On Jul 26, 2010, at 10:22 PM, Chris Palmer wrote: > Perry E. Metzger writes: > >> All major browsers already trust CAs that have virtually no security to >> speak of, > > ...and trust any of those CAs on any (TCP) connection in the (web app) > session. Even if your first connection was authenticated by the right CA, > the second one may not be. Zusmann and Sotirov suggested "SSL pinning" (like > DNS pinning, in which the browser caches the DNS response for the rest of > the browser process' lifetime), but as far as I know browsers haven't > implemented the feature.
I like the idea of SSL pinning, but could it be improved if statistics were kept long-term (how many times I've visited this site and how many times it's had certificate X, but today it has certificate Y from a different issuer and certificate X wasn't even near its expiration date...) Another thought: Maybe this has been thought of before, but what about emulating the Sender Policy Framework (SPF) for domains and PKI? Allow each domain to set a DNS TXT record that lists the allowed CA issuers for SSL certificates used on that domain. (Crypto Policy Framework=CPF?) cpf.digicert.com IN TXT ""v=cpf1 /^DigiCert/ -all" Get the top 5 browsers to support it, and a lot of that "any CA can issue to any domain" risk goes way down. Thought: Could you even list your own root cert there as an http URL, and get Mozilla to give a nicer treatment to your own root certificate in limited scope (inserted into some kind of limited-trust cert store, valid for your domains only) Is there a reason that opportunistic crypto (no cert required) hasn't been done for https? Would it give too much confidence to people whose DNS is being spoofed? > A presentation I've given at a few security gatherings may be of interest. I > cover some specific security, UI/UX, and policy problems, as well as some > general observations about incentives and barriers to improvement. Our > overall recommendation is to emulate the success of SSH, but in a browser-y, > gentle-compliance-with-the-status-quo-where-safe way. > > https://docs.google.com/present/view?id=df9sn445_206ff3kn9gs Great slides! The TOFU/POP is nice, and my favorite concept was to translate every error message into a one sentence, easy-to-understand statement. Paul Tiemann (DigiCert) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com