[Cryptography] distrusted root CA: WoSign

Mon Oct 3 01:21:27 EDT 2016

On 2 October 2016 at 23:14, ianG <iang at iang.org> wrote:
> On 2/10/2016 20:55 pm, Stephen Farrell wrote:
>>
>>
>> Hiya,
>>
>> On 01/10/16 23:02, Ben Laurie wrote:
>>>
>>> On 1 October 2016 at 10:12, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
>>> wrote:
>>>>
>>>> John Denker <jsd at av8n.com> writes:
>>>>
>>>>> In general, why do we put up with this?  Why, why, why?
>>>>
>>>>
>>>> Because we have no choice.  What are you going to do in order to
>>>> opt out, stop using the web?  It's a totally captive market.
>>>>
>>>> Note that things are run by the CA/Browser forum, not the
>>>> CA/Browser/web site operator/end user/customer forum.  The only
>>>> people with a say in things are the ones who are making money off
>>>> the whole racket, and they aren't going to do anything to change
>>>> the status quo.
>>>
>>>
>>> I am so sick of this lame rhetoric.
>>
>>
>> While I agree that Peter's rhetoric is a bit OTT, there is a real
>> issue reflected in the above - the lack of any voice for users of
>> browsers, web server developers and content authors is IMO a real
>> reason to be somewhat wary of CAB forum. I don't know that there
>> are any moves to improve that situation, though of course there may
>> be.
>
>
>
> Peter's rhetoric is actually a bit soft.  No security protocol can be
> analysed outside the context of the users and institutions who field it.
> The real place any change is blocked is CA/B Forum, the browsers, the IETF,
> the CAs, the auditors and the software creators, all of whom are locked in a
> deadly embrace.  And they like it that way, the incumbent people within are
> mostly not volunteers as we might imagine in the open source world, but
> instead are employed and paid to promote the model.
>
> So why would they change?

Change to what?

> CAB Forum was born in darkness, and grew in darkness.  They didn't open it
> up until after they had laid down a new framework for standards that locked
> in the old model even tighter.  Even when they opened it up, after two or
> three years of secret policy preparation, they carefully made sure that no
> open or outside or user-oriented voice would be able to change things.
>
>>> What is your proposed solution? Put up or shut up.
>
> This reminds me of the "where's your patch?" rhetoric.  The problem with
> this lazy slap down

Dude. You are talking to a guy who has spent four years improving the
system instead of complaining it can't be improved. Don't call me
lazy.

The problem with _your_ lazy slapdown is it is just more lame rhetoric.

> is that a person could spend months writing a patch and
> have it rejected.  It is pretty clear for example that if we send in a patch
> for Chrome to implement say Jerry's idea or any of 100 ideas proposed, it
> would go nowhere.

I am not suggesting you write a patch, I am suggesting you propose
something that actually works instead of whining about how the system
is fixed. So far, I have seen no such proposal.

> This doesn't mean you're wrong.  You could be right.  But the difference
> between that and building the franchise, locking out others, is nothing.
>
>>> More polite version: yes, it is a hard problem, but how do you solve
>>> it without some kind of central authority? On what basis can the end
>>> user validate a certificate, other than some authority doing it on
>>> their behalf? Of course I think that adding transparency to those
>>> authorities is a major win, but other than that, where do you go?
>>> Alternatives like DANE are just shuffling the deck chairs on the
>>> Titanic.
>>
>>
>> What Viktor said.
>
> PKI is a tribe.  There is no way to change it.  And it is totally pointless
> to even talk to the tribe about their religion.
>
> The only thing that can be done is to bypass it.  Totally.

How?

>>> What can you do that is radically better than CAs + transparency?
>>
>>
>> That is a fine question. I've not seen any good answers myself in
>> the last 20 years which is a shame. I have seen many proposals for
>> things that are a little better than X.509-based PKI, but none of
>> them that were sufficiently better to displace the current, wildly
>> imperfect, X.509-based PKI.
>
> They will never displace.  Any sufficiently good technology (and there are a
> few) will not displace PKI-secured browsing but bypass it and create an
> entirely new system.
>
>> I do think CT is an improvement though, and in the longer term may
>> point to other solutions involving large databases of public keys.
>> But I've yet to see one of those that might really take hold.
>
> CT is making its mark.  What is poignant is that it took a company with
> google's resources and position to do it.  The notion that even google had
> to work hard at it puts the lie to the notion that any one less could make
> changes.

Once more: what is the change that should be made?