[Cryptography] Other obvious issues being ignored?
ianG
iang at iang.org
Fri Oct 23 17:08:42 EDT 2015
John Denker wrote:
>> It is a travesty that the Mozilla Foundation pays DigiCert to certify
>> that mozilla.org is "trusted" ... when in effect it is Mozilla that
>> decides whether DigiCert is trusted, not vice versa...
>>
>> Speaking of obvious, here's a super-obvious constructive suggestion:
>> There should be at most *one* all-powerful root CA. If/when Mozilla
>> decides to trust some CA, Mozilla should *sign* the CA, not simply
>> compile it into the list of trusted CAs. This would regularize the
>> process of adding CAs to the list ... and revoking them when necessary....
On 23/10/2015 12:31 pm, Jerry Leichter wrote:
> Step back a moment and think about where you're going.
>
> 1. 2. 3. 4. 5. a. b. c...
All this is true. It has always been true, ever since RSADSI convinced
Netscape that it couldn't be the one true signer, oh no, that had to be
an open market, led by the company that RSADSI or its employees started...
This problem is *not a security problem* but *an institutional problem*.
The space is formed of a number of interlocking institutions that have
concreted power relationships and accreted power in order to hold the
browsing public to a commercial deal. In one sense this is good because
it got some security out to the users, which had to be paid for in some
sense or other.
In the wider sense however, the browsing public is totally screwed
because the model is early 1990s at best, and has had to carry the
weight of 20 odd years of architectural folly.
But, the edifice has been built. You can no more convince Mozilla to do
something different than you can convince the whitehouse to stop sending
out drones to solve its foreign policy itch.
In a sense, the proof that this is an institutional problem not a
security problem is google - it was the only organisation that was on
hook for all parts of the problem. It therefore had the liability at all
levels, and the incentive to move all levels. Nobody else had that,
nobody else could move, no matter how screwed they were.
The question then isn't how to fix the security. We've always known how
to do that. The question is how to fix *the institutions* or more
precisely how to re-wire them such that they work for the user. Or at
least, so they don't screw the user over. That I don't have the answer to.
iang
More information about the cryptography
mailing list