If you ask me, the biggest problem is that we've acclimated the whole user population of the Internet to ignorance and a cavalier attitude towards security. Companies like Comodo "get away" with stuff like this because people see certificates as a nuisance --- they're a pain to request, a pain to install, and they make browsers complain.
The fact is that SSL simply doesn't work without the PKI component. The PKI component is most of the actual security in SSL. But because technical people get away with saying "even if you're not authenticated, you're at least encrypted", it isn't the end of the world when Comodo (or RapidSSL) screws up.
As for "what kind of contract do you need to sign", what you need to do is convince Microsoft and Mozilla to add you to their root CA store; both organizations have standards and practices, and both incur an audit, and neither are particularly inclined to add more CA's (there's a bit of grandfathering that appears to happen here).
A bit of an aside, but it used to be damn near impossible to get a root cert in IE (think mid to late '90s). I would love to know how Thawte managed the hat truck of getting approved so long ago when it was clear the big boys wouldn't let anyone else in.
Shuttleworth deserves credit for creating a good company; lots of hard work, for sure. But it couldn't have happened without getting approved my Microsoft. How a young man from Cape Town pulled this off seems to be an untold part of his success story.
Thawte is apparently one of the fuckups in the Sotirov et al report from this morning. Paul Kocher, one of the designers of SSL3/TLS, told the NYTimes that he was astonished that anyone would rely on MD5 in 2008; is it possible that nobody at Thawte really understands how SSL and x509 works? If so, is it really an industry success story that they got included with IE?
Thawte is unfortunately not the same company anymore. It doesn't surprise me a bit that Verisign let it degrade.
Thawte _was_ a success story for its time. When Shuttleworth created it he severely undercut prices which is why Verisign had to buy them since he was quickly working up the food chain. After Verisign bought them, they carefully controlled the product offering to keep it the low-price step-child that it is today.
I have used Thawte a few times but the last few years I have been dissatisfied. Do you have any recommendations? I would like to give my business to someone other than Verisign if possible.
"But because technical people get away with saying "even if you're not authenticated, you're at least encrypted", it isn't the end of the world when Comodo (or RapidSSL) screws up."
Speaking for myself, the causality flows in the other direction. Because there will always be somebody like Comodo who will issue certs with insufficient verification (Comodo being an extreme but there's been a long history of merely insufficient verification; ISTR a lot of "fax me a letter on official letterhead", which is just total BS), the PKI component of SSL, being basically a binary yes/no system, is fundamentally flawed. Market forces compel a race to the bottom in this situation and there's just no way around it. (Not even moving it to a government function; nobody is immune to having money waved under their nose.) So all you get from SSL is encryption, not authentication. Whether you like it or not.
If you really insist on the dichotomy of "SSL provides either perfect security or no security", then the answer is, it provides no security, because it is impossible to use it properly.* The legitimate owner can do everything right and still get CA-rooted with non-zero (and significant-in-practice) probability.
If that's a problem, get designing and implementing.
* Or, even more precisely, the only proper use is to use a separate communications channel with the website to verify the key they are sending out, regardless of who putatively signed the cert. And this use is a myth in the general case, because I can't imagine more than the barest fraction of SSL sites have ever gotten this query and I bet the majority of organizations would either have no idea what to tell you since you can't talk to the guy who knows (if any), or would even think you were a hacker or something trying to get something from them you shouldn't.
Everything you put in the footnote there? That's how SSL actually works. Your computer shipped with a browser (a seperate communications channel) with trusted anchor keys.
No. I'm saying, the trusted anchor keys aren't trusted. You think they're trusted, but they aren't. The trust necessary for SSL to be truly secure can't exist in the real world. If you're not checking the site's key directly with no reference to the trusted keys, you don't have "security".
If you ask me, the biggest problem is that we've acclimated the whole user population of the Internet to ignorance and a cavalier attitude towards security. Companies like Comodo "get away" with stuff like this because people see certificates as a nuisance --- they're a pain to request, a pain to install, and they make browsers complain.
The fact is that SSL simply doesn't work without the PKI component. The PKI component is most of the actual security in SSL. But because technical people get away with saying "even if you're not authenticated, you're at least encrypted", it isn't the end of the world when Comodo (or RapidSSL) screws up.
As for "what kind of contract do you need to sign", what you need to do is convince Microsoft and Mozilla to add you to their root CA store; both organizations have standards and practices, and both incur an audit, and neither are particularly inclined to add more CA's (there's a bit of grandfathering that appears to happen here).