[Cryptography] Commercial PKI as dog poop
Hagai Bar-El
info at hbarel.com
Thu May 13 03:32:14 EDT 2021
Hi Rich,
Salz, Rich wrote:
>
> > (In an optimal world, we wouldn't have to trust the CDN, but this
> will require a TLS without the 'T'...)
> The relationship between a business and its CDN is a contractual
> agreement between the two parties. You shouldn’t care about the CDN
> about as much as you care about what gateways they have in their DMZ,
> and so on: in other words, complain to the company if something is broken.
>
Sorry for not being clear enough. By CDN I was not referring to the
legal entity selling CDN services, but to the system role of a CDN,
regardless of who owns it. As you say, that CDN should not be treated
differently than any other network equipment.
Our role as security architects is to design systems that are secure,
such as by reducing the overall levels of trust in the system to where
and as much as is necessary.
Regardless of whether the CDN is outsourced or not, it's a component in
the system that our current design of TLS requires us to trust even
though such trust might have been avoided. Once we introduced this hop
that needs its own trusted cert, combined with the fact that the CA
model allows almost-everyone to sign everything, we get the dog poop
effect. I see the issue as not that a cert has many domains, but that
this trusted cert is needed in the first place; regardless of who owns
the box.
Hagai.
--
/Hagai Bar-El/
www.hbarel.com <https://www.hbarel.com?med=sig>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210513/d86db408/attachment.htm>
More information about the cryptography
mailing list