CFP: PKI research workshop

Stef Caunter stefan.caunter at senecac.on.ca
Mon Jan 14 13:55:06 EST 2002 

----- Original Message -----
From: "Eric Rescorla" <ekr at rtfm.com>
To: "Stef Caunter" <stefan.caunter at senecac.on.ca>
Cc: <cryptography at wasabisystems.com>; "SPKI Mailing List"
<spki at wasabisystems.com>
Sent: Monday, January 14, 2002 12:44 PM
Subject: Re: CFP: PKI research workshop


> "Stef Caunter" <stefan.caunter at senecac.on.ca> writes:
> > Does a user of ssl services care to know absolutely that they are
> > communicating verifiably with whom they believe they have contacted, or
does
> > the user care to know absolutely that their communication is completely
> > private?
> These are inextricably connected. If you want to know that
> your communications are private in the face of active attack
> you need to know who you're talking to as well.

They may be connected, but save and except in the case of active
man-in-the-middle attack I maintain that ssl's confidentiality, which is
free, is what sells certificates. I use a free Thawte email cert for
confidential communication; my identity is verified through their
notarization system, again free.

>
> > I believe that the latter is most important; transparency through
> > certificate presentation is kept deliberately expensive and is, as has
been
> > noted, often disclaimed by CAs, and is compromisable. It's an artificial
> > system of site security perpetuated by the interests of commercial
browsers.
> How exactly does the difficulty of getting certificates help browser
> manufacturers?

Browsers have CA root trust hard-coded into them. All commerce sites rely on
their use and code with their use in mind.  The commercial browser
manufacturers also sell certificates. It is clearly difficult to engage in
encrypted commerce without a major client browser development kit and a CA
provided cert.  The appearance of ease-of-use with a commercial certificate
and commercial browser implies _greatly_ that thing which is explicitly
_disclaimed_ by these people.


> > Why can't self-verification be promoted? Why can't an nslookup call be
built
> > into certificate presentations?
> What are you talking about? An nslookup call wouldn't help anything.

Why not? A self-generated certificate correlating to an ns and whois record
pointing to an active business with a human to answer inquiries seems
reasonable and no more disclaimable than CA evasiveness.

> The essential problem is establishing that the public key you receive
> over the network actually belongs to the person you think it does.
> In the absence of a prior arrangement, the only way we know how
> to do this is to have that binding vouched for by a third-party.

Yes. Trust can be earned and vouched for by other third parties. Trust
"points" are a commonly used method on the big auction sites. The Thawte Web
of Trust works without the blessing of a financial transaction. I'm
interested; why do we feel we have to point at something we bought to
facilitate ssl transactions? Commercial browser and commercial security
interests often promulgate the anxiety they claim to alleviate.

SC
>
>
> -Ekr
>
> --
> [Eric Rescorla                                   ekr at rtfm.com]
>                 http://www.rtfm.com/
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com
>




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list