[Cryptography] Certificates and PKI
ianG
iang at iang.org
Wed Dec 24 17:35:30 EST 2014
On 23/12/2014 23:24 pm, John Levine wrote:
>>> Is your concern that a registrar is able to modify each of the A, AAAA
>>> and TLSA-records of any entrusted domain? Either voluntarily or coerced?
>>
>> Yes.
>
> That's an entirely reasonable concern, since registrars take down
> something like 10,000 domains a day, and the US government regularly
> takes over domains that they believe are being used for criminal
> activity. (See http://www.myredbook.com/ for an example.)
>
> On the other hand, since anyone who reads the mail at the WHOIS
> contacts for a domain can get a DV certficate anyway, it's not obvious
> that this observation makes things any worse than they really are.
>
> The basic problem, which I expect everyone here understands, is that
> it is expensive to verify that a name belongs to a person or other
> meatspace entity, and nobody wants to pay what it actually costs.
> When I got my first SSL cert 20 years ago, it cost over $100 and I had
> extensive negotiations with Thawte's rep until I faxed her enough
> stuff to persuade her that abuse.net was what I said it was. Now you
> can get the same cert for about $5 and a clickthrough, and within
> rounding error, nobody cares.
Yes, this is what we call PKI's race to the bottom. The way that the
browsers have structured the UI means that all CAs are the same, all
certs are the same, and there is no incentive to quality.
EV was a brief attempt to create a step up in marketing terms but it
failed to step up more than cost wise because EV also was subject to the
same economic flaw. Although some browsers naturally understood what it
would take to make EV work (surprise: Microsoft [0]) the other browsers
declined and the result was again essentially an economics or commodity
one: the race to the bottom.
The end result of this is that we live in a world where DV is
approximately the only solution available to us, which also applies by
nature to the DNSSEC situation. Given that DNSSEC has even less
likelihood of ever seeing a UI for the users, there is little hope of
doing anything else.
Markets are complex and users might be lemmings. But economic rules do
eventually win out -- users won't pay for quality with a commodity product.
iang
[0] I speak of the decision to put or not put the CA on the URL bar as
the actor that made the statement as to whether your current site is
authenticated. See the second image for early ruminations by Microsoft:
http://financialcryptography.com/mt/archives/000602.html
More information about the cryptography
mailing list