[Cryptography] distrusted root CA: WoSign

[Peter Gutmann]

John Denker <jsd at av8n.com> writes:

>We *do* have choices.  There are a *lot* of things that could be done better,
>without dropping off the grid.

It depends on who you mean by "we".  When I said "we" I meant the end user,
you, me, everyone around you.  We have no choice.  We have to take what the
browser vendors give us, which in turn is what the CA/B Forum wants us to
have, and their response to the ongoing failure of PKI [0] is to give us more
PKI.

>FWIW https://letsencrypt.org/ is issuing free certificates, which seems like
>a major departure from the status quo ante.

That's just fixing a problem that was created by the browser vendors in the
first place, the fact that the browsers are set up so that you need to ask a
CA for permission to use encryption.  They could have done the same thing
years ago by allowing anon-DH.

Even then, as Jerry Leichter pointed out in a previous message, they're still
requiring you to ask a CA to use encryption, they've just acted, years too
late, to blunt the most obvious criticism.  Ever tried to set up TLS on a non-
public-Internet network (RFC 1918 or whatever)?  You basically can't, unless
you use your own software on both the client and server.  Browsers just don't
work there, because needing to ask a CA for permission to encrypt is hardwired
into them.

Peter.

[0] Now I know some people are going to claim PKI isn't a failure, and to some
    extent that's correct, since there was never any mission statement for PKI
    beyond "you asked for PKI, here is some" it's not really possible to say 
    it's failed.  Or succeeded.  Or anything really.  However given that twenty 
    years of evidence indicates it has no effect on phishing, malware, or much 
    of anything else that you'd sort of expect it to deal with, I'm going to 
    say it's been a failure.