[Cryptography] Certificates and PKI

ianG iang at iang.org
Wed Dec 24 17:35:30 EST 2014 

On 23/12/2014 23:24 pm, John Levine wrote:
>>> Is your concern that a registrar is able to modify each of the A, AAAA
>>> and TLSA-records of any entrusted domain? Either voluntarily or coerced?
>>
>> Yes.
>
> That's an entirely reasonable concern, since registrars take down
> something like 10,000 domains a day, and the US government regularly
> takes over domains that they believe are being used for criminal
> activity.  (See http://www.myredbook.com/ for an example.)
>
> On the other hand, since anyone who reads the mail at the WHOIS
> contacts for a domain can get a DV certficate anyway, it's not obvious
> that this observation makes things any worse than they really are.
>
> The basic problem, which I expect everyone here understands, is that
> it is expensive to verify that a name belongs to a person or other
> meatspace entity, and nobody wants to pay what it actually costs.
> When I got my first SSL cert 20 years ago, it cost over $100 and I had
> extensive negotiations with Thawte's rep until I faxed her enough
> stuff to persuade her that abuse.net was what I said it was.  Now you
> can get the same cert for about $5 and a clickthrough, and within
> rounding error, nobody cares.


Yes, this is what we call PKI's race to the bottom.  The way that the 
browsers have structured the UI means that all CAs are the same, all 
certs are the same, and there is no incentive to quality.

EV was a brief attempt to create a step up in marketing terms but it 
failed to step up more than cost wise because EV also was subject to the 
same economic flaw.  Although some browsers naturally understood what it 
would take to make EV work (surprise:  Microsoft [0]) the other browsers 
declined and the result was again essentially an economics or commodity 
one:  the race to the bottom.

The end result of this is that we live in a world where DV is 
approximately the only solution available to us, which also applies by 
nature to the DNSSEC situation.  Given that DNSSEC has even less 
likelihood of ever seeing a UI for the users, there is little hope of 
doing anything else.

Markets are complex and users might be lemmings.  But economic rules do 
eventually win out -- users won't pay for quality with a commodity product.



iang



[0] I speak of the decision to put or not put the CA on the URL bar as 
the actor that made the statement as to whether your current site is 
authenticated.  See the second image for early ruminations by Microsoft:

http://financialcryptography.com/mt/archives/000602.html

More information about the cryptography mailing list