Lightning talk presented at #30C3 - - 2013-12-29

Hello, I'm KaiE, I work on the Mozilla NSS security library.

Most Web and Internet users rely on the security of SSL/TLS in one way or the other. Major Internet client software like browsers are built to make it practical to immediately get a base level of security without requiring user action or configuration. You visit a web site or connect to a TLS server, and the software makes a decision whether the connection is secure or not, by performing a verification of the certificate presented by the server. This simplicity for the user is achieved by using trusted third parties and granting them the right to confirm that a server's key belongs to the owner of a domain or an organization. The trusted third parties are called Certificate Authorities (CA). Browsers and other software ship with a list of CAs that are trusted by default.

The problem is, a CA could be hacked (for example: DigiNotar), or their powers could be abused secretly for targeted attacks (that's speculation).

That means, each CA could be seen as a potential global point of failure, because as of today, nearly all CAs are allowed to make trust assertions for any domain.

That's why some people claim that TLS is broken, but nevertheless, it's still being used all the time and most Internet users must rely on it.

We are still waiting for a good solution to solve the problem that each CA is a potential point of failure.

Instead of relying on only one trust assertion (the certificate from a CA), we need a way to get one or more additional opinions, whether a given certificate looks like the correct one.

Several other projects have already attempted to help solve this issue (examples are Convergence, Perspectives, DropBear, Certificate Transparency, MECAI, etc.), but none of them is widely deployed yet, that's why we must continue to search for a solution that might be sufficiently practical to work for everyone, or at least the majority.

Here is another design to solve the problem, which I called DetecTor.

It reuses the idea to use notaries, that probe a TLS server from multiple perspectives. It attempts to compare the server's key that we obtain when connecting to it using a direct route, with the server's key obtained when connecting from different places in the network.

However, because I want to avoid having to trust someone else, I propose that we create software, that allows everyone to be their own notary.

This requires that you are able to connect to servers from multiple different locations on the Internet. Most users don't have that ability easily. However, there's a trick.

We can use the Tor network (see We don't use the anonymizing feature of the Tor network. The idea is to use it as a proxy, so we can connect on our own to the destination server, from multiple places in the world, and check for consistency. If we see consistency, we continue to connect, if there's inconsistency, we block the connection and return an error to the application level code.

The idea of the project is to create general purpose library code, that can be integrated into any Internet client software.

There's one attack scenario that is difficult to detect by the client, if the attacker is physically in front of the target, because then all connections can be hijacked, even the connections going through the Tor network used for probing. In order to solve this scenario, too, it is necessary that administrators of web sites take action. I want to encourage each operator of a TLS server to monitor their own server, by connecting through the Tor network from multiple locations, and check for unexpected keys. I've started to work on monitoring software for this purpose, and you can already download a beta version from the project page at

If you want to help with this project, please contact me or come to the workshop.

At 3 pm today, immediately after this talk, there will be a 30 minutes workshop in Hall F. I will present the design in more detail, I will explain the proposed implementation strategy, and I'm looking for people to help. If you are interested, or if you'd like to hear more details, please join.

For those of you who are watching on the stream and cannot join the workshop, I've published the slides that I'll use during the workshop on the project website.