[Cryptography] Certificates and PKI

Paul Wouters paul at cypherpunks.ca
Thu Dec 25 13:58:33 EST 2014

On Wed, 24 Dec 2014, Guido Witmond wrote:

> A "hostile" takeover by the parent domain will result in a mismatch. The
> browser must refuse to proceed.
> Q.E.D.

certpatrol has proven this scheme is not good enough. The problem of
gathering information without confirmation from the "true source"
means you're in a race condition that is guaranteed to give false
positives. When I change my A/TSLA record, for a litle while the
world does not know it is legit or not.

That's what makes certpatrol completely useless.

> If the current domain name gets hijacked by the parent domain, the site
> owner creates a new domain name, signs it with his private CA and gets
> the news sites to advertise the new domain: "piratebay.org is down, go
> to piratebay.com". Or even piratebay.onion, no need to set up TLSA.

This is a biased example. You already determined who the "real owner"
is. When someone takes cypherpunks.ca how can you tell if the new owner
isn't really the new owner? also the "news sites and advertise" doesn't
scale at all and has the same false positives problem. Users will turn
this off as fast as certpatrol.

> The browser recognises the same CA and offers the user to log in using
> the client certificate.

client certificates are bad for anonymity.


More information about the cryptography mailing list