(Followup-To m.d.crypto)
In private discussion, Eddy of StartCom suggested SSL CA certs for
* internal sites (company webmail/IMAP, VPN etc.)
* private discussion (blogs, forums, chat)
* generally everything where you supply a login/password.
I think other solutions are more appropriate in each case.
Generally, SSL has a root weakness: Certs expire and can be replaced
with new ones silently. This means *any* root CA (e.g. VeriSign) can
issue a cert and hand it to a TLA and my communication partners will not
notice anything. This weakness exists until certs are everlasting
(breaking the current revenue model of CAs) and clients (browsers etc.)
store certificates that they have seen, similar to SSH. I.e. PKI would
be used only for the *first* contact.
This problem means that SSL is only appropriate for normal business,
where governments and CAs are not enemies, but is not suitable for
private communication and highly sensitive data. In other words, SSL is
great for webshops, and applicable for normal business communication,
i.e. where at worst a few million dollars are lost, but nothing where it
really matters.
Private communication: Problem as described above. Initial contact can
gain from PKI, but only where realname is important. Given that most
people use nicknames, and it works just fine, not even that really
matters. The only thing that is important is that the "Fred" I know is
always the *same* Fred. Self-signed certs (SSH model) achieve that. SSL
does *not* guarantee that. Whether Fred is actually "Joe" in real life
makes no difference to me.
Internal sites: I think these should use self-signed certs, and *reject*
CA-signed ones. This is possible, because a physical, thus secure
out-of-band, communication is possible. I think CAs are actually the
weak link here, because they are an external party.
Login: Use HTTP Digest (although nobody uses it :-( ). That's vulnerable
to MITM, though, right? Is there a way to avoid it? I don't see one.
If the above is accepted, it would need subtle UI changes, maybe small
changes to NSS, maybe changes to the SSL PKI model (removal of expiry,
keep only revocation).
--
When responding via mail, please remove the ".news" from the email address.
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
