A mighty fortress is our PKI, Part II
Perry E. Metzger
perry at piermont.com
Wed Jul 28 12:37:01 EDT 2010
On Wed, 28 Jul 2010 11:23:16 -0500 Nicolas Williams
<Nicolas.Williams at oracle.com> wrote:
> On Wed, Jul 28, 2010 at 11:20:51AM -0500, Nicolas Williams wrote:
> > On Wed, Jul 28, 2010 at 12:18:56PM -0400, Perry E. Metzger wrote:
> > > Again, I understand that in a technological sense, in an ideal
> > > world, they would be equivalent. However, the big difference,
> > > again, is that you can't run Kerberos with no KDC, but you can
> > > run a PKI without an OCSP server. The KDC is impossible to
> > > leave out of the system. That is a really nice technological
> > > feature.
> >
> > Whether PKI can run w/o OCSP is up to the relying parties. Today,
> > because OCSP is an afterthought, they have little choice.
>
> Also, requiring OCSP will probably take less effort than switching
> from PKI to Kerberos. In other words: eveything sucks.
I wouldn't suggest that everything on earth move to Kerberos. I
mentioned Kerberos only to show that entirely different models are
possible.
As to OCSP being a reasonable solution because it can be deployed
easily, it clearly will not solve the browser security problem. So
long as security depends on reliance on the lowest common denominator
among the policies of hundreds of CAs, many of which are quite
questionable, and so long as the certifications made by even the best
of those CAs are effectively meaningless, and so long as the users are
well trained to ignore every browser warning they ever get, the entire
question of OCSP is somewhat irrelevant -- it would just be a way of
spritzing the skunk with eau de cologne.
I fully recognize that the odds we will fix the browser security
problem are very low, if only because no one can deploy a truly new
solution in a world where we can't even get IE 6 to die.
However, in discussing this at a high level, as though we could
improve things, we shouldn't kid ourselves about the current model. It
is fatally broken. Hanging garlands from the corpse's ears will not
convince anyone that it has a vibrant future ahead.
Perry
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list