On 16/04/2014 16:30 pm, Jason Iannone wrote: > The more I read, the more bewildered I am by the state of the PKI.
No, not nearly enough: http://iang.org/ssl/pki_considered_harmful.html http://iang.org/ssl/ > The trust model's unwieldy system[1] of protocols, dependencies, and > outright assumptions begs to be exploited. Add to that the browser > behavior for a self-signed certificate (RED ALERT! THE SKY IS > FALLING!) compared to a "trusted" site and we're in bizarro world. Worse, consider Firefox's behaviour: it considers a certificate-secured site such as a self-cert'd site to be dangerous, but it does not consider a HTTP site to be dangerous. So it tells the user HTTP is safe, whereas an attempt to secure means that the user is being robbed! Go figure... Worse still, Firefox actually deceives and lies about the status of good certificates. If there is an ordinary SSL site, it shows it as white, same as HTTP. Icons and indicators are downplayed, lost in the noise. Worse again: If you click on the icon to ask, it says "you are connected to www.example.com which is run by ( *UNKNOWN* )" even though the browser has a certificate that states clearly who runs the site. Try this site which is run by Google, as it says in the cert: https://developer.android.com/ Looking deeper it states: Owner: This website does not supply ownership information. One can only assume Firefox is upselling you to green certs, but lying and deceiving in the process. Chrome says something different, which I don't understand, but it doesn't seem to be quite so blatant. Is there any wonder nobody trusts any of it? > I'd rather we close the gap and appreciate a secure transaction with > an unauthenticated party than proclaim all is lost when a self-signed > key is presented. I see no reason to trust VeriSign or Comodo any > more than Reddit. Assuming trust in a top heavy system of Certificate > Authorities, Subordinate Certificate Authorities[2], Registration > Authorities, and Validation Authorities[3] in a post bulk data > collection partnership world is a non-starter. The keys are > compromised. > > With that, I ask for a history lesson to more fully understand the > PKI's genesis and how we got here. Maybe a tottering complex > recursive heirarchical system of trust is a really great idea and I > just need to be led to the light. Sigh. You're thinking of it as a hierarchy of trust. That isn't what it is. There's no trust anywhere in the system, even the word 'trust' as used means a mandated obligatory acceptance, not trust as humans know it. > [1]http://csrc.nist.gov/publications/nistpubs/800-15/SP800-15.PDF, > http://csrc.nist.gov/publications/nistpubs/800-32/sp800-32.pdf > [2]https://www.eff.org/files/DefconSSLiverse.pdf, > https://www.eff.org/files/ccc2010.pdf > [3]http://en.wikipedia.org/wiki/Public-key_infrastructure I just ate breakfast, no thanks :( iang _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
