Ian G wrote, On 2008-10-19 15:17: > Nelson B Bolyard wrote: >> KCM would have accepted those certs without any complaint. > > Ahhh, not exactly! With KCM, it is not up to it to accept any certs > any time: unfamiliar certs are passed up to the user for validation.
Yes, but the users are conditioned to accept all certs upon initial presentation. I used to think SSH's KCM model was pretty good, until someone (it was You, actually) opened my eyes to the fact that users do not attempt to verify key correctness, do not attempt to do out-of-band verification of key "thumbprints" or any other reasonable verification, but instead merely always assume that the key they get is valid, the first time they connect to the server. When I learned that, I contacted many people who were SSH aficionados, and they all confirmed the truth of that situation that had been too horrible for me to even imagine until it was told to me. So, today, I equate KCM with accepting all keys at face value, upon first contact. That's just what the victim in bug 460374 did. I would not say that it served her well. > If the user does not validate, then she has done a bad thing. Um, er, well, in this case, she would have done a GOOD thing, no? >> And don't forget the Debian key generator. It showed us that a serious >> flaw in KCM is the complete lack of any revocation mechanism. > > Not sure about that one? Do you mean all the SSH servers that were > exposed to compromise because of the Debian OpenSSL random snafu? Yes. And the 10MB file that SSH users must now drag around containing all those bad keys, since there is no service to which they can turn for revocation help. > Even the nice low $$$ cost of a Startcom cert -- free! -- isn't going to > wrest them away from their precious KCM, and for good reason: for that > particular application, revocation isn't worth the costs that it would > add to the solution. That 10MB file that they all must drag around now is an ongoing cost of the solution. It's a back breaker for browsers, more than doubling the size of the browser download to include that file. >> I want to drive a stake through the heart of something, too. >> Can you guess what it is? > This one I can guess [1] :) > [1] but I couldn't guess the one in your essay! I'm quite curious! What would you guess instead? > If the user does not validate, or validates badly, then the world > will eventually drift to failures. And you have taught me well that users simply do not validate, but merely accept all server keys at face value on initial contact. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
