A mighty fortress is our PKI, Part II

Nicolas Williams Nicolas.Williams at oracle.com
Wed Jul 28 08:44:04 EDT 2010 

On Wed, Jul 28, 2010 at 01:21:33PM +0100, Ben Laurie wrote:
> On 28/07/2010 13:18, Peter Gutmann wrote:
> > Ben Laurie <ben at links.org> writes:
> > 
> >> I find your response strange. You ask how we might fix the problems, then you 
> >> respond that since the world doesn't work that way right now, the fixes won't 
> >> work. Is this just an exercise in one-upmanship? You know more ways the world 
> >> is broken than I do?
> > 
> >                                                               [...].  I'm 
> > after effective practical solutions, not just "a solution exists, QED" 
> > solutions.
> 
> The core problem appears to be a lack of will to fix the problems, not a
> lack of feasible technical solutions.
> 
> I don't know why it should help that we find different solutions for the
> world to ignore?

Solutions at higher layers might have a better chance of getting
deployed.  No, I'm not suggesting that we replace TLS and HTTPS with
application-layer crypto over HTTP, not entirely anyways.  I am
suggesting that we use what little TLS does give us in ways that don't
require changing TLS much or at all.

Application-layer authentication with tls-server-end-point channel
bindings seems like a feasible candidate.  This too would require
changes on clients and servers, which makes it not-that-likely to get
implemented and deployed, but not changes at the TLS layer (other than
an API by which to extract a TLS connection's server cert).  It could be
deployed incrementally such that users who can use it get better
security.  Then if the market gives a damn about security, it might get
closer to fully deployed in our lifetimes.

The assumption here is that improvements at the TLS and PKI layers occur
with enormous latency.  If this were true at all layers then we could
just give up, or aim to fix not just today's problems, but tomorrow's, a
decade or three from now (ha).  It'd be nice if that assumption were not
true at all.

Nico
-- 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list