Ben Bucksch wrote:
Alaric Dailey wrote:
Heikki Toivonen wrote:
Alaric Dailey wrote:
SSL for identification is worthless without DNS being secured, and
no-one on any list wants to talk about that.
I don't understand how you can claim this. SSL *is* the solution to
insecure DNS. Could you explain?
I must have been unclear... Let me try to clarify
DNS is insecure.
Because SSL relies on DNS, SSL assertions about the identity of a
website are.... less than reliable, No matter how thorough the
identity check.
You are still unclear. SSL certs - at least EV - state both the owner
and the domain name explicitly in the cert. The browser will check the
originally intended hostname (in <a href> or manually entered in
URLbar) against the domain name in the cert (this is a critical part
and the part you may be missing). *If* all the CAs properly verify the
owner - using paper, passport, signature, state records etc. -, only
the owner can offer a EV SLL enabled website under that domain name.
If DNS changes the IP address, the server redirected to won't have the
private key to a cert of that domain name, and won't be able to meet
the SSL challenge that the browser makes.
(You *may* be thinking of DV (Domain Validation) and Class 1 SSL
certs. These are indeed insecure and make SSL a joke. They were a
really bad idea and that is one of the reasons behind EV.)
Assuming no DV/Class1 crap, SSL indeed solves the insecure DNS
problem, as Heikki stated.
No it doesn't see my earlier email. If you want A LOT more information
try reading Bruce Schneier, the Anti-Fraud mailing list to see what I mean.
Therefore even if Verisign is issuing an EV cert for themselves, you
can not be assured that the cert hasn't been stolen and the DNS altered
Well, if the cert owner lets his cert being stolen, of course it's not
secure anymore. More generally, if an attacker breaks into the owner's
server or your own computer for that matter, all hope is lost, you can
circumvent *any* verification scheme then.
If DNS were secure, then attempts to use a stolen cert would be
thwarted. If the certificate were revoked and If all CRLs were signed,
and EVERYONE had checking turned on then attempts to use the stolen cert
would be thwarted.
As far as a fix for DNS, everyone hates hearing it, but the fix is
already out there no one wants to use it though
http://www.dnssec.com
With that said, and realizing that DNS is only one issue
Yes, and actually, SSL goes much further than DNSsec. The latter is
good to prevent DNS spoofs and is much-needed, but it does nothing to
protect the content. Even if you're properly resolving to the right IP
address, nothing stops a MITM happening at your provider etc.. The
provider has full control over where the data streams go and can alter
every bit. With SSL, your browser will notice when content bits are
altered or coming from the wrong server. With DNSSec, only the
hostname -> IP resolution is secured, but not the actual IP path to
the server at all.
Again, I agree that DNSSec should have been rolled out 5 years ago.
But SSL does a lot more than DNSSec.
SSL and DNSSEC are 2 different things. Lets not say that they solve the
same problem, or insinuate that I made such an idiotic statement. SSL
is encryption, DNS is a db that translates human meaningful names into
IPs, SSL relies on DNS, therefore if DNS is insecure, than SSL is made
vulnerable. In fact, I have asserted many times that the ONLY way a CA
can be sure of domain validation is if the DNS for that domain is hosted
by that CA.
With that said, SSL can prevent an MITM, but is another problem
completely. Let me give a quick example using IM and get to my point.
Do you trust Skype Instant Messages to be secure? How do you know there
isn't an MITM, or what encryption scheme they are using, they might
using 56bit DES encryption. How do you know that you are talking to who
you think when you have no way of validating the keys?
With OTR and Simp, you can validate the keys yourself, and in fact it
OTR forces you to.
My point....
Short of a complete overhaul of the internet, the are more problems with
SSL than EV can fix.... Eddys proposal allows the users to see the info
and validate it themselves, and gives them more information than they
currently have, and therefore is a huge step in the right direction
without lining the pockets of Verisign and Microsoft. Even if EV certs
go in, we will fall into the same problems we have now, criminals will
get smarter and they will setup fake corporations, pay off people or
whatever. Without fixing the underlying problems, time is better spent
putting information into the users hands rather than money in the
pockets of the big corporations while simultaneously driving the small
companies out of business.
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security