[Cryptography] WireGuard

Phillip Hallam-Baker phill at hallambaker.com
Sun Sep 2 22:17:15 EDT 2018

On Sun, Sep 2, 2018 at 6:14 PM Theodore Y. Ts'o <tytso at mit.edu> wrote:

> On Sat, Sep 01, 2018 at 03:25:43PM -0400, Phillip Hallam-Baker wrote:
> > The problem with a lot of the approaches is that the folk proposing them
> > start from the objective of eliminating all dependence on third parties,
> > not minimizing risk.
> >
> > Governments are bad, CAs are bad, yak yak yak, chunter, chunter, chunter,
> > etc. etc.
> ... but minimizing dependencies on third parties is part of minimizing
> risk.  Yes, of course on a typical laptop, you'll have trust some set
> of Google, Mozilla, Apple, Microsoft, etc.  But just because we have
> to trust *some* third parties, that doesn't mean that current scheme
> where there are hundreds of CA's (with many worked examples of
> spectacular failures, such as Diginotar) that are trusted to verify
> certificates for *any* hostname, including *.google.com,
> *.microsoft.com, etc.  is sane.

The number of active CAs is more like 50 and declining rather than
increasing. The EFF study that found hundreds was based on a fundamental
misunderstanding of how PKIX works. The fact that they never retracted the
false claims after the flaws in their methodology were pointed out is a
useful reminder that just because someone says they are on our side doesn't
mean they are.

CAs are now required to process the CAA record that I proposed in 2010
which addresses the issue you raise.

Every security problem has an easy solution provided you decide to ignore
all the other problems. The problem with pinning proposals was that they
didn't want to face the fact that operator error is a real concern and if a
site ends up offline because of it, the consequences are usually rather
more serious than most attacks.

If I was going to revisit this issue, I would propose enrolling the CAA
statements in the CT logs.

> > The Web PKI was designed to authenticate and authorize Web sites. The
> > encryption part was merely a byproduct. The original design brief was to
> > make shopping online at least as secure and convenient as offline.
> And a design brief where a random nation state can create a
> certificate for microsoft.com is a good one?!?

It enabled Amazon and online commerce. It has worked for 20 years. Nation
state attacks tend to be mitigated by their reluctance to get caught.
Though not always. Skripal was obviously attacked with the nerve agent to
leave no doubt as to who was behind it. Though that game is rather more
desperate and higher stakes than most.

> > Remember that any subject security policy can always be overridden by
> your
> > browser provider and/or your platform provider.
> Sure, but if we look at where the failures caused by malicious actors
> have been in the past, they have been far more often by CA's as
> opposed to browser or platform providers.

That is certainly not true. Browser vulnerabilities are so common that they
aren't even news.

It is rather difficult to know whether any AV software has been an attack
vector but we do know that Kaspersky's son was kidnapped and then returned.
And we know that their AV agent runs in god mode on the machine, same as
any other AV does.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180902/dbc03d11/attachment.html>

More information about the cryptography mailing list