[Cryptography] "Trust in digital certificate ecosystem eroding"
Ray Dillinger
bear at sonic.net
Mon May 4 18:15:59 EDT 2015
On 05/03/2015 08:45 AM, John Levine wrote:
> All the studies I've seen say that no amount of training will make
> users take security warnings seriously. Partly it's the number of
> false alarms, partly it's a not totally irrational tradeoff between
> the risk of what might happen and the desire to get their work done.
>
> If this stuff is going to work at all, it has to work automatically.
If it's ever going to work automatically, then it has to be
semantically consistent enough for automated systems to make
meaningful decisions about.
What we're used to building as engineers - indeed, what we strive
to build as engineers - is systems where the same technical means
can be used to express many different kinds of semantics. But
that deprives any automated system of knowledge of what semantics
are being expressed. And trust is all about semantics.
The things we can monitor automatically - that is, when a site
changes CA's, how many CA's assert that a site's certificate has
been paid for, whether we are seeing the same cert for a site that
other clients see, etc... are semantics-free. Monitoring them
does not give us means to make trust decisions, because every one
of those things could arise for reasons having nothing to do with
whether a particular web site ought to be trusted.
If you want an automated system, you have to make a system where
particular technical aspects which can be monitored (and which
can't be selected for convenience by an attacker) have definite
semantic meanings. And you essentially can't get there unless
you create a situation in which your network admin sometimes has
to say "no, we can't make X configuration change without going
through six-month notification and migration procedure Y, because
that would invalidate our trust cert."
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150504/f80a7c7a/attachment.sig>
More information about the cryptography
mailing list