Paul Tiemann <paul.tiemann.use...@gmail.com> writes: >[...]
This is kind of a long message to reply to so I'll just post a meta-reply to avoid getting bogged down in nitpicking, the message, as the subject line indicated, was intended to start a discussion on some of the weaknesses inherent in the SSL and commercial PKI model. I consciously worded it to avoid mentioning any CA names, and only mentioned Edgecast because it was impossible not to (I had to provide a URL for the cert), and even then included a disclaimer that it wasn't a criticism of Edgecast. I actually agree with a lot of the points made in the response, since this wasn't a failing of Edgecast or a CA but a problem in the way SSL's PKI (or more generally just PKI as a whole) works. Because it was designed for the purposes of authenticating a single user to the global X.500 directory it really doesn't have any provision for Sybil certs (I'm going to keep calling them that because we need some sort of label for them :-). The intent with posting it to the list was to get input from a collection of crypto-savvy people on what could be done. The issue had previously been discussed on a (very small) private list, and one of the members suggested I post it to the cryptography list to get more input from people. The follow-up message (the "Part II" one) is in a similar vein, a summary of a problem and then some starters for a discussion on what the issues might be. So a general response to the several "well, what would you do?" questions is "I'm not sure, that's why I posted this to the list". For example should an SSL cert be held to higher standards than the server it's hosted on? In other words if it's easier to compromise a CDN host or (far more likely) a web app on it, does it matter if you're using a Sybil cert? I have no idea, and I'm open to arguments for and against. >I've spoken with my contacts at Edgecast, and they expressed that they're >very willing to consider alternate approaches. I'm not actually sure what the "fix" would be for this, or even if there is a fix that needs to be made. Thus the hope to get it discussed on the list. (Oh, and a comment on the XS* bit, that was based on an earlier off-list discussion on messing with Firefox' same-origin policy protection mechanism and isn't relevant here, the real issue is the more obvious one of a single cert acting for large numbers of totally unrelated domains with very different security requirements). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
