdam Hochschule Anhalt (FH)
Friedrich-Loeffler-Institut
Hochschule Fulda Beuth Hochschule fuer Technik Berlin
Universitaet Ulm Fachhochschule Rosenheim Fachhochschule Ingolstadt Technische Universitaet Berlin
Universitaet Jena Hochschule Biberach IPK Gatersleben Max-Planck-Institut fuer Zuechtungsforschung
Universitaet Mannheim NEC Europe Ltd. Bundesanstalt fuer Wasserbau Fachhochschule Stralsund
Universitaet Dortmund Hochschule Bremen Deutsches Elektronen-Synchrotron DESY Stiftung Tieraerztliche Hochschule Hannover
Technische Fachhochschule Georg Agricola zu Bochum Universitaet Bielefeld Fachhochschule Aachen Otto-Friedrich-Universitaet Bamberg
Fachhochschule Osnabrueck Universitaet Bremen Paedagogische Hochschule Heidelberg Technische Universitaet Braunschweig
Institut fuer Photonische Technologien e.V. Universitaet Bayreuth Universitaet Wuerzburg Universitaet zu Koeln Technische Universitaet Chemnitz
Hochschule fuer Technik und Wirtschaft Berlin Hochschule fuer Technik Stuttgart Universitaet Passau Hochschule fuer Musik und Theater Hannover
Helmholtz-Zentrum fuer Infektionsforschung GmbH Ruhr-Universitaet Bochum Mitteldeutscher Rundfunk Fritz-Haber-Institut der Max-Planck-Gesellschaft Berlin-Brandenburgische Akademie der Wissenschaften
Berufsakademie Sachsen Staatliche Studienakademie Bautzen Max-Planck-Gesellschaft Fachhochschule Giessen-Friedberg Staatliche Hochschule f. Musik u. Darstellende Kunst Stuttgart
Johann Wolfgang Goethe-Universitaet Forschungszentrum Dresden-Rossendorf e.V.
Max-Planck-Institut fuer Biophysik Universitaet zu Luebeck Hochschule fuer Musik und Theater Leipzig
Technische Universitaet Darmstadt Technische Universitaet Hamburg-Harburg Universitaet Kiel Hochschule Darmstadt Heinrich-Heine-Universitaet Duesseldorf
Medizinische Hochschule Hannover Universitaet Osnabrueck Hochschul-Informations-System GmbH Mathematisches Forschungsinstitut Oberwolfach gGmbH
Leibniz-Institut fuer Polymerforschung Dresden e.V. Fachhochschule Augsburg Leuphana Universitaet Lueneburg Paedagogische Hochschule Schwaebisch Gmuend
Regionales Hochschulrechenzentrum Kaiserslautern Deutsches Klimarechenzentrum GmbH Universitaet der Bundeswehr Muenchen Fachhochschule Braunschweig/Wolfenbuettel Zentrum fuer Informationsverarbeitung und Informationstechnik AC CAMERFIRMA S.A. Deutsches Zentrum fuer Luft- und Raumfahrt e.V. (DLR) Hochschule fuer Technik, Wirtschaft und Kultur Leipzig Deutsches Institut fuer Ernaehrungsforschung (DIfE) Max-Planck-Institut zur Erforschung von Gemeinschaftsguetern AC Camerfirma SA CIF A82743287 Helmholtz-Zentrum Berlin fuer Materialien und Energie GmbH Bayerische Staatsbibliothek ESO - European Organisation for Astronomical Research Swisscom AC Camerfirma SA state-institutions Hochschule Mittweida (FH) - University of Applied Sciences Georg-August-Universitaet Goettingen Technische Fachhochschule Berlin Universitaet Hamburg Hochschule Karlsruhe - Technik und Wirtschaft ComSign Ltd. Bank Leumi Le-Israel LTD Konrad-Zuse-Zentrum fuer Informationstechnik Berlin (ZIB) Technische Universitaet Dresden Bibliotheksservice-Zentrum Baden-Wuerttemberg Ludwig-Maximilians-Universitaet Muenchen
AC Camerfirma S.A. ComSign Hochschule fuer Wirtschaft und Umwelt Nuertingen-Geislingen Fachhochschule Oldenburg/Ostfriesland/Wilhelmshaven Forschungszentrum Juelich GmbH Paedagogische Hochschule Ludwigsburg Akademie fuer Lehrerfortbildung und Personalfuehrung Dillingen
Helmut-Schmidt-Universitaet Universitaet der Bundeswehr Hamburg Wissenschaftszentrum Berlin fuer Sozialforschung gGmbH Hochschule Bonn-Rhein-Sieg Universitaet Duisburg-Essen Leibniz-Zentrum fuer Agrarlandschaftsforschung (ZALF) e. V.
Georg-Simon-Ohm-Hochschule f. angewandte Wissenschaften FH Nbg Technische Universitaet Ilmenau Universitaet Regensburg Bundesanstalt f. Geowissenschaften u. Rohstoffe C=TW, O=Government Root Certification Authority
Fachhochschule Weihenstephan DFN-Verein Freie Universitaet Berlin Technische Universitaet Clausthal Microsoft Trust Network xE8xA1x8CxE6x94xBFxE9x99xA2
Hochschule Magdeburg Stendal (FH) Fachhochschule Frankfurt am Main Leibniz-Institut fuer Atmosphaerenphysik
Helmholtz-Zentrum fuer Umweltforschung GmbH - UFZ Deutsches Institut fuer Wirtschaftsforschung e.V. (DIW Berlin) Technische Universitaet Dortmund Hochschule fuer angewandte Wissenschaften - FH Deggendorf C=hk, O=C&W HKT SecureNet CA Class B Leibniz-Institut fuer Analytische Wissenschaften - ISAS - e.V. Hochschule fuer Grafik und Buchkunst Leipzig Hochschule fuer Wirtschaft und Recht Berlin Otto-von-Guericke-Universitaet Magdeburg Wells Fargo WellsSecure Wells Fargo Deutsches Institut fuer Internationale Paedagogische Forschung Universitaet des Saarlandes Gesellschaft fuer Schwerionenforschung mbH (GSI)
VISA Deutsches BiomasseForschungsZentrum gemeinnuetzige GmbH Deutscher Bundestag Martin-Luther-Universitaet Halle-Wittenberg A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH
Serasa S.A. Hochschule fuer angewandte Wissenschaften Fachhochschule Hof Hahn-Meitner-Institut Berlin GmbH Fachhochschule Bonn-Rhein-Sieg
Fachhochschule fuer Technik und Wirtschaft Berlin FernUniversitaet in Hagen Universitaet Greifswald Bauhaus-Universitaet Weimar STIFTUNG PREUSSISCHER KULTURBESITZ Baltimore Ministere education nationale (MENESR) Hochschule fuer angewandte Wissenschaften Fachhochschule Coburg Max-Planck-Institut fuer Gesellschaftsforschung Hochschule Ostwestfalen-Lippe Hochschule fuer Kuenste Bremen
Deutsche Telekom AG, Laboratories Hochschule Mannheim Bundesinstitut fuer Risikobewertung SHECA EUnet International UniTrust PrvnxC3xAD certifikaxC4x8DnxC3xAD autorita, a.s. Deutsches Krebsforschungszentrum (DKFZ) Freistaat Sachsen
Leibniz-Institut fuer Plasmaforschung und Technologie e.V. Hochschule Ravensburg-Weingarten Leibniz-Institut fuer Neurobiologie Magdeburg
Echoworx Corporation Fachhochschule Wuerzburg-Schweinfurt Technische Universitaet Bergakademie Freiberg Fachhochschule Erfurt Technische Universitaet Muenchen Halcom Agencia Catalana de Certificacio (NIF Q-0801176-I)
Hochschule fuer Angewandte Wissenschaften Hamburg Hochschule Wismar Hochschule Zittau/Goerlitz Universitaet Rostock
Kath. Universitaet Eichstaett-Ingolstadt Leibniz Universitaet Hannover Universitaet Giessen Fachhochschule Kiel AS Sertifitseerimiskeskus DIRECCION GENERAL DE LA POLICIA Saunalahden Serveri Oy
Fachhochschule Brandenburg Hochschule fuer Gestaltung Karlsruhe Duale Hochschule Baden-Wuerttemberg RWTH Aachen INDIA PKI
Helmholtz Zentrum Muenchen Hochschule Heilbronn Fachhochschule Aschaffenburg IZENPE S.A. Consejo General de la Abogacia NIF:Q-2863006I Dhimyotis CBEC Universitaet Kassel NORDAKADEMIE gAG Fachhochschule Neu-Ulm Ministere Education Nationale (MENESR)
Bergische Universitaet Wuppertal Hochschule Esslingen
EDICOM C=hk, O=C&W HKT SecureNet CA Class A xC4x8CeskxC3xA1 poxC5xA1ta, s.p. [IxC4x8C 47114983] Universitaet Siegen Universitaet Heidelberg Land Niedersachsen India PKI
Alfred-Wegener-Institut Hochschule Merseburg (FH) Mahanagar Telephone Nigam Limited
Badische Landesbibliothek Technische Fachhochschule Wildau Netrust Certificate Authority 1 Belgacom VAS Latvijas Pasts - Vien.reg.Nr.40003052790 Mahanagar Telephone Nigam Limited National Informatics Centre
TuTech Innovation GmbH Physikalisch-Technische Bundesanstalt Gouv
Fachhochschule Regensburg Bundesamt fuer Kartographie und Geodaesie Buypass AS-983163327 A-Trust ViaCode IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8 Gesellschaft fuer wissenschaftliche Datenverarbeitung Hochschule Ulm service-public gouv agriculture
Fachhochschule Dortmund Hochschule Offenburg Universitaet der Kuenste Berlin Port Autonome de Marseille
admin C=hk, O=C&W HKT SecureNet CA Root Universitaet Bonn Fachhochschule Wiesbaden Hochschule Niederrhein PM/SGDN Ministere en charge des affaires sanitaires et sociales
AOL Time Warner Inc. Hochschulbibliothekszentrum NRW Bundesamt fuer Strahlenschutz Fachhochschule Jena Secteur public xC3x89cologie DxC3xA9veloppement et AmxC3xA9nagement durables
Hochschule Muenchen Fachhochschule Muenster Hochschule Aalen E-CERTCHILE MINEFI MinistxC3xA8re xC3x89cologie, DxC3xA9veloppement et AmxC3xA9nagement durables
Karlsruhe Institute of Technology Universitaet Karlsruhe Charite - Universitaetsmedizin Berlin PTT Post Coventry City Council
Fachhochschule Hannover Deutsches Herzzentrum Berlin Universitaet Freiburg HafenCity Universitaet Hamburg Trustis Limited First Data Digital Certificates Inc. TxC3xBCrkiye Bilimsel ve Teknolojik AraxC5x9FtxC4xB1rma Kurumu - TxC3x9CBxC4xB0TAK B.A.T. Universitaet Tuebingen GESIS Fachhochschule Suedwestfalen POSTA MessageLabs BESSY Fachhochschule Gelsenkirchen
Autoridad Certificadora Raiz de la Secretaria de Economia, OU Ministere de la Justice Autoridad Certificadora de la Asociacion Nacional del Notariado Mexicano, A.C., O Hochschule Amberg-Weiden Deutscher Wetterdienst Paedagogische Hochschule Freiburg
Japan Certification Services, Inc. Deutsche Telekom AG HS-Harz
Fraunhofer Dioezese Rottenburg-Stuttgart Hochschule Neubrandenburg x00Ax00-x00Tx00rx00ux00sx00tx00 x00Gx00ex00sx00.x00 x00fx00xFCx00rx00 x00Sx00ix00cx00hx00ex00rx00hx00ex00ix00tx00sx00sx00yx00sx00tx00ex00mx00ex00 x00ix00mx00 x00ex00lx00ex00kx00tx00rx00.x00 x00Dx00ax00tx00ex00nx00vx00ex00rx00kx00ex00hx00rx00 x00Gx00mx00bx00H
Government CA/serialNumber TeliaSonera T-Systems Enterprise Services GmbH eSign Australia
Deutsche Post World Net C=AT, ST=Austria, L=Vienna, O=Arge Daten Oesterreichische Gesellschaft fuer Datenschutz/[email protected] CEDICAM Belgium Root CA2 BAH Department of Education and Training FNMT-RCM InfoNotary PLC Servicio de Certificacion del Colegio de Registradores (SCR) Certplus KEYNECTIS E-Telbank Sp. z o.o. Belgium Root CA Government CA CERTINOMIS TxC3x9CRKTRUST Bilgi xC4xB0letixC5x9Fim ve BilixC5x9Fim GxC3xBCvenlixC4x9Fi Hizmetleri A.xC5x9E. (c) KasxC4xB1m 2005 GlobalSign
Generalitat Valenciana QuoVadis Limited, Bermuda C=SI, O=ACNLB GlobalSign nv-sa Ford Motor Company - Enterprise CA TxC3x9CRKTRUST Elektronik Sertifika Hizmet SaxC4x9FlayxC4xB1cxC4xB1sxC4xB1, C Thawte, Inc. TxC3x9CRKTRUST Elektronik Sunucu SertifikasxC4xB1 Hizmetleri, C beTRUSTed AURA - Gemini Observatory KIBS AD Skopje QuoVadis Trustlink Schweiz AG
certSIGN Northern Arizona University Mobile Armor Enterprise CA QuoVadis Limited ACE Limited Jabber Software Foundation Nestle Jo Tankers Autoridad de Certificacion Firmaprofesional CIF A62634068/emailAddress StartCom Ltd. Coop Genossenschaft Autoridad de Certificacion Firmaprofesional CIF A62634068 E-ME SSI (RCA) ABB Ltd. Alpha Miami University Migros Disig a.s. ICC-CPI Firmaprofesional S.A. NIF A-62634068 thawte, Inc. E-ME PSI (PCA) BGC-OffSubCA ADMINISTRACION NACIONAL DE CORREOS WISeKey I.CA - Qualified root certificate, O E-ME SI (CA1) Audkenni hf. Ford Motor Company - Enterprise Issuing CA01 DigiNotar B.V. ESG BV An Post Coop Touring Club Suisse (TCS) Giesecke and Devrient Comodo Japan Inc.
C=au, O=SecureNet CA Class B C=au, O=SecureNet CA Root Serasa Etisalat Digicert Sdn. Bhd.
Thawte Consulting ICP-Brasil XRamp Security Services Inc ZF LGPKI C=hk, O=C&W HKT SecureNet CA SGC Root MSFT Thawte Consulting cc agentschap Centraal Informatiepunt Beroepen Gezondheidszorg
C=au, O=SecureNet CA Class A Bechtel Corporation Cybertrust Thawte Consulting (Pty) Ltd. Staat der Nederlanden IPS Certification Authority s.l. ipsCA
InfoCert SpA Certipost s.a./n.v. VeriSign, Inc. Fundacion FESTE CDC KAS BANK N.V. Kas Bank NV Getronics PinkRoccade Nederland B.V. QuoVadis Trustlink BV I.T. Telecom GDT-SubCA-Public Postecom S.p.A. Sun Microsystems Inc Macao Post Telekom-Control-Kommission Digital Signature Trust GDT-EntSubCA-Public Betrusted Japan Co., Ltd. VeriSign Japan K.K. Xcert EZ by DST AffirmTrust U.S. Government Sacred Heart University CA Munich Re Group
Betrusted US Inc Centro Nazionale per l’Informatica nella PA MULTICERT-CA Siemens Issuing CA Class Internet Server V1.0 Unizeto Technologies S.A. VeriSign Trust Network Unizeto Sp. z o.o. American Express Channel Server CA 3 Comodo Limited GTE Corporation Trustwave Holdings, Inc. E-Sign S.A. Microsoft Root Certificate Authority
SwissSign AG TAIWAN-CA.COM Inc. Syncrude Canada Ltd SecureTrust Corporation Ministerie van Defensie Microsoft Corporation
YandexExternalCA Siemens Issuing CA Class STE C=au, O=SecureNet CA SGC Root Hongkong Post Chunghwa Telecom Co., Ltd.
Actalis S.p.A. global FINMECCANICA Microsoft Internet Authority ABA.ECOM, INC. Elektronik Bilgi Guvenligi A.S. xE4xB8xADxE8x8FxAFxE9x9BxBBxE4xBFxA1xE8x82xA1xE4xBBxBDxE6x9Cx89xE9x99x90xE5x85xACxE5x8FxB8 LUPKI01 Marks and Spencer Group plc SignKorea ComSign Advanced Security CA TradeSign Cybertrust Japan Co., Ltd. Sempra Energy
Equifax Secure KISA yessign Autoridad Certificadora del Colegio Nacional de Correduria Publica Mexicana, A.C., O TxC3x9CRKTRUST Elektronik xC4xB0xC5x9Flem Hizmetleri, C TAIWAN-CA DigiCert Inc. GAD eG
Dell Inc. Anthem Inc CrossCert
ANCE Certisign Certificadora Digital Ltda. SAIC KICA Colegio de Registradores de la Propiedad y Mercantiles de EspaxC3xB1a Sociedad Cameral de CertificacixC3xB3n Digital - CerticxC3xA1mara S.A.
Cybertrust Inc adidas AG
SECOM Trust.net KBC Group Thawte I.CA - Standard root certificate, O D-Trust GmbH Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988 IPS Internet publishing Services s.l. SIA S.p.A. SCEE IPS Seguridad CA SCEE - Sistema de CertificaxE7xE3o ElectrxF3nica do Estado
Sonera EBG BilixC5x9Fim Teknolojileri ve Hizmetleri A.xC5x9E. Entidad de Certificacion Digital Abierta Certicamara S.A. National Institute of Informatics Intesa Sanpaolo S.p.A. Cisco Systems
Digital Signature Trust Co. SECOM Trust Systems CO.,LTD. NalcoExternalPolicyCA-1 Secure Business Services, Inc.
Vodafone Group Network Solutions L.L.C. Certicamara S.A. Entidad de Certificacion Deutscher Sparkassen Verlag GmbH Skaitmeninio sertifikavimo centras Japanese Government NetLock Kft. Fuji Xerox Cybertrust, Inc DigiCert Inc NetLock Halozatbiztonsagi Kft. FNMT
ValiCert, Inc. Trusted Secure Certificate Authority Microsec Ltd. Microsoft Root Authority Vaestorekisterikeskus CA Actalis S.p.A./03358520967 Government of Korea
Starfield Technologies, Inc. Servision Inc. Sempra Energy Secure Server CA1 Certeurope IDEACROSS INC. KAGOYA JAPAN Inc. GAD EG
RSA Data Security, Inc. America Online Inc. Wachovia Corporation RSA Security Inc. XiPS Microsoft Secure Server Authority
TaiOne International Ltd. Unicert Brasil Certificadora Positive Software Corporation
MasterCard Worldwide INTEC Communications Inc. The Go Daddy Group, Inc. GLOBE HOSTING CERTIFICATION AUTHORITY
SunGard Availability Services RegisterFly.com, inc.
Earthlink Inc AusCERT
NalcoExternalIssuingCA-1 The USERTRUST Network
SHCRoot Saphety WebSpace-Forum, Thomas Wendt Entrust.net Registry Pro
Network Associates WebSpace-Forum e.K.
RSA Security Inc Accenture Digi-Sign Limited EUNETIC GmbH
O=Mortgage and Settlement Service Trust CA shcica Equifax CENTRAL SECURITY PATROLS CO., LTD.
TC TrustCenter GmbH SCEE - Sistema de CertificaxC3xA7xC3xA3o ElectrxC3xB3nica do Estado AddTrust Sweden AB Telstra Corporation Limited GoDaddy.com, Inc. Intesa Sanpaolo S.p.A. CA Servizi Esterni MindGenies COMODO CA Limited WoSign, Inc.
Firstserver, Inc. DRS-TEM Wotone Communications, Inc. Register.com GANDI SAS
eBiz Networks Ltd SGssl
Comodo CA Limited Configuration, CN OVH SAS
Intel Corporation UGIS S.p.A. TERENA
Google Inc First Data Corporation TDC Internet
Telstra RSS Issuing CA1 Aetna Inc. Entrust, Inc. AddTrust AB
General Electric Company UIS-IntB-CA DigiNotar
NTT DOCOMO, INC. GeoTrust Inc. CNNIC SSL FreeSSL
GeoTrust, Inc. TDC RBC Hosting Center OptimumSSL CA
UIS-IsuB1-CA The Walt Disney Company CA
Jack Henry and Associates, Inc.
Equifax Secure Inc.
GeoTrust Inc
TC TrustCenter for Security in Data Networks GmbH CNNIC
ChainedSSL Nederlandse Orde van Advocaten
The Walt Disney Company Commerce CA
EON
The Walt Disney Company Enterprise CA
Energie-Control GmbH
ARGE DATEN - Austrian Society for Data Protection
ARGE DATEN - Austrian Society for Data Protection and Privacy
e-commerce monitoring GmbH
Wednesday, September 28, 2011 650
Wednesday, September 28, 2011 Wednesday, September 28, 2011 VeriSign?
Wednesday, September 28, 2011 20 --> 2,000,000
Wednesday, September 28, 2011 Wednesday, September 28, 2011 DHS
China
Wednesday, September 28, 2011 DHS China
Wednesday, September 28, 2011 Wednesday, September 28, 2011 What happened to Comodo?
Wednesday, September 28, 2011 nothing
Wednesday, September 28, 2011 What could we have done?
Wednesday, September 28, 2011 ! trust
Wednesday, September 28, 2011 trustdb -= comodo
Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 ideological
Wednesday, September 28, 2011 browser vendors
Wednesday, September 28, 2011 199719981999200020012002 200320042005200620072008200920102011
Wednesday, September 28, 2011 forever
Wednesday, September 28, 2011 trust agility
Wednesday, September 28, 2011 Trust Agility Properties
• A trust decision can be easily revised at any time.
• Individual users can decide where to anchor their trust.
Wednesday, September 28, 2011 Trust Agility Properties
‣ A trust decision can be easily revised at any time.
• Individual users can decide where to anchor their trust.
Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 Trust Agility Properties
• A trust decision can be easily revised at any time.
‣ Individual users can decide where to anchor their trust.
Wednesday, September 28, 2011 VeriSign
Comodo
Wednesday, September 28, 2011 VeriSign Comodo
Wednesday, September 28, 2011 VeriSign Comodo
Wednesday, September 28, 2011 https?
Wednesday, September 28, 2011 Wednesday, September 28, 2011 one decision for everyone?
Wednesday, September 28, 2011 our data, our trust decision
Wednesday, September 28, 2011 Trust Agility Properties
• A trust decision can be easily revised at any time.
‣ Individual users can decide where to anchor their trust.
Wednesday, September 28, 2011 PayPal Authority
User
Wednesday, September 28, 2011 PayPal Authority
User
Wednesday, September 28, 2011 PayPal Authority
User
Wednesday, September 28, 2011 PayPal Authority
User
Wednesday, September 28, 2011 PayPal Authority
User
Wednesday, September 28, 2011 PayPal Authority
Authority
User
Wednesday, September 28, 2011 Baidu DHS
China
User
Wednesday, September 28, 2011 Baidu DHS
NGO
User
Wednesday, September 28, 2011 Trust Agility Properties
★ A trust decision can be easily revised at any time.
★ Individual users can decide where to anchor their trust.
Wednesday, September 28, 2011 DNSSEC
Wednesday, September 28, 2011 SSL Cert --> DNS Record
Wednesday, September 28, 2011 Lookup paypal.com DNS Client Server
Wednesday, September 28, 2011 Lookup paypal.com DNS Client Server
66.211.169.2 && SSL Certificate
Wednesday, September 28, 2011 distributed
Wednesday, September 28, 2011 information --> distributed
Wednesday, September 28, 2011 trust --> centralized
Wednesday, September 28, 2011 DNSSEC == CA System
Wednesday, September 28, 2011 Trust Requirements
• The Registrars. • The TLDs. • The root.
Wednesday, September 28, 2011 Trust Requirements
‣ The Registrars. • The TLDs. • The root.
Wednesday, September 28, 2011 sketchy++
Wednesday, September 28, 2011 GoDaddy
Wednesday, September 28, 2011 Trust Requirements
• The Registrars. ‣ The TLDs. • The root.
Wednesday, September 28, 2011 .com, .net
Wednesday, September 28, 2011 VeriSign
Wednesday, September 28, 2011 .org, .edu
Wednesday, September 28, 2011 ccTLDs
Wednesday, September 28, 2011 .io, .cc, .ly?
Wednesday, September 28, 2011 .ir, .cn?
Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 domain seizures
Wednesday, September 28, 2011 Trust Requirements
• The Registrars. • The TLDs. ‣ The root.
Wednesday, September 28, 2011 ICANN
Wednesday, September 28, 2011 Global --> California 501(c)(3)
Wednesday, September 28, 2011 COICA, PROTECT IP, etc...
Wednesday, September 28, 2011 Trust Requirements
✴ The Registrars. ✴ The TLDs. ✴ The root.
Wednesday, September 28, 2011 < trust agility
Wednesday, September 28, 2011 trustdb -= VeriSign
Wednesday, September 28, 2011 Trust Requirements
✴ The Registrars. ✴ The TLDs. ✴ The root.
Wednesday, September 28, 2011 forever
Wednesday, September 28, 2011 Wednesday, September 28, 2011 Perspectives
Dan Wendlandt, David G. Andersen, Adrian Perrig Carnegie Mellon University
Wednesday, September 28, 2011 Wednesday, September 28, 2011 perspective
Wednesday, September 28, 2011 Basic Premise
Client PayPal
Wednesday, September 28, 2011 Basic Premise
Client PayPal
Wednesday, September 28, 2011 Basic Premise
Authority
Client PayPal
Wednesday, September 28, 2011 Basic Premise
Authority
Client PayPal
Wednesday, September 28, 2011 Basic Premise
Notaries
Client PayPal
Wednesday, September 28, 2011 Basic Premise
N N N N N
Client PayPal
Wednesday, September 28, 2011 Basic Premise
N N
N Client PayPal
N N
Wednesday, September 28, 2011 Basic Premise
N N
Client N PayPal
N N
Wednesday, September 28, 2011 N Basic Premise
N
N
N N
N
Wednesday, September 28, 2011 “perspective” is not new
Wednesday, September 28, 2011 The CA Version Of Perspective
VeriSign
PayPal
Site Admin
Wednesday, September 28, 2011 The CA Version Of Perspective
VeriSign
PayPal
Site Admin
Wednesday, September 28, 2011 The CA Version Of Perspective
VeriSign
PayPal
Site Admin
Wednesday, September 28, 2011 invert
Wednesday, September 28, 2011 user initiated
Wednesday, September 28, 2011 implementation
Wednesday, September 28, 2011 limited
Wednesday, September 28, 2011 self-signed certs
Wednesday, September 28, 2011 Perspectives Challenges
Completeness
Privacy
Responsiveness
Wednesday, September 28, 2011 Perspectives Challenges
Completeness
Privacy
Responsiveness
Wednesday, September 28, 2011 initial connection
Wednesday, September 28, 2011 ! eliminate CAs entirely
Wednesday, September 28, 2011 Perspectives Challenges
Completeness
Privacy
Responsiveness
Wednesday, September 28, 2011 Privacy Problems
Notary
Client PayPal
Wednesday, September 28, 2011 Perspectives Challenges
Completeness
Privacy
Responsiveness
Wednesday, September 28, 2011 notary lag
Wednesday, September 28, 2011 Notary Lag
Notary
Client PayPal
Wednesday, September 28, 2011 Notary Lag
Notary
Client PayPal
Wednesday, September 28, 2011 Notary Lag
Notary
Client PayPal
Wednesday, September 28, 2011 Wednesday, September 28, 2011 • New Protocol
• New Client Implementation
• New Server Implementation
Wednesday, September 28, 2011 Perspectives Challenges
Completeness
Privacy
Responsiveness
Wednesday, September 28, 2011 ! notary lag
Wednesday, September 28, 2011 Responsive: Eliminate Notary Lag
Notary
Client PayPal
Wednesday, September 28, 2011 + privacy
Wednesday, September 28, 2011 1) local caching
Wednesday, September 28, 2011 Local Caching
Notary
Client PayPal
Wednesday, September 28, 2011 Local Caching
Notary
Client PayPal
Local Cache
Wednesday, September 28, 2011 Local Caching
Notary
Client PayPal
Local Cache
Wednesday, September 28, 2011 Notary Bounce
N N N N N
Client
Wednesday, September 28, 2011 Notary Bounce
N N N N
Client
N
Bounce
Wednesday, September 28, 2011 Notary Bounce
N N N N
Client
N
Bounce
Wednesday, September 28, 2011 Notary Bounce
N N N N
Client
N
Bounce
Wednesday, September 28, 2011 Convergence : Firefox
+
Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 Wednesday, September 28, 2011 Convergence: Extensible for the future.
Notary
Wednesday, September 28, 2011 Convergence: Extensible for the future.
Notary
REST Client PayPal
Wednesday, September 28, 2011 Convergence: Extensible for the future.
Notary
REST Client PayPal
Wednesday, September 28, 2011 Convergence: Extensible for the future.
Notary DNSSEC
REST Client PayPal
Wednesday, September 28, 2011 Convergence: Extensible for the future.
Notary CA Signatures
REST Client PayPal
Wednesday, September 28, 2011 Convergence: Extensible for the future.
Notary SSL Observatory
REST Client PayPal
Wednesday, September 28, 2011 Convergence: Extensible for the future.
Notary Google Catalog
REST Client PayPal
Wednesday, September 28, 2011 CA DNSSEC Signatures Multiplicity and Agility SSL Observatory
Perspective N N N N
Client
N
Bounce
Wednesday, September 28, 2011 CA DNSSEC Signatures Collective Trust SSL Observatory
Perspective N N N N Consensus Client
N
Bounce Minority
Wednesday, September 28, 2011 CA DNSSEC Signatures Collective Trust SSL Observatory
Perspective N N N N Consensus Client
N
Bounce Minority
Wednesday, September 28, 2011 CA DNSSEC Signatures Collective Trust SSL Observatory
Perspective N N N N Consensus Client
N
Bounce Minority
Wednesday, September 28, 2011 CA DNSSEC Signatures Collective Trust SSL Observatory
Perspective N N N N Consensus Client
N
Bounce Minority
Wednesday, September 28, 2011 DNSSEC Collective Trust SSL Observatory
Perspective N N N Consensus Client
N
Bounce Minority
Wednesday, September 28, 2011 CA DNSSEC Signatures Collective Trust SSL Observatory
Perspective N N N` N Consensus Client
N
Bounce Minority
Wednesday, September 28, 2011 Other Nice Things
Servers Do Nothing
Wednesday, September 28, 2011 Other Nice Things
!migrate internet
Wednesday, September 28, 2011 Other Nice Things
(1) Implement Convergence in the four major browsers.
(2) Be done.
Wednesday, September 28, 2011 Other Nice Things
no more self-signed certificate warnings
Wednesday, September 28, 2011 problems
Wednesday, September 28, 2011 “citibank problem”
Wednesday, September 28, 2011 Wednesday, September 28, 2011 captive portals
Wednesday, September 28, 2011 http://convergence.io
Wednesday, September 28, 2011 Leave with this:
Who do I have to trust? ...and for how long?
Wednesday, September 28, 2011 A prescribed set of people, forever.
Wednesday, September 28, 2011