[145422] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI
daemon@ATHENA.MIT.EDU (Paul Tiemann)
Wed Jul 28 08:22:41 2010
From: Paul Tiemann <paul.tiemann.usenet@gmail.com>
In-Reply-To: <20100727042238.GQ38765@noncombatant.org>
Date: Tue, 27 Jul 2010 22:10:54 -0600
Cc: cryptography@metzdowd.com
To: Chris Palmer <chris@noncombatant.org>
On Jul 26, 2010, at 10:22 PM, Chris Palmer wrote:
> Perry E. Metzger writes:
>=20
>> All major browsers already trust CAs that have virtually no security =
to
>> speak of,
>=20
> ...and trust any of those CAs on any (TCP) connection in the (web app)
> session. Even if your first connection was authenticated by the right =
CA,
> the second one may not be. Zusmann and Sotirov suggested "SSL pinning" =
(like
> DNS pinning, in which the browser caches the DNS response for the rest =
of
> the browser process' lifetime), but as far as I know browsers haven't
> implemented the feature.
I like the idea of SSL pinning, but could it be improved if statistics =
were kept long-term (how many times I've visited this site and how many =
times it's had certificate X, but today it has certificate Y from a =
different issuer and certificate X wasn't even near its expiration =
date...)
Another thought: Maybe this has been thought of before, but what about =
emulating the Sender Policy Framework (SPF) for domains and PKI? Allow =
each domain to set a DNS TXT record that lists the allowed CA issuers =
for SSL certificates used on that domain. (Crypto Policy =
Framework=3DCPF?)
cpf.digicert.com IN TXT ""v=3Dcpf1 /^DigiCert/ -all"
Get the top 5 browsers to support it, and a lot of that "any CA can =
issue to any domain" risk goes way down.
Thought: Could you even list your own root cert there as an http URL, =
and get Mozilla to give a nicer treatment to your own root certificate =
in limited scope (inserted into some kind of limited-trust cert store, =
valid for your domains only)
Is there a reason that opportunistic crypto (no cert required) hasn't =
been done for https? Would it give too much confidence to people whose =
DNS is being spoofed?
> A presentation I've given at a few security gatherings may be of =
interest. I
> cover some specific security, UI/UX, and policy problems, as well as =
some
> general observations about incentives and barriers to improvement. Our
> overall recommendation is to emulate the success of SSH, but in a =
browser-y,
> gentle-compliance-with-the-status-quo-where-safe way.
>=20
> https://docs.google.com/present/view?id=3Ddf9sn445_206ff3kn9gs
Great slides! The TOFU/POP is nice, and my favorite concept was to =
translate every error message into a one sentence, easy-to-understand =
statement.
Paul Tiemann
(DigiCert)=
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
