A mighty fortress is our PKI

Chris Palmer chris at noncombatant.org
Wed Jul 28 02:38:58 EDT 2010 

Paul Tiemann writes:

> I like the idea of SSL pinning, but could it be improved if statistics
> were kept long-term (how many times I've visited this site and how many
> times it's had certificate X, but today it has certificate Y from a
> different issuer and certificate X wasn't even near its expiration
> date...)

That's along the lines of what EFF and I propose, yes. As I state in the
slides, a key problem is how to smooth over the adaptation problem by
various heuristics. We don't necessarily think that our mechanism is best,
just that it's one of a family of likely approaches.

> Another thought: Maybe this has been thought of before, but what about
> emulating the Sender Policy Framework (SPF) for domains and PKI?  Allow
> each domain to set a DNS TXT record that lists the allowed CA issuers for
> SSL certificates used on that domain.  (Crypto Policy Framework=CPF?)

Even if anyone other than spammers had adopted SPF, we should still be
seeking to reduce cruft, not increase it.

> Thought: Could you even list your own root cert there as an http URL, and
> get Mozilla to give a nicer treatment to your own root certificate in
> limited scope (inserted into some kind of limited-trust cert store, valid
> for your domains only)

Sure, or simply put the cert in the DNS itelf. But, DNS is not secure, so in
doing so we would not actually be solving the secure introduction problem.
Some people think that DNSSEC can fill in here, but it hasn't yet.

> Is there a reason that opportunistic crypto (no cert required) hasn't been
> done for https?

As you can see, I am a firm advocate that we should emulate and improve on
SSH's success. On one of my computers I use the HTTPS Everywhere and
Perspectives plugins for Firefox; the latter renders CAs pretty much moot
and the former gets me "HTTPS by default" at least some of the time. It's a
fine thing.

Remember when we all dropped telnet like a hot potato and migrated to SSH
pretty much overnight? Let's do that again. Browsers should use secure
transport by default in a way that is meaningful to humans and cheap to
deploy.

> Would it give too much confidence to people whose DNS is being spoofed?

I believe it would be a vast improvement in such a scenario. It would be
hard to do worse than the status quo.

> Great slides!  The TOFU/POP is nice, and my favorite concept was to
> translate every error message into a one sentence, easy-to-understand
> statement.

Thank you.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list