On Jul 26, 2010, at 10:22 PM, Chris Palmer wrote:

> Perry E. Metzger writes:
>> All major browsers already trust CAs that have virtually no security to
>> speak of,
> ...and trust any of those CAs on any (TCP) connection in the (web app)
> session. Even if your first connection was authenticated by the right CA,
> the second one may not be. Zusmann and Sotirov suggested "SSL pinning" (like
> DNS pinning, in which the browser caches the DNS response for the rest of
> the browser process' lifetime), but as far as I know browsers haven't
> implemented the feature.

I like the idea of SSL pinning, but could it be improved if statistics were 
kept long-term (how many times I've visited this site and how many times it's 
had certificate X, but today it has certificate Y from a different issuer and 
certificate X wasn't even near its expiration date...)

Another thought: Maybe this has been thought of before, but what about 
emulating the Sender Policy Framework (SPF) for domains and PKI?  Allow each 
domain to set a DNS TXT record that lists the allowed CA issuers for SSL 
certificates used on that domain.  (Crypto Policy Framework=CPF?)

cpf.digicert.com IN TXT ""v=cpf1 /^DigiCert/ -all"

Get the top 5 browsers to support it, and a lot of that "any CA can issue to 
any domain" risk goes way down.

Thought: Could you even list your own root cert there as an http URL, and get 
Mozilla to give a nicer treatment to your own root certificate in limited scope 
(inserted into some kind of limited-trust cert store, valid for your domains 

Is there a reason that opportunistic crypto (no cert required) hasn't been done 
for https?  Would it give too much confidence to people whose DNS is being 

> A presentation I've given at a few security gatherings may be of interest. I
> cover some specific security, UI/UX, and policy problems, as well as some
> general observations about incentives and barriers to improvement. Our
> overall recommendation is to emulate the success of SSH, but in a browser-y,
> gentle-compliance-with-the-status-quo-where-safe way.
> https://docs.google.com/present/view?id=df9sn445_206ff3kn9gs

Great slides!  The TOFU/POP is nice, and my favorite concept was to translate 
every error message into a one sentence, easy-to-understand statement.

Paul Tiemann
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to