Theodore Y. Ts'o
tytso at mit.edu
Sun Sep 2 18:14:46 EDT 2018
On Sat, Sep 01, 2018 at 03:25:43PM -0400, Phillip Hallam-Baker wrote:
> The problem with a lot of the approaches is that the folk proposing them
> start from the objective of eliminating all dependence on third parties,
> not minimizing risk.
> Governments are bad, CAs are bad, yak yak yak, chunter, chunter, chunter,
> etc. etc.
... but minimizing dependencies on third parties is part of minimizing
risk. Yes, of course on a typical laptop, you'll have trust some set
of Google, Mozilla, Apple, Microsoft, etc. But just because we have
to trust *some* third parties, that doesn't mean that current scheme
where there are hundreds of CA's (with many worked examples of
spectacular failures, such as Diginotar) that are trusted to verify
certificates for *any* hostname, including *.google.com,
*.microsoft.com, etc. is sane.
> The Web PKI was designed to authenticate and authorize Web sites. The
> encryption part was merely a byproduct. The original design brief was to
> make shopping online at least as secure and convenient as offline.
And a design brief where a random nation state can create a
certificate for microsoft.com is a good one?!?
> Remember that any subject security policy can always be overridden by your
> browser provider and/or your platform provider.
Sure, but if we look at where the failures caused by malicious actors
have been in the past, they have been far more often by CA's as
opposed to browser or platform providers.
More information about the cryptography