On Wed, 28 Jul 2010 15:30:08 -0600 Paul Tiemann <paul.tiemann.use...@gmail.com> wrote: > > However, in discussing this at a high level, as though we could > > improve things, we shouldn't kid ourselves about the current > > model. It is fatally broken. Hanging garlands from the corpse's > > ears will not convince anyone that it has a vibrant future ahead. > > "it will CLEARLY not solve the browser security problem." > "the certifications made by even the best of those CAs are > effectively MEANINGLESS" "the users are well trained to ignore > EVERY browser warning they EVER get" "the ENTIRE question of OCSP > is somewhat irrelevant." "spritzing the SKUNK with eau de cologne." > "hanging garlands from the corpses ears."
I stand by all the things I said above, other than the apparent lack of an apostrophe in "corpse's". I realize it isn't moderate language, but on the other hand, my meaning is unmistakable. > That's all expressed in very certain terms. We've been watching the slow motion accident very closely for a couple of decades now. If that isn't long enough to develop certainty, I don't know how many years would suffice. To believe we can fix the mess now would be to ignore twenty years of experience. > Is OCSP _that_ hopeless? I believe you misunderstand me. I'm not talking about OCSP. I'm saying the entire X.509 certificate infrastructure used in web browsers is hopeless. OCSP is just one small hopeless component of a hopeless whole. (I don't think things are particularly better in other applications of the system, but there are almost no other widely used applications beyond code signing anyway. S/MIME and the rest are not merely dead but nearly forgotten.) There are multiple completely fatal flaws in the system. Any one of them alone would suffice. To repeat just a few: 1) The user's security depends on the security of the worst CA in the system. If there is any dispute about this, I would like to know on what basis. There should be no dispute that CAs have certified things they should not have, and will do so again. There should be no dispute that some CAs have been sold and their keys subsequently passed around under less than ideal circumstances. There should be no dispute that not all CAs are what would be universally considered trustworthy organizations. 2) Users have been trained by too many false alarms to ignore all browser warnings. If you don't believe me, there are fine papers about what real users do when exposed to warnings, and they ignore them. Users also have no real ability to understand the error messages even if they did still care about them. 3) Revocation in the face of compromise is, as a practical matter, nearly impossible. 4) CAs as a practical matter disclaim all liability and are not, in fact, insuring anything in the sense of insurance. 5) The third party attestation idea is wrong as it does not properly model the actual trust relationships and liability among the parties. 6) The entire idea of signed attestations that last for years is based on a pre-Internet, largely offline model of security. There is more, but why should we belabor it? The parrot is not pining for the fjords. I'm only surprised that the nails have kept it vertical for so long. Perry -- Perry E. Metzger pe...@piermont.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com