A mighty fortress is our PKI, Part II

Steven Bellovin smb at cs.columbia.edu
Wed Jul 28 08:48:14 EDT 2010 

On Jul 28, 2010, at 8:21 33AM, Ben Laurie wrote:

> On 28/07/2010 13:18, Peter Gutmann wrote:
>> Ben Laurie <ben at links.org> writes:
>> 
>>> I find your response strange. You ask how we might fix the problems, then you 
>>> respond that since the world doesn't work that way right now, the fixes won't 
>>> work. Is this just an exercise in one-upmanship? You know more ways the world 
>>> is broken than I do?
>> 
>> It's not just that the world doesn't work that way now, it's quite likely that 
>> it'll never work that way (for the case of PKI/revocations mentioned in the 
>> message, not the original SNI).  We've been waiting for between 20 and 30 
>> years (depending on what you define as the start date) for PKI to start 
>> working, and your reponse seems to indicate that we should wait even harder.  
>> If I look at the mechanisms we've got now, I can identify that commercial PKI 
>> isn't helping, and revocations aren't helping, and work around that.  I'm 
>> after effective practical solutions, not just "a solution exists, QED" 
>> solutions.
> 
> The core problem appears to be a lack of will to fix the problems, not a
> lack of feasible technical solutions.
> 
> I don't know why it should help that we find different solutions for the
> world to ignore?

There seem to be at least three different questions here: bad code (i.e., that Windows doesn't check the revocation status properly), the UI issue, and the conceptual question of what should replace the current PKI+{CRL,OCSP} model.  For the last issue, I'd note that using pki instead of PKI (i.e., many different per-realm roots, authorization certificates rather than identity certificates, etc.) doesn't help: Realtek et al. still have no better way or better incentive to revoke their own widely-used keys.

		--Steve Bellovin, http://www.cs.columbia.edu/~smb





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list