[Cryptography] distrusted root CA: WoSign

[John Denker]

I asked:
 
>> In general, why do we put up with this?  Why, why, why?

On 10/01/2016 02:12 AM, Peter Gutmann wrote:

> Because we have no choice.  What are you going to do in order to opt out, stop
> using the web?  

We have lots of choices short of dropping off the grid, some of
which are mentioned below.  Some of the worst abuses could be
greatly reduced by applying Crypto 101 principles.

> It's a totally captive market.
> 
> Note that things are run by the CA/Browser forum, not the CA/Browser/web site
> operator/end user/customer forum.

Actually, for most lusers, it is the _distro_ packager who gets the
final say.  The packager decides what browser and what certificates
get bundled into the distro (and into the updates).

We saw the downside of this when Lenovo foisted the infamous "superfish"
onto their customers.

The browsers had a difficult time disabling the superfish certificate,
due to pathetically bad security design.  Crypto 101 (not to mention
etymology) suggests there should be only one true root.  The hundreds
of certs that currently claim to be "roots" should exist at the second
level, /signed/ by the one true root.  That would create a revocation
pathway that does not currently exist.

We could also implement widespread pinning and cross-signing.  This
would make it vastly easier to detect forged certificates.

Et cetera.

Bottom line:  We *do* have choices.  There are a *lot* of things that
could be done better, without dropping off the grid.

========

> The only people with a say in things are
> the ones who are making money off the whole racket, and they aren't going to
> do anything to change the status quo.

FWIW https://letsencrypt.org/ is issuing free certificates, which
seems like a major departure from the status quo ante.  They are
at the "beta" stage.  The fat cats have not (yet) found a way to
shut them down.

I am a happy beta customer of letsencrypt.