[Cryptography] USB 3.0 authentication: market power and DRM?

[dj at deadhat.com]

> I'm seeing this whole thing as an attempt to prop
> up CA's which are otherwise essentially looking at
> a failed business model. Even if CA's did what
> they're supposed to do there would be no way for
> that business to function in the market of USB
> equipment.
>

The CA that needs to exist would the the USB-IF. That's a consequent of
the spec that says the mandatory cert is one signed under the USB-IF root
cert.

In the USB data security spec (that is not yet released) leaves other
slots open to organizational certs, some organization (a household, a
corp, a government etc.) could provision devices with an org cert they
want to work with their internal devices that enforce a policy of not
working without the organizational cert.

This was principally my idea. It has been present in a draft that I wrong
a few years ago that sat moribund under the USB manufacturers felt
pressure to have some sort of security spec. It doesn't include a model
for using the normal CAs used for web certification since they have proven
themselves ineffective so many times.

My experience with normal CAs when trying to get them to support device
certificates is that they expect too much money. They want $100 per year,
per cert, rather than a couple of cents per device one time. That's why
for WiMAX we had to initially deploy our own CA in a corporate CA, before
the task to could passed on to an external CA that would accept the
business. I see no difference here. The USB-IF is going to have to set up
a CA somehow because that's what the spec implies.

> CA's were supposed to verify identities, respond
> to authentication attacks, handle revocations, etc.

The USB-IF already does that for the (relatively small) population of USB
silicon vendors.

>
> The race to the bottom and their business "need"
> to support stupid security decisions ("compatibility"
> means, if someone is stupid once, therefore everybody
> must be stupid forever!) meant, inevitably, that
> they only verify that their payments clear.

If you thing something is stupid in the spec, please email specifics in
response to the release of the spec, to the email addresses at the bottom
of the page with the spec on it.

>
> Certification of USB equipment doesn't even
> pretend to have key revocation capabilities or
> any way of responding to authorization attacks.
> By design it pretty much can't. Which means that
> there is literally nothing CA's can contribute
> to it. You can tell some piece of kit presents
> a key which was valid, for somebody, once.  Woo.
> Does that, in some way, help?
>

Your PC or phone authenticating a charger certainly can do revocation
using the usual mechanisms, but it has been my assertion that these things
tend to be done by policy download from OS vendors and browser vendors.
Why would this be any different? Browsers and OSes contain whitelists and
blacklists as policy to be enforced because revocation is rarely fit for
purpose.