From iang@systemics.com
Subject Dr. Self-signed or How CAs Learned to Stop Worrying and Love the Cert
Date Tue, March 30, 2004 12:59
To mozilla-crypto@mozilla.org


Duane wrote:
> Nope I'm not proposing self-signed, that was Ian.



Guilty as charged!

In time, however, I fully expect all CAs to
promote self-signed certs, as aggressively I
do.

One day, Certificate Authorities ("CAs") will
defend our right to use self-signed certs, and
deny ever having said anything to the contrary.
It will be the thought crime of the age to think
in any other terms, a failure of your patriotic
duty, the denial of purity and essence of our
natural ...  yadda yadda....



But, today, it's a different world.  Most CAs,
today, think that a self-signed cert is bad, as,
in their minds, it reduces their possibilities
of selling another cert.

Which has gotta be bad, right?

Er, no!

Apologies in advance, but that couldn't be more
wrong.

Big CAs have as much understanding of marketing as
children do of the tooth fairy.  That's why they
labelled the self-signed cert as "snake oil,"
they were thinking in terms of monsters in the
closet and other gremlins in the dark, bogeymen
their bigger badder siblings had told them about,
and stories of slippery slimy things they were
going to pass on to their smaller siblings.

But, that's not marketing, and not the market,
that's simply what they've been told to believe.

   A story about selling:  Two salesman went to
   Africa in the 19th century to sell shoes.

   The first one saw that everyone walked barefoot.
   He booked passage back the next day, totally
   despondent, muttering to himself, "I can't sell
   shoes in Africa, nobody wears them." :-(

   The second salesman saw all these unshod people,
   and cabled back on the newfangled wire service
   "hurry, send shoes, *nobody* wears them, the
   market is wide open, it's HUGE..." :-)

The second guy knew what a market was.

My prediction is this: when the browsers stop
worrying and learn to love the increased security
of a self-signed cert, and when servers start
automagically bootstraping with self-signed
certs, then CAs will double their sales of certs.

If it's not double, it'll be triple.  Or more.



It works this way.  Currently, it is really
hard to sell certs, the problem being that
sales come to the CA, not the other way around.
One is stuck with pretty poor marketing tools
like banner ads and brand name (and even they
don't work because of the commoditisation of
the product that was created by the by the
"one size fits all" rule) and relying on rules
and regs and cartels.

However, if servers automatically installed
with SSL (up and running, self-signed cert
enabled, such that https://myfunsite.com/
worked immediataly) and, users could browse
(sans warnings, but with congratulations on
their choice of fine crypto), then, several
things would happen:

Firstly, CAs would now be able to see who was
using certs and thus who cared.  I.e., what
sites care enough to actually promote and use
their easy crypto install, and what sites just
let it lie fallow.

That is, they would now be able to CONVERT sites
from self-signed over to CA-signed.  Conversion
is an active selling process and is much more
successful than advertising.

Recall the phrase, "shares are sold, not bought!"

Secondly, the CA would be able to upgrade the
existing certificate - the self-signed one -
based on net-only DD (due diligence) in advance
of any sale.

That is, take the self-signed one and replace
its sig with the CA sig (sadly, x.509 doesn't
support multiple sigs like OpenPGP, it's pretty
useless rubbish, really, but it's the useless
rubbish that we have to deal with.)

Oh, and do some quick DD:  check out the whois,
check out the web site, check out a few other
things (isn't competition wonderful...).

A lot of this could be automated, and thus done
for a very low price.  A CA-signed cert written
at this lowest grade could then be presented and
sold to the site.  $10 or so, who knows, maybe
even free under some circumstances.  Digital
signatures are cheap, after all.

Thirdly, the act of upgrading to a CA-signed
cert would be immeasurably simpler - it would
become a drop-in replacement of a single file
and a restart, rather than having to set up all
this Apache SSL config blah blah and trying to
sort out all the whole cert DD and access and
so forth nonsense that drives people spare with
the number of little steps that can muck up.



Each of these factors has the capacity to DOUBLE
the market for CA-certs.  Says I!

Why does this work?  Simple.  Right now and here,
there is a binary market.  You either do or you
don't.  To encrypt or share, to SSL or not.
There is no in between, no halfway house.  No
compromise, no room to manouvre.

Marketeers know that this is the very model of a
primitive, undeveloped, near-worthless market,
with only a tiny number of "do's" because the
barrier is too high.

Check the stats.  It's about 1% of the market,
less or more, depending on how you count them.
E.g., totally wide open, untapped, unless you
are like our first shoe salesman, already on
the boat heading home.

However, if we can turn the cliff of DON'T to
DO, into a number of smaller jumps, a climb
up a hill, as it were, this would enable people
to move up and down the slope more efficiently.
Which encourages more people to enter into the
market, and raises the size, and makes for more
security.

(A bit like selling thongs or flip flops to
people who've never worn shoes, this year, and
sandals next year, leather shoes the year after,
and high tech trainers with air cushions and
flashing leds the next year...)

A mature market doesn't overwhelm the customer,
it leads him or her along.  We would be creating
a market for certificates that would travel like
this:


  NONE -> self -> auto -> minimal -> MAXIMAL


The step from one gradation to the next is
much much smaller, and thus cheaper and easier
on the thought process of our currently unshod
masses.  Five small steps replace one huge leap
(and any number of additional steps could be
added to smooth out the slope in future years).

More sites would find the first step easy, and
as they grow in size and value, they would be
encouraged to spend the little needed to go up
the next step.  They could walk as high as they
wanted, at their own pace, instead of being
daunted by the size of the cliff.

There's no real reason why a premium CA
couldn't sell a real DD package that cost
tens of thousands, capped off by a solid
platinum grade cert - unless that reason
is a cliff that shrinks the size of the
market to next to nothing.



In marketing terms, this concept is known as
"discrimination" (nothing to do with other
uses of the word).  The user is more finely
discriminated as to their needs and their
desires to pay.  Consumer advocates would
call this "consumer choice."  (If we were
to ask economists, they would refer to the
"consumer surplus," but I'd really advise
caution when letting any econowhatsits into
the market process.)

It's all well known stuff.  Anyone who's done
marketing would know this, it's standard in
b-school and sales class.  Question is, how
to tell the CAs this?  And then stand out of
the way as the stampede to snap up all the
available self-signed certs...


iang



PS:  so, what does all this do to security,
especially, of the users?

It increases it immensely.  I'd say that this
could multiply by 10-fold the number of sites
doing crypto, using self-signed and auto-signed
certs.  It could result in almost all sites
that need crypto using it, instead of the hit
and miss "merchant" approach we have now.

For the CIP (critical infrastructure protection)
people, this would be a godsend, as the one thing
that without a doubt helps net protection is
crypto (authenticated or not, and plenty of it)
and what's even more wonderful is that this could
be done at almost no cost!

PPS: this month's stats on just how wide open
the market is, are at:
http://www.securityspace.com/s_survey/sdata/200402/certca.html
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto