[Cryptography] [messaging] Gossip doesn't save Certificate Transparency
James A. Donald
jamesd at echeque.com
Sat Oct 18 22:52:00 EDT 2014
On 2014-10-15 09:24, Arnold Reinhold wrote:
> I agree that the pin distribution problem seems quite solvable. But
> how do browser manufacturers get valid pin data for 100,000 sites,
> not to mention regular updates? If they want to get the information
> independently, they will have to set up the kind of rigorous
> verification infrastructure that we would want CAs to employ. (The
> fact that most CAs fall short does not suggest the problem is an
> easy one.) And if I trust my browser manufacturer?s signature on the
> browser software distribution that includes the initial pin list, as
> well as on subsequent pin updates, why not also trust the same
> signature key to sign individual web site credentials and use the
> existing TLS infrastructure, with the browser manufacturer serving
> as a super-CA for those 100,000 sites?
> If the browser manufacturers choose instead to subcontract getting
> the pin data to one or a few high quality CAs, expect those CAs to
> charge a very steep price since it undermines their business model.
> The other CAs will no doubt raise a ruckus, perhaps invoking local
> antitrust laws. And if the browser manufacturers accept most CA
> data, what is the point?
Active attacks by powerful adversaries are rare, because an active
attack leaks information, and people are interested in information
about powerful adversaries.
If active attacks were common, we would be hosed, since the standard
password recover system is to send it in the clear in email.
So, everyone self signs their own certificate, and we then have the
system make sure that everyone sees the same self signed certificate
as everyone else.
More information about the cryptography