[Cryptography] The EFF 650 CAs lie

Mon May 4 11:11:07 EDT 2020

On Sun, May 3, 2020 at 9:55 PM Paul Wouters <paul at nohats.ca> wrote:

> On Thu, 30 Apr 2020, Phillip Hallam-Baker wrote:
>
> > When asserting that there are 650 'CAs', an informal standard is used.
>
> Makes sense to me. If there are an unknown number of RAs and LRAs that
> can trigger a CA to issue a certificate, then from the point of view of
> EFF, it juts increases the amount of individuals that can cause a rogue
> issuance.
>

The claim repeatedly made was that there were 650 entities could issue a
certificate for *ANY* domain. That was not true. It should not have been
said. It should not continue to be said.

> The question is who can be held accountable for mis-issue. An LRA or RA
> cannot be held accountable, only the CA can. Only the CA issues a
> > Certificate Policy and Certificate Practices Statement. If there is a
> mis-issue, it is the CA that suffers consequences.
>
> That only helps to clean up the mess, not to prevent it.
>

It is an accountability control. The entire WebPKI is put together as
layered accountability controls. Having a Verisign class 3 cert didn't mean
you weren't a crook. What it meant is that you were accountable in a
certain way. You have to have a company address, you are subject to
consequences.

Now sure, it is possible to set up a fake company. As in ONE relatively
easily. But try to do it a few hundred times without being caught. That is
why revocation was critical to the model. The point was to make merchant
fraud unprofitable. All the WebPKI was designed to do was enable Internet
commerce.

> The problem with DNSSEC is that there is only one provider. And that
> provider is (justifiably) regarded as a US government agency by Russia
> > and China. And so they have made plain that they will not tolerate
> widespread use of DNSSEC.
>
> It's not. It is trivial to skip the root key and let CCTLD keys be in
> configurations for their respective TLD only. It's actual a working
> version of path-constraint.
>

It is possible, that is in fact very close to the model I am looking at.
But making it scale is anything but trivial. It requires an infrastructure
to collect the data on the TLD keys. That is non trivial.

And all you get from such a scheme is an authenticated encrypted channel to
a DNS name. You are not going to get accountability. So the result turns on
encryption but it isn't doing anything about enabling companies other than
Amazon and a few well known names to trade online.

> But the real problem of the WebPKI today is actually the exact opposite
> of 'too many CAs'. The market has consolidated to the point where
> > two providers have an effective duopoly on the commercial side and there
> is one free provider.
>
> Indeed. The EFF has now caused the reverse problem. Everyone now has to
> trust them and only them.

And the only security level supported is piss-poor security for stopping
snooping that we could have implemented just as well by configuring TLS to
support use of self signed certs without user notice.

> So now we have the 'too big to fail' problem. And note that when one of
> those three recently screwed up in a far more egregious fashion than
> > Symantec did, they were not shut down.
>
> Indeed. But I was shocked at LetsEncrypt original plan to kill all
> these domains, and I'm glad they actually ended up violating the
> CAB/Forum rules. Clearly ACME still needs some work so it can better
> recover in these kind of scenario's.
>

Well given the anti-Trust suits Google is facing, their decision to
overlook the one and stamp out the other is going to put them in a very bad
place. And various folk on CNBC seem to think the appetite in Congress for
taking down 'big tech' has not been abated by the Corona virus situation.

The Google lawyers really need to start looking at the liability exposure
they are creating for themselves here. Getting rid of your aggressive
harassment types by sending them out to do external standards work takes
them out of the corporate work place but it is a terrible advert for the
corporate culture.

> But even taking one further step back. It is crazy that all this
> security is ultimately decided by 4 US based broswer vendors. It
> needs to be hierarchical where governments can make decisions of
> trust and identity for their citizens and their organisations
> independently of the US. DNS and DNSSEC is the only thing we have
> that can do that.
>

I disagree on the hierarchy issue. I am only interested in bringing control
back to the individual. Most are going to delegate that control to some
authority. Just like they do with AV scanning. But there is a market for AV
scanning tech these days, not a monopoly. And they work for the user who is
paying them for the service.

The alternative to the 4 browsers choosing the trust anchors according to
their corporate interests is to have the 30-odd AV companies do it
according to their interests which are much more closely aligned with those
of the user because the user is the customer. For Google and Mozilla, the
customer is the product.

Apple and Microsoft are in a slightly different position. But the problem
there is neither has much intention of leading in this space.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200504/0ebfdd1d/attachment.htm>