[Cryptography] Certificates and PKI

Guido Witmond guido at witmond.nl
Wed Dec 24 16:24:53 EST 2014

On 12/24/14 20:04, Paul Wouters wrote:

> ... the real problem lies in the fact that you don't "own" your 
> domain and your parents take-over is "legitimate" even if you don't 
> agree with that.


> As I said, the A record hostile take over above is the real problem. 
> We don't want to start logging every DNS entry. But we would also not
> want to track labels vs zone cuts. I'm not sure yet what the solution
> should be.

The challenge is to make that domain take-over event detectable by the
visitors of your site.

Here's my solution:

Each domain owner deploys a private CA. It signs the server certificate
for the site. The certificate of the private CA is specified in DANE.

Visitors (browsers) verify the TLSA-record against the server's
certificate at first contact. They remember the TLSA-record and verify
nothing has changed at later visits.

A "hostile" takeover by the parent domain will result in a mismatch. The
browser must refuse to proceed.


We can improve upon this scheme:

Each visitor signs up with a client certificate that is signed by a
sub-CA of the site's private CA. Notice that both the server and the
client certificates are signed by the same private CA.

At subsequent visits, the browser offers the user to log using the
client certificates that match the CA that signed the server they've
connected to.

If the current domain name gets hijacked by the parent domain, the site
owner creates a new domain name, signs it with his private CA and gets
the news sites to advertise the new domain: "piratebay.org is down, go
to piratebay.com". Or even piratebay.onion, no need to set up TLSA.

The browser recognises the same CA and offers the user to log in using
the client certificate.

Not only can we detect domain hijacking, we made it trivial to circumvent.


That's what I call http://eccentric-authentication.org.

Regards, Guido Witmond.

PS. Cypherpunks that like running code:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141224/44e3e152/attachment.sig>

More information about the cryptography mailing list