There are two long-term trends that might inform this argument.
1. Vendors have typically refused to improve the model of browser
security if it has involved changes to the model. There is a long
history of people providing suggestions, papers and code, and the
vendors have ignored them. It is one of the more compelling evidences
that vendors do not have users' interest in mind, taking their guidance
from the supply side.
1.a the current rebel from the trend is google. The reason for this can
be seen in its business makeup. google unlike the rest is both a vendor
*and a user*. As it has come under attack for its second role, it has
sought to defend. CAs have not been of any use. As an
engineering-heavy company, it has seen engineering improvements that
could be made. For this reason, google can be seen to be experimenting
with changes, and continuing to do so.
We should welcome these early experiments, wherever they come from.
This is regardless of whether they are good, bad, up or down. The only
way to fix the mess is to change internal architectural assumptions of
the browsing PKI (e.g., including as people have pointed out the
brittleness of one-for-all and all-for-one aspect, perhaps we should
refer to at as the 3 Musketeers weakness). The point here being that
you might get to consider the really serious problems of the model once
you have gained some confidence fiddling around at the edges.
2. The basic flaws of the model and the business structure are forcing
the vendors to take on a role that might be considered to be a meta-CA,
sometimes jokingly referred to as the über-CA. You can see this in the
quasi-auditing procedure conducted by Mozilla known as their policy, and
the recent addition of root revocation capabilities in the last 3 years.
In the nick of time it might seem, but every action has consequences.
Which is to say, now that vendors have taken on the role, and become the
über-CAs, they are more likely to PKI-us-harder than lesser. E.g.,
google's current trend with pinning, CT, and dropping self-signed certs
are obviously that, as they do more with PKI not less. It's going to
take a while before they get frustrated at this.
Point being, it is nice to see someone doing something. But we aren't
going to get the direction needed for some time.
On 6/01/13 16:53 PM, Ben Laurie wrote:
On Sun, Jan 6, 2013 at 1:15 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
Ben Laurie <b...@links.org> writes:
On Sat, Jan 5, 2013 at 1:26 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
In the light of yet another in an apparently neverending string of CA
failures, how long are browser vendors going to keep perpetuating this PKI
farce? [0]. Not only is there no recorded instance, anytime, anywhere, of a
browser certificate warning actually protecting users from harm [1],
This is patently incorrect: Diginotar were caught by a browser warning.
Well, we think that at least one user was. We definitely know that 300,000
others weren't. That's hardly a triumph of browser PKI.
Let's look at the figures in more detail. There are around a billion users of
the Internet. Let's say that they go to two SSL-enabled sites a day, probably
a lower bound but it's just a back-of-the-envelope thing. That's two billion
uses of browser PKI a day, let's call it roughly a trillion a year. SSL has
been around in significant volume for, say, about 15 years, so that's 15
trillion uses. The number of people who reported being warned about the
Diginotar cert was, say, a dozen or so, and of that we don't know how many
ignored the warning and clicked through anyway, as they've been conditioned to
do.
My understanding is you can't click through a pinning warning.
There are figures from an earlier invalid-cert case in which exactly one
user out of 300 was turned back by the warning, but let's be generous and say
it was two users who were turned away. So out of 15 trillion uses of browser
PKI, two worked to protect users. In other words it has an effectiveness rate
of one in seven trillion.
a) I don't believe your figures, and
b) You are not counting all the people who were protected by the early
detection of Diginotar.
That pretty much makes browser PKI the homeopathy of security.
Certificate Transparency is a real security measure that is a response by a
browser vendor.
So the response to the repeated failure of browser PKI is PKI-me-harder.
Yeah, that's really going to make users safer.
I suspect you don't understand CT - perhaps you'd care to explain why
it is PKI-me-harder?
In any case, its time you updated your out-of-date rant - or, even
better, explained your solution to the problem.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
