[Cryptography] Certificates and PKI

ianG iang at iang.org
Sun Dec 21 12:36:45 EST 2014

On 19/12/2014 11:38 am, Jerry Leichter wrote:
> So Google has announced that in the future they Chrome mark HTTP connections as "risky", perhaps moving the world toward "all encryption all the time".  However, all the browser makers - Firefox in particular - continue their war against self-signed certificates.
> If your goal is security against passive eavesdroppers - and, in particular, against "record everything" government agencies - then a self-signed certificate is as good as anything.


> If you want to defend against active MITM attacks, then you need a trustworthy certificate.  But as we all know, the current model of hundreds of equally-trusted CA's cannot possibly produce legitimate trust.
> Recent efforts like certificate pinning and certificate transparency can go a long way toward proving trust in certificates - *but they can work equally well no matter who signs the certificate!*  Granted, they were *designed* on the assumption that the pinned/recorded CA was one of the "blessed" CA's that every browser comes with - but there's nothing that requires that.  A "pinned" self-signed certificate - pinned to itself - is as trustworthy as any other pinned certificate.  (In fact, it's basically just a wasteful representation of trusted public key store, something I've discussed here previously.  But it fits into the existing infrastructure with no changes.)  The security of certificate transparency doesn't come from CA's - it comes from the owners of sites watching for attempts to create certificates in their name.  That works no matter where the legitimate certificates come from.
> How can we get the browser makers to stop buying in to the PKI fiction that does little except keep the CA business model alive?

Gawd, I wish I had a nice answer to that, but it's turtles all the way 
down.  This is a bad story, and is a graveyard for your soul.

First the problem.

Unfortunately, the problem with the vendors is that they are locked into 
an oligarchy or cartel.  This group have also traditionally outsourced 
the security architecture question to any other place that seems 
conveniently remote [1] but in reality is nowhere.

Typically with an open project the solution would be to submit a patch. 
  This is the time-honoured real path to address an itch.  (Of course 
that isn't available for the others.)

Also, in principle, there should be open discussion eg here on this 
group or on Mozilla's lists or perhaps in google groups.  People should 
suggest ideas.  Stuff should be coded up.  Patches submitted.

But this won't work for secure browsing.  In practice there is little or 
no chance that a browser vendor will accept any patch that unwinds the 
PKI model [2].

The upshot of this is that we frequently get the browser vendor 
representatives arguing against proposals by well meaning people on 100 
or so bases [3] but there isn't really a dialogue per se because even if 
the argument is won, the vendor is not really discussing and isn't going 
to do anything.  In effect what happens is that representatives of 
vendors are just defending their personal angst at criticism.

The only way to solve this problem is to break the cartel.

One way is to cause one of the vendors to break ranks and do something. 
  You'll note that all the changes currently being aired are sourced 
from google -- very interesting!  For the first time in browser history 
since Netscape threw the SSL model over the IETF wall in about 1994, a 
browser vendor is "doing something" in user security [4]

Another way to break the cartel might be to fork?  But to do that we'd 
need a lot of us to start working on it.  Maybe not such a bad idea? 
I'd guess to do that we would need about 1-4 continuous developers on it 
to make it work?  If we could get about $200k per annum (kickstarter) 
for say 4 devs it might be a worthwhile project?

A third way is to just call it what it is;  a cartel that is promotes 
the PKI industry at the expense of user security, and hope that 
participants agree to stop being a cartel.  But I've been saying that of 
CABForum for years and they happily disagree with me [5].


[1] Variously this might be PKIX or CABForum or whoever but you can 
reliably predict that such a labelled group won't then pick it up.
[2]  IE of course won't, as they traditionally accepted the PKI model 
*at a legal level* and the business direction isn't strong enough to 
overturn that let alone understand what I just said.  Firefox 
traditionally won't accept patches from outside the PKI group as the 
developers are mostly paid for by PKI interests so their jobs are on the 
line, in effect.  Chrome, I do not know, it might be interesting for 
someone to submit a patch that unwound the self-signed approach there.
[3] popular techniques are to drown the discussion in cites & research, 
suggest participation, throwing random technical criticisms in such as 
"X needs Y" or "Z won't scale", suggest joining this group or that WG, 
etc etc.
[4] From a business perspective it's actually a fascinating question as 
to why google has broken ranks.  But that's out of scope for this list.
[5]   Allegedly, they even begin their meetings declaring they are not a 
cartel :D which I just have to say is best evidence yet if one has *any* 
knowledge of the signalling aspects of cartels.

More information about the cryptography mailing list