[Cryptography] distrusted root CA: WoSign
Stephen Farrell
stephen.farrell at cs.tcd.ie
Mon Oct 3 03:31:35 EDT 2016
Hiya,
On 03/10/16 06:10, Ben Laurie wrote:
> On 2 October 2016 at 19:55, Stephen Farrell <stephen.farrell at cs.tcd.ie> wrote:
>>
>> Hiya,
>>
>> On 01/10/16 23:02, Ben Laurie wrote:
>>> On 1 October 2016 at 10:12, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
>>> wrote:
>>>> John Denker <jsd at av8n.com> writes:
>>>>
>>>>> In general, why do we put up with this? Why, why, why?
>>>>
>>>> Because we have no choice. What are you going to do in order to
>>>> opt out, stop using the web? It's a totally captive market.
>>>>
>>>> Note that things are run by the CA/Browser forum, not the
>>>> CA/Browser/web site operator/end user/customer forum. The only
>>>> people with a say in things are the ones who are making money off
>>>> the whole racket, and they aren't going to do anything to change
>>>> the status quo.
>>>
>>> I am so sick of this lame rhetoric.
>>
>> While I agree that Peter's rhetoric is a bit OTT, there is a real
>> issue reflected in the above - the lack of any voice for users of
>> browsers, web server developers and content authors is IMO a real
>> reason to be somewhat wary of CAB forum. I don't know that there
>> are any moves to improve that situation, though of course there may
>> be.
>
> Users have a voice, as Peter well knows, at least in Mozilla's
> selection and vetting of CAs.
So yes, Mozilla have a public list and a process.
That's very far from covering the points Peter and I raised
about who has a voice inside CAB forum.
> Microsoft and Apple could do the same
> thing.
They could and that'd be an improvement. It'd still not be
a "fix" for the CAB forum though.
I guess Google could do similarly too. (I wonder why you
didn't mention Google - do they do something different or
follow the Mozilla process?)
>
>>> What is your proposed solution? Put up or shut up.
>>>
>>> More polite version: yes, it is a hard problem, but how do you solve
>>> it without some kind of central authority? On what basis can the end
>>> user validate a certificate, other than some authority doing it on
>>> their behalf? Of course I think that adding transparency to those
>>> authorities is a major win, but other than that, where do you go?
>>> Alternatives like DANE are just shuffling the deck chairs on the
>>> Titanic.
>>
>> What Viktor said.
>
> I already responded to Viktor.
He's still correct though:-) There's no need to diss DANE in this.
DANE's another attempt to improve things which may find a niche
where it does help. (SMTP/TLS in particular, but who knows maybe
back in the web later if something like [1] gets traction.)
[1] https://tools.ietf.org/html/draft-ietf-tls-dnssec-chain-extension
>
>>> What can you do that is radically better than CAs + transparency?
>>
>> That is a fine question. I've not seen any good answers myself in
>> the last 20 years which is a shame. I have seen many proposals for
>> things that are a little better than X.509-based PKI, but none of
>> them that were sufficiently better to displace the current, wildly
>> imperfect, X.509-based PKI.
>>
>> I do think CT is an improvement though, and in the longer term may
>> point to other solutions involving large databases of public keys.
>> But I've yet to see one of those that might really take hold.
>
> Err ... CT?
Yeah, cert transparency, I'm guessing you're familiar with it:-)
My point is that CT is a "large DB of keys" improvement to X.509
based PKI. I suspect that may point to the possibility of future
solutions where relying parties each carry around a large DB of
public keys. But that's just me speculating, no more.
Cheers,
S.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3840 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161003/be09ce68/attachment.bin>
More information about the cryptography
mailing list