On 07/31/2015 05:31 PM, Nicolas George wrote: > Le decadi 10 thermidor, an CCXXIII, Christian Seiler a écrit : >> But no other way without using the service of companies with a >> business model that many people don't necessarily want to >> support. > > The business model may be more acceptable, but the security model is the > same, and it is utterly broken. > > [Long explanation of why the CA trust model is broken and > what kind of trust model you'd prefer.]
I completely agree with your explanations about why the current
model is broken, and am very intrigued by the suggestions you
have to fix it.
What I disagree with, however, is the following:
> Back to "let's encrypt": I usually do not condone behaviours that we call
> "politique du pire"¹, but I must observe that, by making the whole system
> more acceptable to people who thought of the ugly business model but not of
> the absurd trust model, "let's encrypt" will delay the apparition of a
> correct system.
No, it won't, I think you are deluding yourself here. We've had
years of website owners having to pay a TON of money to get
certificates that would be accepted in browsers, with other
people using self-signed certificates and users often accepting
them anyway (because they want to access the site) - and the
proper system has NOT developed, even though many people may
have had a large incentive to actually change it (because they
were continuously paying a lot of money for an essentially
ineffective service). So it has been really, really bad for a
long time, and it hasn't improved at all.
Look at it this way:
Current situation:
- many sites don't offer any encryption at all, and at least
one reason for that is because it's hard to properly set
up TLS certificates (even if you'd be willing to pay the
money required)
- many legitimate sites operate with invalid (e.g. expired)
certificates or even self-signed certificates. Most users
simply ignore any warnings browsers give
- certificate replacement is fraught with errors currently,
causing this
- therefore, if you want to do MITM currently, you are very,
very likely to get away with just using a self-signed
certificate and many users will simply ignore the warnings
their browser gives them. Sure, people such as myself will
not fall for that, but far too many will
Situation after something like Let's Encrypt:
- properly setting up certificates, dealing with renewal etc.
will be _easy_, you set it up once and an automated system
will do it for you
- there will be no excuse anymore to operate with
self-signed and/or invalid (expired) certificates
- it will become reasonable for programs to simply start
rejecting invalid and/or self-signed certs (without the
possibility to override that as is currently possible, or
at least making it a *LOT* harder[1])
(not saying that's going to happen, but I would really
welcome this)
- if you want to do MITM with TLS, you will actually have to
somehow get a valid certificate by a CA - which is
definitely possible, as has been shown in the past, but
still much more difficult than to simply set up something
with a self-signed certificate. So yes, while it will not
prevent ALL attackers (especially not governments), it
WILL prevent a lot of attackers that might collect
low-hanging fruit
So yes, "Let's Encrypt" will not solve the CA security model
at all - but it will improve upon the current situation quite
a bit, because the current situation is just completely
horrible. With "Let's Encrypt" it will still be horrible, but
not completely so anymore.
Also, I think that if "Let's Encrypt" shows that gradual
innovations when it comes to the CA model are possible, this
will give a boost to other measures that try to change the
current model into something that actually works. Therefore,
I think the opposite of what you're claiming is true: "Let's
Encrypt" will _help_ in reforming the CA system by providing
a first step of marginally improving it. It won't be a huge
step that fixes everything, but it will show that change IS
indeed possible (remember: for around 20 years nothing REALLY
changed in that regard at all!) - and because it's going to
be gratis, it will severely disrupt the business model of
existing CAs - to the point where they will be looking for
slightly different business models, such as the one you are
describing here - thus in fact bringing about the necessary
incentive structure for change.
Of course, that's just my personal opinion, and the future
will tell if my prediction comes true.
Christian
[1] Even the current Firefox/Iceweasel versions make it too
easy to override that in my eyes.
signature.asc
Description: OpenPGP digital signature
