Hi Arshad,
It occurs to me that we're almost there.
On 22/09/11 02:30 AM, Arshad Noor wrote:
Thirdly, lets assume that the compromised CA has *explicitly* entered
into a cross-certification agreement with one or more other TTP CAs.
Right, they got themselves listed by the browsers, who hid t
On 2011-09-22 2:30 AM, Arshad Noor wrote:
In the first place, as you know, browsers have a trust-store of unique
self-signed TTP CA certificates; not cross-certified certificates. All
SSL/TLS connections between browsers and a site with an SSL certificate
issued by one of those TTP CA's, involves
On Wed, Sep 21, 2011 at 11:30 AM, ianG wrote:
> It's a good term! Add my use: There is a universal implicit
> cross-certification in the secure browsing PKI, and the industry knows it,
> or should know it.
>
> Indeed, we can show evidence of this in Chrome's CA pinning.
I had assumed everyone
Hi all,
On 22/09/11 02:30 AM, Arshad Noor wrote:
On 09/18/2011 11:59 AM, Peter Gutmann wrote:
Arshad Noor writes:
Just because you come across one compromised CA out of 100 in the
browser,
does not imply that the remaining 99 are compromised (which is what
you are
implying with your statem
On Wed, Sep 21, 2011 at 12:30 PM, Arshad Noor
wrote:
> On 09/18/2011 11:59 AM, Peter Gutmann wrote:
>>
>> Arshad Noor writes:
>>
>>> Just because you come across one compromised CA out of 100 in the
>>> browser,
>>> does not imply that the remaining 99 are compromised (which is what you
>>> are
>
On 09/18/2011 11:57 AM, Peter Gutmann wrote:
Arshad Noor writes:
Are there weaknesses in PKI? Undoubtedly! But, there are failures in every
ecosystem. The intelligent response to "certificate manufacturing and
distribution" weaknesses is to improve the quality of the ecosystem - not
throw t
On 09/18/2011 11:59 AM, Peter Gutmann wrote:
Arshad Noor writes:
Just because you come across one compromised CA out of 100 in the browser,
does not imply that the remaining 99 are compromised (which is what you are
implying with your statement).
Since browser PKI uses universal implicit cro
On Mon, Sep 19, 2011 at 7:31 PM, Benjamin Kreuter wrote:
> On 09/18/2011 05:11 PM, Marsh Ray wrote:
>> B. If your threat model considers as an adversary government A, then
>> you're in good company with governments B through Z. So all the comments
>> on "won't save you from The Government", while
On 09/18/2011 05:11 PM, Marsh Ray wrote:
> B. If your threat model considers as an adversary government A, then
> you're in good company with governments B through Z. So all the comments
> on "won't save you from The Government", while true, are also
> potentially writing off your biggest ally.
Un
"James A. Donald" writes:
>The peers who do the peer reviewing for IDtrust, are not peers at all, but
>high priests who review for doctrinal conformity to the consensus of the the
>most holy synod,
I know you meant that tongue-in-cheek, but in some cases it's frighteningly
close to the truth.
On 09/18/2011 11:48 PM, Arshad Noor wrote:
On 09/18/2011 01:12 PM, Marsh Ray wrote:
But the failure of *any* single CA allows a successful attack on *every*
user connecting to *every* https website.
Would you care to explain this in more detail, Marsh?
Please feel free to frame your explanat
Marsh Ray wrote:
But the failure of *any* single CA allows a successful attack on *every*
user connecting to *every* https website.
On 2011-09-19 2:48 PM, Arshad Noor wrote:
Would you care to explain this in more detail, Marsh?
Please feel free to frame your explanation as if you were
explai
On 09/18/2011 01:12 PM, Marsh Ray wrote:
But the failure of *any* single CA allows a successful attack on *every*
user connecting to *every* https website.
Would you care to explain this in more detail, Marsh?
Please feel free to frame your explanation as if you were
explaining this to a 6-ye
On 09/18/2011 03:53 PM, James A. Donald wrote:
On 2011-09-19 4:21 AM, Arshad Noor wrote:
Rather than shoot from the hip, the logical way to propose a solution
would be to write a paper on it and submit it to IDTrust 2012 for
discussion.
Oh come on!
Everyone is bored with IDtrust, which is why
On 09/18/2011 03:33 PM, James A. Donald wrote:
On 2011-09-19 3:50 AM, Arshad Noor wrote:
I'm afraid we will remain in disagreement on this. I do not view the
failure of a single CA as a failure of PKI, no more than I see the
crash of a single airplane as an indictment of air-travel.
And simila
Hi Joe,
On 19/09/11 5:30 AM, Joe St Sauver wrote:
Ian asked:
#Right -- how to fix the race to the bottom?
Wasn't that supposed to be part of the Extended Validation solution?
In a way, it was. More particularly it was the fix to certificate
manufacturing. The "obvious" fix to low quality
On 19/09/11 7:11 AM, Marsh Ray wrote:
Now that the cat's out of the bag about PKI in general and there's an
Iranian guy issuing to himself certs for www.*.gov seemingly at will,
Hmmm... did he do that?
That would seem to get the message across to the PKI proponents far
better than logic or e
On 2011-09-19 5:30 AM, Joe St Sauver wrote:
If it has failed at that, and I could see arguments either way, the
other "natural" solution is probably government regulation.
Many CAs are already government entities, and most are arguably quasi
government entities - and by and large, the governme
On 2011-09-19 4:21 AM, Arshad Noor wrote:
Rather than shoot from the hip, the logical way to propose a solution
would be to write a paper on it and submit it to IDTrust 2012 for
discussion.
Oh come on!
Everyone is bored with IDtrust, which is why they have to keep changing
their name.
The p
On 2011-09-19 3:50 AM, Arshad Noor wrote:
I'm afraid we will remain in disagreement on this. I do not view the
failure of a single CA as a failure of PKI, no more than I see the
crash of a single airplane as an indictment of air-travel.
And similarly, you do not see a wall with a single man siz
On 09/18/2011 03:30 PM, Benjamin Kreuter wrote:
To put it another way, governments like having the power to wiretap
criminals, and they want their law enforcement agencies to be able to
perform MITM attacks as part of that wiretapping power. Why would we
trust the group of people who want to ha
On 09/18/2011 03:30 PM, Joe St Sauver wrote:
> Ian asked:
>
> #Right -- how to fix the race to the bottom?
>
> Wasn't that supposed to be part of the Extended Validation solution?
>
> If it has failed at that, and I could see arguments either way, the
> other "natural" solution is probably gover
On 09/18/2011 12:50 PM, Arshad Noor wrote:
On 09/17/2011 10:37 PM, Marsh Ray wrote:
It really is the fact that there are hundreds of links in the chain and
that the failure of any single weak link results in the failure of the
system as a whole.
I'm afraid we will remain in disagreement on th
Ian asked:
#Right -- how to fix the race to the bottom?
Wasn't that supposed to be part of the Extended Validation solution?
If it has failed at that, and I could see arguments either way, the
other "natural" solution is probably government regulation. It likely
wouldn't be pretty, but imagine:
On 19/09/11 3:50 AM, Arshad Noor wrote:
On 09/17/2011 10:37 PM, Marsh Ray wrote:
It really is the fact that there are hundreds of links in the chain and
that the failure of any single weak link results in the failure of the
system as a whole.
I'm afraid we will remain in disagreement on this.
Arshad Noor writes:
>Rather than shoot from the hip, the logical way to propose a solution would
>be to write a paper on it and submit it to IDTrust 2012 for discussion. If
>it is selected, it will have the merit of having been reviewed and deemed
>worthy of discussion.
So we have to ask the pe
Arshad Noor writes:
>Just because you come across one compromised CA out of 100 in the browser,
>does not imply that the remaining 99 are compromised (which is what you are
>implying with your statement).
Since browser PKI uses universal implicit cross-certification, it is indeed
the case that i
Arshad Noor writes:
>Are there weaknesses in PKI? Undoubtedly! But, there are failures in every
>ecosystem. The intelligent response to "certificate manufacturing and
>distribution" weaknesses is to improve the quality of the ecosystem - not
>throw the baby out with the bath-water.
The intell
On 09/18/2011 10:53 AM, Ralph Holz wrote:
Hi,
Are there weaknesses in PKI? Undoubtedly! But, there are failures
in every ecosystem. The intelligent response to "certificate
manufacturing and distribution" weaknesses is to improve the quality
of the ecosystem - not throw the baby out with the
Hi,
> Are there weaknesses in PKI? Undoubtedly! But, there are failures
> in every ecosystem. The intelligent response to "certificate
> manufacturing and distribution" weaknesses is to improve the quality
> of the ecosystem - not throw the baby out with the bath-water.
And how do you propose
On 09/18/2011 03:05 AM, Ian G wrote:
You guys have a very funny way of saying probability equals 100% but
hey, ... as long as we get there in the end, who am I to argue :)
That is not what I'm saying, Ian. Just because you come across one
compromised CA out of 100 in the browser, does not imp
On 09/17/2011 10:37 PM, Marsh Ray wrote:
It really is the fact that there are hundreds of links in the chain and
that the failure of any single weak link results in the failure of the
system as a whole.
I'm afraid we will remain in disagreement on this. I do not view the
failure of a single CA
On 18/09/11 1:54 PM, Arshad Noor wrote:
When one connects to a web-site, one does not trust all 500 CA's in
one's browser simultaneously; one only trusts the CA's in that specific
cert-chain. The probability of any specific CA from your trust-store
being compromised does not change just because
On 18/09/11 2:59 PM, Arshad Noor wrote:
On 09/17/2011 09:14 PM, Chris Palmer wrote:
Thus, having more signers or longer certificate chains does not reduce
the probability of failure; it gives attackers more chances to score a
hit with (our agreed-upon hypothetical) 0.01 probability. After just
On Sun, Sep 18, 2011 at 1:37 AM, Marsh Ray wrote:
> On 09/17/2011 11:59 PM, Arshad Noor wrote:
>>
>> The real problem, however, is not the number of signers or the length
>> of the cert-chain; its the quality of the "certificate manufacturing"
>> process.
>
> No, you have it exactly backwards.
>
>
On 2011-09-18 3:37 PM, Marsh Ray wrote:
Now you may be a law-and-order type fellow who believes that "lawful
intercept" is a magnificent tool in the glorious war on whatever. But if
so, you have to realize that on the global internet, your own systems
are just as vulnerable to a "lawfully execute
On 09/17/2011 11:59 PM, Arshad Noor wrote:
The real problem, however, is not the number of signers or the length
of the cert-chain; its the quality of the "certificate manufacturing"
process.
No, you have it exactly backwards.
It really is the fact that there are hundreds of links in the chai
On 09/17/2011 09:14 PM, Chris Palmer wrote:
Thus, having more signers or longer certificate chains does not reduce the
probability of failure; it gives attackers more chances to score a hit with
(our agreed-upon hypothetical) 0.01 probability. After just 100 chances, an
attacker is all but ce
On Sep 17, 2011, at 8:54 PM, Arshad Noor wrote:
> When one connects to a web-site, one does not trust all 500 CA's in
> one's browser simultaneously;
Actually, that is exactly the situation.
If, and only if, the person operating the browser inspects the certificate
chain and knows what to expec
Note: I've had to paraphrase some of the content from the archives,
so please excuse me if this does not appear in the context of the
original thread.
I remember enough of my Advanced Statistics from school to know that
the following line of reasoning is fallacious, and can leads to
erroneou
40 matches
Mail list logo
