TLS is the security layer that is used for HTTPS.
There are two different reasons to use HTTPS over HTTP:
- Secrecy: Only you and the web page you visit know what you are browsing because the packets are encrypted
- Authenticity: You have a guarantee that you are visiting the original web page, and not a fraudulent copy (man-in-the-middle attack)
The first one is not in doubt here, as long as everyone uses long enough strong keys (which is not always the case). Although none of the keys used is perfect, you are the only one responsible for the secrecy of your communications, and by using RSA keys of 4096 bits in your server we can assume that even the No Such Agency (NSA) is unlikely to decrypt it in many decades. If you want mathematically perfect encryption, it exists, although not many need it, and it is impractical for most internet uses. As a reference, though, there are some attempts to use it in internet communications: Jericho Comms.
Of course, 0-day attacks are still a security problem for everyone, and they are caused by bugs in the different software you use in your website, so they are inevitable because your website needs software to run. The NSA usually uses this kind of attacks to penetrate into really secure communications. The best prevention for this security problem is to run as few software as possible with the least number of features you can, and the most stable options for those few software you need. Isolating each service of your web is another good measure to prevent breaches from affecting all your services.
The big problem is instead in the authenticity of the web page. How do you guarantee that the web you are connecting to is not a hacker or the NSA impersonating the web you want? The answer is simple: you canât.
Actual authenticity model
The actual model for HTTPS authenticity is based on the following:
A web page presents a certificate to your browser. That certificate will be signed by another certificate and the private key corresponding to that other certificate, forming a chain until you arrive to the last certificate in the chain, which is only signed by a private key. If the keys used are strong enough, we can consider the signing operation to be valid. However, as the last certificate in the chain is not signed by any certificate, you have no absolute proof of who signed it.
Those certificates are called root certificates, and they are emitted by big companies, most of them US based, called Certificate Authorities (CAs). You usually receive those certificates preinstalled in your web browser or your operating system.
Problem 1
There is a recursive problem in this model: You download the browser from an insecure channel, where an attacker might have added his certificate to the list of trusted certificates (browsers have hundreds or thousands of those, so one more will go unnoticed). Even if you download the browser using HTTPS or another âsecureâ internet channel, it all goes back to some moment in time where you downloaded the certificates or hashes or public keys for all that security.
Problem 2
There are thousands of CAs, and not all of them are equally secure. Given that all of them have the same power, hacking one of them breaks the whole chain of trust up to that point in time. If a hacker hacks into one of those, he has the ability to impersonate any site he wants, and insert its own certificate in your computer before he gets noticed.
Problem 3
These root CA companies are Too Big To Fail. What it means is that so many web sites depend on them on the internet (in some cases more than 10% of the internet), that if they would have to shut down because of a security threat, most of the internet would have to shut down. It would cost millions or even billions. For that reason, although the actual model is based on the fact that if a CA gets compromised, it should be immediately revoked to keep people safe, it is easier for them to keep that in secret so no one notices and they can just continue getting lots of money from their business.
Problem 4
All US based CAs are obliged to give control to the NSA when the NSA asks for it, and they are also obliged to keep it secret. This problem is most important to people like Snowden.
Solution
If you can guarantee that the channel of distribution of a root certificate is authentic (you donât need it to be secret, only authentic), for example if you delivered it in person by hand, you can guarantee that all certificates signed by it will be equally authentic.
Of course, if you deliver a normal self-signed certificate to a friend, you could sign any certificate with it, even one for google.com. That is a problem because you could then impersonate any site in your friends browser. But luckily your friend doesnât need to trust you. Instead, you can give your friend a self-limited certificate which can only certify a specific domain, for example alejandro-colomar.es. That way, his browser will only accept a certificate signed by your root certificate if it is for that domain.
Then your friend, if he needs to be 100% sure that the web page is yours and not a hackerâs copy, he has to disable all full-power not-limited certificates temporarily, and then his browser will show a green lock if and only if the web site is certified by your root certificate.
Problems of this solution
- Itâs impossible to distribute your root certificate by hand to everyone else in the world, so your site will only be 100% authentic (green lock) for those who receive it. For everyone else, your site will show a warning message that the site authenticity cannot be guaranteed. This is not really a problem: that lack of authenticity is already happening, only that you still see a green lock, which gives you a false sense of authenticity.
Usually, authenticity is not really needed: when you visit a web to search for some help about programming, or you want to play a game, or read a book, or listen to music, etc, you donât really care about authenticity.
If you connect to a web, and you donât enter or download some sensitive data, you can still connect without its certificate and still donât care: the worst thing that could happen is a hacker showing you wrong information.
- Implementing a Public Key Infrastructure (PKI) of your own requires a lot of knowledge, a lot of care, and keeping it updated.
Any failure to in implementing that PKI completely secure can undermine all its security, and most likely you wouldnât even notice, which would be an even greater problem.
For that reason, it is likely to take years to implement it right. My objective with the SMR2: Decentralize the internet project is to make it open-source, so that it is possible to anyone to deploy his own PKI and server in a very short time, with little work.
Real threat
Hackers usually do what they do (attacks) either for money, for principles, or just for fun. With that in mind, itâs unlikely that they will attack you personally, so as long as you keep your security in the average or above, you can stay more or less secure.
However, state level organizations, especially from the USA and China, have a lot more resources and motivation than those hackers to attack individuals. They basically collect every communication, even encrypted (especially encrypted), and store it for when they need/can break it.
Of course, all this security on your own is not enough to stop the NSA or China from hacking you as an individual, because they have enough resources to break into almost any single system they want, but if everyone had this level of security, they wouldnât be able to process all that amount of information; massive surveillance would have big trouble.
In the end this is all about freedom of speech, freedom of information & privacy of communications, which are every day in more danger.
Scaling up this solution
If everyone had their own PKI, you wouldnât need to receive that list of official root certificates with your browser. You would just need the certificates of your friends, a certificate from the bank (for your online shopping), the state administration, and a few more high security ones, and you could do most of what you already do right now, and you would do it with even more security than you do now.
If some personâs (or your bankâs) CA would get compromised, they would immediately give you personally the new certificate, because there would be less incentive in not telling you.
State-level censorship and mass surveillance would suddenly shut down, or would have to find a new way to continue.
Big internet companies such as Facebook, Google, Twitter, etc, might face bankruptcy.
For reference, there are a few links about this problem:
- DigiNotar - Wikipedia
- tls - How to trust root CA - Information Security Stack Exchange
- certificate authority - How can we trust a CA? - Information Security Stack Exchange
- tls - How feasible is it for a CA to be hacked? Which default trusted root certificates should I remove? - Information Security Stack Exchange
- tls - What Trusted Root Certification Authorities should I trust? - Information Security Stack Exchange
- 647959 - Add Honest Achmed's root certificate â This one is very funny. You should read it after the rest, and you will understand it. It is a pun to the actual big CAs.