[Cryptography] SSL Certificates are expiring...

Phillip Hallam-Baker phill at hallambaker.com
Wed Feb 19 13:12:05 EST 2020


On Tue, Feb 18, 2020 at 9:47 PM Bill Frantz <frantz at pwpconsult.com> wrote:

> On 2/16/20 at 12:15 PM, phill at hallambaker.com (Phillip
> Hallam-Baker) wrote:
>
> >>For the web, I would like to have my trust anchor for a site be
> >>through a key it controls, not a CA. When I go to a site using a
> >>CA as a trust anchor, I will keep my financial and secret data
> >>exposure low until I have some transaction experience. I want to
> >>know I'm talking to the same site I was talking to when I
> >>developed the trust I have, not a intruder site attested to by
> >>an untrustworthy TTP. (Do browsers still have over 80 trust anchors?)
> >>
> >
> >The flaw in the WebPKI is that the design brief really calls for an
> >introduction scheme and TLS is configured as a transaction authentication
> >scheme. That is in part a consequence of not having the tools at the time
> >to make an introduction scheme portable across browsers and hosts. It is
> >also a consequence of the fact that a merchant does not necessarily defect
> >immediately and it takes time for defection to be observed. Oh and the
> fact
> >that many Web sites are incapable of managing PKI with the fidelity
> >required for pinning trust anchors.
>
> Defecting is, as far as I know, an unsolved problem. Back in the
> early 1960s, when the US offered strong protection to the
> official importers of foreign goods, there was a company in Hong
> Kong which mail ordered Japanese cameras to the US for about 1/2
> price. When I ordered a Nikon F from them, I got the camera in a
> package shipment, and the nameplate arrived in a first class
> letter. (The US importer owned the name "Nikon".)
>
> About a year later, they continued to collect orders, but
> stopped shipping. Then they completely disappeared, having
> cached in their reputation capital.
>
>
> >>I think we have the current system because that was the only
> >>system people could build a business model around, and that the
> >>need to support that business model was reflected in
> >>contributions to the standards bodies.
> >>
> >
> >The RSA and DH patents expired in the 90s, there was plenty of opportunity
> >to propose something different.
> >
> >The problem is path dependence, not some conspiracy. We could have adapted
> >TLS for IoT devices really easily, just make use of self signed certs
> >painless. I suggested that on a half dozen occasions and it never
> happened.
>
> What I meant by business models is the certificate authorities.
> They make good money based on their monopoly of being listed in
> major browsers as trust roots. As far as I can tell, the WebPKI
> model is the only model that provides this kind of niche to
> build a business.
>
> BTW, I'm not sure that you can get a protocol adopted with out a
> business model which will allow companies to make money.
>

The WebPKI was only calibrated for credit card transactions where every
transaction carries insurance. The argument was based on velocity, window
of validity and cost of repeatedly applying for class 3 certs without being
caught.

Sure you can set up one scam company. But if they only last 48 hours, you
need lots and if you repeat your approach you will establish a pattern

Sure it has worked for much beyond the design brief. But dont blame me for
the limitations.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200219/3406760d/attachment.htm>


More information about the cryptography mailing list