EU plans to mandate less secure certificates in browsers

83

Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news
surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest
developments in this space. Received monthly by more than 50,000 subscribers.
Maintained by Hanno Böck.

A planned EU regulation about so-called Qualified Website Authentication Certificates (QWACs) is causing concerns among security researchers and browser vendors. The QWACs concept has existed for several years, but has not gained much traction.

Today most certificates are so-called Domain Validation (DV) certificates and bind the identity of a host name—like www.google.com—to a cryptographic key. The idea of QWACs is to have further information—most notably, a company name—in a certificate.

QWACs share a very similar concept with Extended Validation (EV) certificates. As most of our readers probably know, in the past, browser vendors used to display a green bar containing a company name in front of a URL for a site using an EV certificate.

But in 2019, the major browser vendors decided to no longer show the green bar and thus no longer give EV certificates any special treatment in the user interface. This was the result of intense discussions around the value of EVs. Most notably, the notion of EV certificates providing any higher security assurance relies on the expectation that users will notice the green bar and will not, for example, enter their credentials on a web page that does not show it. But it has been shown that users usually don’t notice that difference. A research paper published at the 2019 USENIX conference based on user experiments came to the following conclusion: “We find that most metrics of user behavior are unaffected by its removal, providing evidence that the EV indicator adds little value in its current form.”

Further evidence of the limited usefulness of EV indicators came from natural experiments; that is, major sites like Facebook and Twitter have sometimes used EV certificates, and then stopped using them. The change was not widely noted by users, indicating that the idea that EV certificates can prevent phishing does not seem plausible. Some security professionals went as far as arguing that EV certificates provide less security, as their issuance cannot be automated.

Another point of criticism was that people often don’t know the company names of the services they interact with and that company names are not unique. The latter was demonstrated by Ian Carroll, who was able to register an EV certificate for Stripe—but not for the well-known payment provider. It was simply for another company by the same name that he registered himself.

Despite all this controversy around EV certificates, the planned EU regulation, which is an update of the European Identity Framework, could impose requirements on browsers to give QWACs special treatment very similar to EV certificates. Thus the first major point of criticism is that QWACs are simply trying to revive a concept that was widely considered flawed and obsolete by the TLS community. Scott Helme discusses that point in detail in a blog post.

But there is an even more concerning aspect of the QWACs proposal: the certificate authorities that would issue these certificates would be decided by the EU member states, and browsers would be forced to accept those, even if they don’t comply with existing security rules. The EU keeps a list of Trust Service Providers (TSPs) that are eligible for QWACs.

Mozilla writes in a position paper that “the security practices for TSPs that issue QWACs are tangibly weaker than Mozilla’s own Root Program policies.” In 2019, Mozilla had already provided a list of concerns and incidents tied to the security vetting of these Trust Service Providers.

One very concrete example makes it clear that this is not merely a theoretical concern. In early 2021, browser vendors decided to distrust the certificate authority Camerfirma. This happened after a long list of violations by this certificate authority of existing rules. Mozilla documented these violations from 2017 to 2021 in a list that contains 26 incidents. Notably, some of these violations happened when Camerfirma already knew that browsers were concerned about its security practices. Yet to this day, Camerfirma is listed as a TSP by the EU for QWACs.

Thus, if implemented, these plans could mean that browsers would be forced to give special treatment to TLS certificates that have been issued by entities held to a lower standard than the other certificate authorities.

We asked the European Commission’s press office for a comment about these concerns, but the office hasn’t replied as of the publication of this newsletter.

Subscribe to the Bulletproof TLS Newsletter


This subscription is just for the newsletter; we won’t send you anything else.

Short news

Interesting Jobs

Here are some interesting jobs we’ve come across in the last month:

If you know of similar jobs that our readers might be interested in, for example cryptography,
TLS, or PKI, let us know and we may add them to future newsletters.

Read More

Vanic
WRITTEN BY

Vanic

β€œSimplicity, patience, compassion.
These three are your greatest treasures.
Simple in actions and thoughts, you return to the source of being.
Patient with both friends and enemies,
you accord with the way things are.
Compassionate toward yourself,
you reconcile all beings in the world.”
― Lao Tzu, Tao Te Ching