[Cryptography] Certificates and PKI

[Ben Laurie]

On 22 December 2014 at 17:11, Ray Dillinger <bear at sonic.net> wrote:
>
>
> On 12/22/2014 05:32 AM, Ben Laurie wrote:
>
>> Pinning does indeed not care who signed the certificate. However, it
>> introduces an apparently insurmountable problem: what happens when you
>> lose your key? And, to be clear, by "lose", I mean, "no longer have
>> access to". It seems that your website is then unavailable for
>> whatever the pin expiry time is. We don't think that's acceptable, nor
>> fixable without introducing some entity with essentially the same role
>> as a CA.
>
> Honestly, I think pinning is necessary to the customers because
> they *NEED TO KNOW* when the keys (ie, the website) change hands.

This is unknowable, surely? But I think you mean when the key changes?

> If I've been doing business with, say, Amazon, and one day I go
> to amazon.com and I see "this site is using a different certificate
> than last time you came here" I think that's valuable information,

I do not dispute that this may be valuable information to you, but I
do claim that for most users it is meaningless information.

> and I will be absolutely sure that the site knows things that only
> Amazon should know - such as my order history - before I'll think
> of trusting it for small orders.  And it means I'm not going to
> be doing any large orders (say, more than $10) with Amazon that
> day.  Before spending major money, I'll be watching the news for
> a couple of days.  When Amazon calls a press conference and
> announces they lost their key and are now using a new one, then
> I will start trusting that the new cert is legit, and pin it. Or,
> if I have no large purchases to make, I'll pin it after a few
> small ones go through and get delivered, provided no major news
> stories break about a someone putting up a fraudulent fake Amazon
> site in the meantime.
>
> If Amazon thinks that's unacceptable, or aren't willing to announce
> it publicly when they lose their key, then they'd damn well better
> keep track of their key.

I certainly agree that Amazon should be expected to keep track of
their key. But we are not just talking about Amazon, we are talking
about every secure site in the world. Which I think many of us hope
will be every website in the world.

>> Dealing with leaked (i.e. usable by someone other than you) keys is
>> also problematic - how do you ever regain control of your domain if
>> you've ever had it taken over by a bad guy?
>
> You put up your site with a new certificate, publicize the fact
> that your old key is now void, EAT the expense of a few days of
> lost business while your customers check it out, and continue.
> Replacing a key you failed to keep confidential, including the
> lost business you incur because you failed to keep it confidential,
> is part of the cost of doing business.

How do I publicise that my blog has a new certificate?

> This kind of announcement to the attention of actual consumers
> rather than all behind the scenes and invisible, is how the CA
> business should have worked from the start. The decision to
> trust a new party should never be invisible to the people who
> are trusting the new party with their money.

Again, I claim that the vast majority of users have no way to evaluate
such announcements.

> Again, if that is unacceptable, then people need to start taking
> security seriously, and implementing serious computer security
> infrastructure so they don't get their keys stolen.
>
> Only once big business has real money on the line, will we
> see the whole new infrastructure of security in software and
> operating systems that is needed to add value to every business
> and protect every individual!

Big business does have real money on the line - look at Sony, for example.