Re: [Full-disclosure] Western Union Certificate Error
I think the key difference is that the certs are still valid even after a breach. Maybe my browser would pop up and say "This certificate is still the one you trusted but the notary signature has been revoked because they got hacked, do you want to continue to trust this notary?" so if you answer no then your browser will stop accepting certs signed by that notary and you have to go find a new notary, but the certs you already trusted keep working fine. A good feature to have would be for the browser to check the date of the hack and remove trust for all certs issued after the hack. With multiple notaries signing one cert it would go on functioning fine even if only one got hacked. Sort of like your key which has 6 bad signatures and 8 good ones. In the present system, if a CA get's hacked we have to remove them from the trusted chain which revokes all their keys and everyone has to reissue their keys with a different CA. We also lack the ability to issue and sign our own keys that we generate later. Given the price of certs these days it makes sense to try to reduce it down to the same price as a notarization(thus ending the race to the bottom) I think the whole browser SSL CA model is fundamentally flawed and we should be using the GPG with public notaries model instead. The only obstacle I can see is getting notaries to use computers and identify when they've been breached. Perhaps some kind of liveCD with Ubuntu Notary Edition? hehe. Then just have audits of the notaries performed daily by an automated check. The same physical security requirements would automatically apply to the computer used to notarize as would apply to their book of signatures they normally are required to keep safe. In the case where an entire system of notaries is corrupt you can revoke their entire region by postal code, province, or even country. I can imagine fake notaries popping up all over China, bribing the officials to certify them, etc. For people doing business in China and who are required by law to have some Chinese notarization, they can go to Wang's house of certs. If they want to do business with me they need to go to one of the embassies I trust and get their ID verified and their cert notarized/signed. Since it's a crime to knowingly provide false info to one of these embassies I now have some recourse in the event that I am defrauded by the owner of the key. Perhaps the real difference is I have a choice? I suppose I have a choice right now to remove all the CA certs but I don't really have a choice of who I ask to verify a certificate. It might be better to have lots of little sticks rather than one big stick. On Sun, Sep 11, 2011 at 12:26 AM, wrote: > On Sat, 10 Sep 2011 19:50:57 +0700, JT S said: >> It doesn't matter who signed it because I only look for whether or not >> I signed it or if my favorite notary signed it. > > You missed the point. You care you signed it - but how do you know you signed > a valid cert that actually belonged to Google, and you didn't sign a fake > Googlle cert? > > And if you only trust it because "my favorite notary" signed it, how is it > different from > the *current* CA model, where you trust a cert only because a CA you trust > signed it? > >> I would imagine that a digital notary would have their own key and goog could >> walk in and get their cert signed the same way we do documents. If that >> notary >> get's breached I can stop trusting their signature but still trust goog >> unless >> they get breached too. > > Umm.. we do that *now* - it's called a CA. And we know how well that works. > This "notary" called DigiNotar got breached recently, and everybody is > installing patches to not trust their signature. Except that without some > valid signature on it *that you trust*, you have no reason to trust the Google > cert after the CA gets breached. Think this through: You're trusting the > Google cert because the CA/notary/whatever told you it was Google. Now if you > discover the registrar is bad, you should *not* trust the Google cert anymore > *either*. > > Consider the recent DigiNotar mess - they actually issued (among many other > things) a signed invalid cert for *.google.com. Everybody who revoked > DigiNotar is then protected against that invalid cert. But if you had signed/ > flagged it trusted/whatever because DigiNotar said it was OK, and then revoked > DigiNotar but then continued to trust that cert because you signed it - *you > are still vulnerable to that bad cert*. > >> So essentially each person would have the ability to issue their own cert and >> get it notarized. If the signatures of the notaries match on my cert and >> someone else's cert, I know they are who they say they are to the limit >
Re: [Full-disclosure] Western Union Certificate Error
It doesn't matter who signed it because I only look for whether or not I signed it or if my favorite notary signed it. I would imagine that a digital notary would have their own key and goog could walk in and get their cert signed the same way we do documents. If that notary get's breached I can stop trusting their signature but still trust goog unless they get breached too. So essentially each person would have the ability to issue their own cert and get it notarized. If the signatures of the notaries match on my cert and someone else's cert, I know they are who they say they are to the limit possible with notaries(e.g. you could still use a fake ID). I suppose it could be scaled by issuing an RFC which lays out the method of notarization and have all the notaries sign each other's keys etc. On Sat, Sep 10, 2011 at 7:30 PM, wrote: > On Sat, 10 Sep 2011 09:39:37 +0700, JT S said: >> It wouldn't be that hard to set up an SVN repo with the public key of >> someone like google. I could then check it out, take the copy over to >> some notary or the company themselves, verify it, sign it, check it >> back in. > > And before you sign it, you and the notary verify that it's actually Google's > public key and not an imposter, how, exactly? And more importantly, does your > scheme still work if you and the notary discover that, in fact, nobody's > bothered to check the public key for "Billy Bob's Bait, Tackle, and App Store" > so you can't rely on "Wow, 3,495,435 people signed it, it *must* be right"? > > This is a problem that a CA usually solves by doing whatever verification of > the request (consider the difference between a regular CA-signed SSL > cedrtificate and an :"Extended Validation" certificate), and PGP solves with > key-signing parties that involve checking of driver's licenses and the like. > And are you really willing to pay out of *your* pocket to do the checking that > an Extended Validation cert requires? How many times will you do that? It > really doesn't scale well anyhow - how many times do you think Google wants to > answer the phone and say "Yes, *yawn* key 3,494,342 is really us" (and more > importantly - how did you verify that it was Google answering the phone?). > > At this point, your scheme them becomes "the first guy who bothers to check > the > key becomes a CA" - and you trust that guy, *why*, exactly? Does your scheme > continue to work in a world where I have 12 signatures on my PGP key, and I've > blacklisted 6 keys because I *know* they signed my key without doing any > proper > validation? > > tl;dr: The hardest part of crypto is always key management. > -- James Snodgrass (303) 736-9452 CONFIDENTIALITY NOTICE This E-Mail transmission (and/or the documents accompanying it) is for the sole use of the intended recipient(s) and may contain information protected by the attorney-client privilege, the attorney-work-product doctrine or other applicable privileges or confidentiality laws or regulations. If you are not an intended recipient, you may not review, use, copy, disclose or distribute this message or any of the information contained in this message to anyone. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message and any attachments. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Western Union Certificate Error
It wouldn't be that hard to set up an SVN repo with the public key of someone like google. I could then check it out, take the copy over to some notary or the company themselves, verify it, sign it, check it back in. Then google could pull the key nightly and verify it hasn't been modded, just signed. Someone could make a simple browser plugin to do all this. Problem solved and no more CAs need be involved. I'm probably going to switch to firefox+convergenge plugin as it seems to have some of this already. As we enter an era when governments are spying on people without probable cause in order to crack down on dissent and free speech, I can see no other alternative. "At this stage of history, one of two things is possible: Either the general population will take control of its own destiny and will concern itself with community interests guided by values of solidarity and sympathy and concern for others, or alternatively there will be no destiny to control."~Chomsky On Fri, Sep 9, 2011 at 10:34 PM, wrote: > On Fri, 09 Sep 2011 16:23:50 +0700, JT S said: > >> revoke. For all I know, anyone who breaks into any CA which is trusted >> by my browser can issue and sign a cert for any domain and the browser >> will blindly accept it. > > Yep. That's how it works... > >> I personally would prefer that the browsers only trust keys that I >> have signed, have low trust for keys signed by keys I have signed, and >> no trust for the rest. > > Paging Phil Zimmerman > >> I'd really like the ability to walk into western union or my bank or local >> google office and sign their key as well as the ability to revoke my >> signature >> without revoking my key. > > A big chunk of the problem there is that although you might *like* that > ability, it really presupposes the existence of an office you can walk into. > I've never seen a local Google office, and at least around here, Western > Union offices are just a terminal at the customer service desk of > supermarkets. > > There's a second, more subtle problem - if you *did* find an office, what > exactly are you attesting by signing something? If you talk to me at a key > signing party, I'll claim that key B4D3D7B0 is mine - and more importantly, I > can (at least in theory, if I have my laptop with me) *prove* I control it by > generating signatures with it. However, if you walk into a Western Union > branch office, all the guy can claim is "Yeah, that fingerprint you have for > our key matches what was on the piece of paper they mailed us last year". > However, *the guy at the branch is no more able to verify that piece of paper > than you are*. He can't prove control of the key by signing something with > the Western Union key (and if he *could*, that's even *more* scary). > > Then there's the third problem - currently, I have *6* keys on my PGP keyring > that are specifically flagged as "do not trust" because I've found copies of > my > key signed by them when I know for a fact I've never met the person and had > them verify my key. Ming you, there's only about a dozen valid signatures on > my key. In other words, my personal set of "personally verified as Doing It > Wrong" is half the size of "people who do it right". And that's among people > that are smart enough to use PGP. > > What is the meaning of any single given signature (including yours) on a key > when every Joe Sixpack who doesn't even really understand keysigning is going > around and signing keys? What do you do if a key has 3 million signatures, > but 1M of them are probably bogus? I won't discuss the question of how you > maintain a web-of-trust structure with 10M entries in it - the current PGP > strong set has only about 45K in it at the moment. > > > -- James Snodgrass (303) 736-9452 CONFIDENTIALITY NOTICE This E-Mail transmission (and/or the documents accompanying it) is for the sole use of the intended recipient(s) and may contain information protected by the attorney-client privilege, the attorney-work-product doctrine or other applicable privileges or confidentiality laws or regulations. If you are not an intended recipient, you may not review, use, copy, disclose or distribute this message or any of the information contained in this message to anyone. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message and any attachments. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Western Union Certificate Error
Non-authoritative answer: Name: wumt.westernunion.com Address: 206.201.228.250 Non-authoritative answer: Name: www.westernunion.com Address: 206.201.228.250 Yeah it looks like either human error or DNS. I didn't check the IPs at the time but perhaps they were different for www and wumt. Is there some way to take a certificate such as this one and manually verify it? I know the browsers automatically check the CRL and the signature of the CA but that doesn't help when you have a CA that has been compromised and doesn't know what certificates are out there to revoke. For all I know, anyone who breaks into any CA which is trusted by my browser can issue and sign a cert for any domain and the browser will blindly accept it. I personally would prefer that the browsers only trust keys that I have signed, have low trust for keys signed by keys I have signed, and no trust for the rest. I'd really like the ability to walk into western union or my bank or local google office and sign their key as well as the ability to revoke my signature without revoking my key. Finally, I'd like to see DNSSEC integrated at the browser layer so that the DNS record has a signature that matches the key I've signed. If the ISPs can ensure their routers direct the traffic to the right IPs from the clients, then we'd be half-way secure in knowing that the party on the other end is who we think it is. On Fri, Sep 9, 2011 at 12:10 PM, coderman wrote: > On Thu, Sep 8, 2011 at 3:07 PM, wrote: >> ... >> And look at the DNS info as seen from here: >> >> www.westernunion.com. 30 IN A 206.201.228.250 >> wumt.westernunion.com. 30 IN A 206.201.227.250 >> >> Naah, no possible way to screw that up. ;) > > check the google cert and observ. it's been in use legitimately for > months. (they just fucked up a deploy. attrition in the QA staff or > just negligence? :) > > most mismatches of CA signed certs are due to human error of a > failboat nature. hoof beats for horses not zebras, etc... > CONFIDENTIALITY NOTICE This E-Mail transmission (and/or the documents accompanying it) is for the sole use of the intended recipient(s) and may contain information protected by the attorney-client privilege, the attorney-work-product doctrine or other applicable privileges or confidentiality laws or regulations. If you are not an intended recipient, you may not review, use, copy, disclose or distribute this message or any of the information contained in this message to anyone. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message and any attachments. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
