CFP: PKI research workshop

Eric Rescorla ekr at rtfm.com
Mon Jan 14 16:59:21 EST 2002 

"Stef Caunter" <stefan.caunter at senecac.on.ca> writes:
> 
> > "Stef Caunter" <stefan.caunter at senecac.on.ca> writes:
> > > Does a user of ssl services care to know absolutely that they are
> > > communicating verifiably with whom they believe they have contacted, or
> does
> > > the user care to know absolutely that their communication is completely
> > > private?
> > These are inextricably connected. If you want to know that
> > your communications are private in the face of active attack
> > you need to know who you're talking to as well.
> 
> They may be connected, but save and except in the case of active
> man-in-the-middle attack I maintain that ssl's confidentiality, which is
> free, is what sells certificates. 
This is confused. What sells certificates is "security". Users
aren't sophisticated enough to understand the difference between
confidentiality and authentication, but they've been told by
the browser manufacturers (rightly) that in order to have security
they need to have certificates.

Saying that SSL without certificates is fine as long as you
don't have active attacks is kind of like saying that leaving
your front door open is fine as long as noone tries to break
in.

> I use a free Thawte email cert for
> confidential communication; my identity is verified through their
> notarization system, again free.
This is essentially the PGP model. It doesn't really work acceptably
for large scale e-commerce.

> > > I believe that the latter is most important; transparency through
> > > certificate presentation is kept deliberately expensive and is, as has
> been
> > > noted, often disclaimed by CAs, and is compromisable. It's an artificial
> > > system of site security perpetuated by the interests of commercial
> browsers.
> > How exactly does the difficulty of getting certificates help browser
> > manufacturers?
> 
> Browsers have CA root trust hard-coded into them. All commerce sites rely on
> their use and code with their use in mind.  The commercial browser
> manufacturers also sell certificates.
Since when? As far as I know, Microsoft and Netscape just send you
to VeriSign.

> It is clearly difficult to engage in
> encrypted commerce without a major client browser development kit and a CA
> provided cert.
It certainly isn't true that you need a "major client browser development
kit" to engage in e-commerce. You can do just fine with ApacheSSL or
mod_ssl. You do generally need a certificate.
     
> > > Why can't self-verification be promoted? Why can't an nslookup call be
> built
> > > into certificate presentations?
> > What are you talking about? An nslookup call wouldn't help anything.
> 
> Why not? A self-generated certificate correlating to an ns and whois record
> pointing to an active business with a human to answer inquiries seems
> reasonable and no more disclaimable than CA evasiveness.
Both DNS and whois can be spoofed by an active attacker.

-Ekr

-- 
[Eric Rescorla                                   ekr at rtfm.com]
                http://www.rtfm.com/



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list