back to article CloudFlare ditches private SSL keys for better security

CloudFlare has announced the outcome of what it says is two years' work – switching on Keyless SSL – which lets customers encrypt their web traffic via the company's services without having to hand over their private SSL keys. In this blog post announcing the service, cofounder and CEO Matthew Prince explains that “the only …

  1. herman

    Uhmmmm.... did he really say OpenSSL?

  2. T. F. M. Reader

    "key server under the customer's control"

    It looks genuinely interesting. While GCHQ/NSA/etc. may have a much easier time hacking the customer's key server and stealing the private keys they'd have to do it individually for each customer, I assume.

    Don't see how it mitigates MITM though, but maybe I am missing something - I only skimmed the "technical details" blog.

    1. T. F. M. Reader

      Re: "key server under the customer's control"

      [replying to my own post - bad form, I know...]

      Maybe crooks who don't need the NSA kind of scale will feel a tad happier though?

      1. billse10

        Re: "key server under the customer's control"

        [replying to my own post - bad form, I know...] - making a valid point though :-)

        I'd say to an extent it puts some things where they belong; security of customer data should at least in part be the responsibility of the customer.

    2. Anonymous Coward
      Anonymous Coward

      It doesn't avoid an MITM attack because it is essentially a MITM attack. It's using one the vectors employed in attacks on SSL as a feature- which completely undermines the entire point of the product. Says a lot to me about how Cloudflare view Security- it's completely secondary to Marketing.

      1. Anonymous Coward
        Anonymous Coward

        Cloudflare ends up with a strong influence on standards and a vested interest in maintaining the broken status quo. As opposed to closing that MITM loophole, completely separating authentication from encryption, and writing the bloody CAs out of the picture. Fucking beautiful.

        Nice to see some scepticism over here!

        1. Arbiter

          I agree wholeheartedly. It offends me profoundly that a private American corporation should vouch for sovereign powers. If anyone is a CA it ought to be the duly elected government of that nation. Not having CAs would be even better.

  3. Anonymous Coward
    Anonymous Coward

    Two points

    First, in no way do banks have the highest standards of SSL security. According to Calomel SSL Validation, the banking sites I use normally rate somewhere around broken or barely adequate. They are way behind even Google on this. What banks do have is regulation, but in this matter it's purely theatre.

    Second, if I understand CloudFlare's system correctly, the bank basically passes CloudFlare the session key once it's been negotiated. That doesn't strike me as secure at all. How long will it take for a TLA to tap into that juicy little MITM system? ...and that's even before you consider hacking the connection to the bank to dupe it into sending the key to the wrong person.

  4. Graham Marsden
    Big Brother

    Well obviously...

    ... now everyone involved in this should be arrested for Assisting Terrerism...

  5. Franklin
    Mushroom

    Ironic to see this article posted on El Reg's home page so close to an article about the Home Depot hack, considering the credit cards swiped from Home Depot are now being sold on a carder site served up by Cloudflare (who have so far ignored several abuse reports on the matter).

  6. Philip Mather

    More secure for who exactly?

    Strikes me that this appears to absolve CF (now a literal MITM as pointed out) of maintaining private key security which is a good thing for them and also for the "server" to some extent I guess but this leaves two issues...

    1) All of the most important traffic between the "client" and the "server" is now concentrated over a far smaller route being that it's now bottle-necked into the MITM (CF). I understand it's not the encrypted content being sent back to the customer's key server, just the "twice" encrypted and then "once" encrypted (on it's return to CF) pre-master secret but that is the "effective" security of the content. Tell me more about this "encrypted channel" between MITM/CF and "server"? Is the "client's" ID/IP transmitted over the same channel? Cloud flare do DNS as well don't they?

    2) It always struck me that any architect/engineer with a clue, aware that they were handing over a private key to a third party, carefully considered the security of the MITM/CDN, the importance and sensitivity of the data involved and then segregated it from anything that was unique or otherwise un-cachable (i.e. important stuff). I can see that this would "incline" (?) people to just let CF handle everything and proceed not to think to hard about it.

    Not entirely sure about this. It doesn't seem to benefit the end-customer/client at all and doesn't really offer the provider/server much real benefit (rather just shifts some risk about or trades it off from one place to another). The only clear winner here seems to be CF? Is this product cheaper than a "traditional" CDN, I mean they seem to be off-loading the risk of holding a private key? It must increase the network traffic for the "server"? Am I missing something? I dunno.

  7. Jonbays

    CF are really only trying to avoid any legal liability in having to manage and secure keys which is not beyond them just costs money they don't want to spend. Few clients will be helped by this move to "secure" them form NSA prying which for most people is the least of your worries.

  8. OsamaBinLogin

    what's wrong with this picture

    yeah, i was asking myself, what's wrong with this picture. Secret Keys are meant to be secret. private. On your machine only (or whomever). Anybody or anything else holding them defeats the whole purpose. You've basically outsourced your identity; the secret key now guarantees only that it's from your account on cloudflare. (Or whomever cloudflare outsourced to.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like