[Cryptography] Verisimilitrust

[Peter Gutmann]

ianG <iang at iang.org> writes:

>Since then, the "popular" PKI for secure browsing found itself reversing much
>of that.

Another problem with browser PKI, or more specifically browser TLS, is that
they've made it impossible to use encryption without involving a CA.  TLS
doesn't require the use of certificates, and in fact offers a number of
encryption modes that are much, much more secure than the CA-based ones (e.g.
ones that provide true mutual auth of client and server), but the browser
vendors have chosen to disallow all of those modes.  The only modes that are
allowed are ones where you have to ask a CA for permission to encrypt.

This is now coming back to bite them with the Kazakh MITM CA ("Borat"), the
only option they have is to either allow the MITM CA, or turn off all
encryption to every site on the planet (note that this won't prevent
connections to TLS-only sites since Borat will just run an SSLstrip proxy).
There's no way to do non-CA-controlled encryption if you're using a web
browser, which is perfect for Borat.

Peter.