A mighty fortress is our PKI, Part III

Carl Ellison cme at acm.org
Thu Sep 16 07:28:49 EDT 2010 

I, too, would love to get the details, but Peter is right here.

The flaw he reported was in the PKI itself, not in the UI.  If there were a
bulletproof OS with perfect non-confusing UI, once the malware has a valid
signature that traces to a valid certificate, it's the PKI that failed.

As for EV being as meaningless as ordinary certificates, that's the point
Peter is making.  Of course, neither of them certifies the qualities of the
publisher that the end user cares about.  That would be too expensive and
open to liability (therefore, more expensive still).  But, in a verbal shell
game, the CAs make it sound like someone with an expensive certificate is
trustworthy (in the end-user's value system).

-----Original Message-----
From: owner-cryptography at metzdowd.com
[mailto:owner-cryptography at metzdowd.com] On Behalf Of Andy Steingruebl
Sent: Wednesday, September 15, 2010 4:12 PM
To: Peter Gutmann
Cc: cryptography at metzdowd.com
Subject: Re: A mighty fortress is our PKI, Part III

On Wed, Sep 15, 2010 at 8:39 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Some more amusing anecdotes from the world of PKI:

Peter,

Not to be too contrary (though at least a little) - not all of these
are really PKI failures are they?

> - There's malware out there that pokes fake Verisign certificates into the
>  Windows trusted cert store, allowing the malware authors to be their own
>  Verisign.

The malware could just as easily fake the whole UI.  Is it really
PKI's fault that it doesn't defend against malware?  Did even the
grandest supporters ever claim it could/did?

> - CAs have issued certs to cybercrime web sites like
>  https://www.pay-per-install.com (an affiliate program for malware
>  installers), because hey, the Russian mafia's money is as good as anyone
>  else's.

Similarly here - non-EV CAs bind DNS names to a field in a
certificate. No more.  They don't vouch for the business being run,
and in any case any such "audit" would be point in time anyway. I
suppose way back when people "promised" that certs would do this, but
does anyone believe that anymore and have it as an expectation?
Perhaps you're setting the bar a bit high?

BTW - do you have pointers to most of the things you've reported?  I'd
love to get the full sordid details :)

- Andy

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list