On Tue, Mar 20, 2012 at 8:12 AM, Ian Bicking <i...@mozilla.com> wrote: > On Tue, Mar 20, 2012 at 2:08 AM, lkcl <luke.leigh...@gmail.com> wrote: >> >> ok. so. a summary of the problems with using SSL - and CSP, >> and "pinning" - is described here: >> >> https://wiki.mozilla.org/Apps/Security#The_Problem_With_Using_SSL >> >> the summary: it's too complex to deploy, and its deployment results in >> the site becoming a single-point-of-failure [think: 1,000,000 downloads >> of angri burds a day]. > > > I don't think I entirely understand what that section is referring to – in > the first section maybe it is referring to client certificates?
in some ways it doesn't matter, because the sheer number of problems with reliance on SSL as a solution make SSL completely useless. SSL is a host-orientated PKI infrastructure. what's needed (as you hint below) is *person*-orientated PKI infrastructure. and that's what the debian (apt) and fedora/redhat/suse (yum) distribution infrastructure provides: *person*-orientated PKI infrastructure. the discussion is revolving around SSL, SSL, SSL, so there's clearly no fear of deployment of PKI itself. but with *person*-orientated PKI infrastructure, you gain total independence from the entire distribution model. SSL, HTTP, FTP, rsync, CD, DVD, usb stick, Carrier Pigeons, it doesn't matter. > I don't think https alone is unscalable. yes it is [unscalable]. unscalable to the scale of "1,000,000 downloads per day" scale, which in the context of say 100,000,000 mobile phones deployed world-wide is an *UNDERESTIMATE* of the number of potential downloads. this is the primary reason why host-based PKI is wildly inappropriate. it just won't scale to the kind of volumes that would result from a successful mobile phone OS. > And yes, there are other kinds of attacks > on SSL; some of which we can actually handle (like with pinning – I'm not > sure why pinning causes problems?) it ties the downloads solely and exclusively to that specific host, doesn't it? do you see that that is a problem? think it through, ian, in the context of massive volume of product. mozilla simply cannot even be involved in any kind of hosting or any of the infrastructure - at all - and it has been stated already (by people in mozilla) that this will not happen. the only hosting that mozilla will do is of the source code of the B2G Operating System and its documentation, just like google does. l. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
