[Cryptography] "Trust in digital certificate ecosystem eroding"

[Christian Huitema]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday, May 3, 2015, at 11:02 AM, Guido Witmond wrote:
> ...
> With DNSSEC and DANE, the site-owner *specifies* which CA is the correct
> one *for their own site*.

Yes. And this is indeed the right way to look at the problem. Not "does this certificate chain verifies according to the rules of WebPKI" but "can we verify that this is the certificate that the server domain intended to use." DNSSEC could be a great tool for that. If the site and the client already share a secret then channel binding could also help.

> If the browser requires a DANE record, and a valid chain of delegation
> from ICANN's Root key downwards, then the browser has enough data to
> determine if a certificate matches a domain name.

But! If the user lives in the Kingdom of Notrustistan, there is a catch. The local dictators could mandate that every computer and every phone ships with their very own version of ICANN root's key, enabling the Great Firewall of Notrustistan to spoof TLSA records and then MITM the TLS connections...

- -- Christian Huitema

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (MingW32)
Comment: Using gpg4o v3.4.103.5490 - http://www.gpg4o.com/
Charset: utf-8

iQEcBAEBAgAGBQJVRqUCAAoJELba05IUOHVQZaYH/0MxmRKjfOf0kYUtijAK2Hyo
YMPfbGnQXAOq101Sa53Ylmtvthif9SUEAjhr/lFCaUwQDDeTbFwIay5EDn/+ZQTg
JTzC/Ig8ilBhivH05mInbbZicciuWufboYNiHBpksm4vF0v4oBo8C9nWTwsyHfnH
bgOBEZAQR22HI64XMUoeeRmHDPp45W4q7kN3yvky4sAd+6S47jPGES2b/0zPKmDs
gLDLtmjEtx31Euv4mgfBLkPLsgnxzXCMZJhibuZax5TcDartUAqufx67QVClB5Ho
d/OIQ9AGwbmB54S5BTxP4tpDyohH8iCxIM8C6Mw/LnolPglmI+aS5B13IGsjGhI=
=Fdiu
-----END PGP SIGNATURE-----