No authentication is free of risk
Interesting news bits. Not many people realize what is a root certificate or what does it do on a day to day basis. Think of a root certificate as the master key to unlock all the bank safe in the world. That effectively is what happening when Trustwave a trusted Certificate provider on major browser platform decided to profit off the certificate that enables a company claims to be only using it for the purpose of ear dropping on their own employee.
Wasn’t that long ago when I had to remove the digiNotar from my trusted list of certificate provider from all of my browsers. Not long after that I have to remove the trust from “Trustwave”.
This news was interesting to me because many methods of exchange for authentication token is based on trust of certificate. The lack of trust of secure communication implies a broken exchange of authentication model going from Certificate authentication to SAML assertion exchange. How do service provider today validate against the rogue certificate provider? How would anyone know if any other certificate provider has been compromised either willingly or unwillingly.
It wasn’t that long ago when the world is trying to gravitate toward certificate authentication scheme as a mean to move away from password authentication. Then an incident like this comes out severely break the chain of trust using certificate authentication. How many enterprise has implemented some type of certificate authentication and what would it cost for them to update the trusted certificate store.
As an observation, while the security industry is pushing towards for more advanced authentication, each new method of authentication not only creates more identity silos and breaks business process around the use of these advanced authentications. Few years ago I looked at the requirement for advanced credential management platform, where at that time I did not see anyone come out with the capability to manage different forms of authentications in a consistent approach.
How would you update the credential stores? How about reset the password on the certificate store? How about encrypting the hard drive that storing the certificate store? What if you lost the encryption on the hard drive, how would you recover the encryption key? How do you manage the administrator access to the certificate store? Who is tracking the privileged user access to these credential stores?
Having yet another stronger authentication without address these processes first only incurs more problem downstream with more integration scripting, cost to maintain, and audit nightmares.