On 2011-09-10 11:22 AM, Peter Gutmann wrote:
Lucky Green<[email protected]> writes:
We are also seeing a near universal call for "fixes" of the broken PKI
paradigm. I couldn't agree more that fixes - and indeed redesigns - are badly
needed and have been for some 15+ years. Pretty much since the day the word
PKI was coined. What I hear much more rarely are discussions if the proposed
fixes actually solve the problem.
This is the problem with the mass of point solutions to various bits of PKI
that are being proposed (including my own fix for OCSP). Even if we fixed
every piece of it, it would have close to zero effect on securing browser
users, because browser PKI doesn't defend against anything that attackers are
doing (insert standard refs to things like APWG data supporting this). So we
need to figure out what we're actually trying to achieve:
1. Fiddle with PKI because it's technical and fiddling with technology is
fun, and it's a convenient distraction from having to think about the
real problem.
2. Act to protect browser users, which has little to nothing to do with PKI.
At the moment most (all?) of the response seems to be (1), "here's a flaw, and
here's a proposed kewl technical thing to do to fix it". So at the end of it
all we may have a slightly less broken browser PKI, but the attackers won't
even notice.
We need to look at "how do we protect browser users" (thus<propaganda>my
EuroPKI talk</propaganda>), not "how do we fix something that, even if it
worked, wouldn't actually work".
Most attacks aim to obtain shared secrets, so, obviously, a major
solution is not fixing PKI, but SRP
Email is the most insecure. A very large proportion of attacks rely on
email. The ability to receive an email in clear is also extensively
used as proof of identity, which would be broken were it not for the
fact that lots of other things offer even better attacks.
After all these years, many users still have trouble realizing that an
email ostensibly from so-and-so is not necessarily from so-and-so, so
email has to be secured. Since the overhead, inconvenience, and loss of
privacy of getting one's true name certified by an authorized authority
is unacceptable, that implies Zooko's triangle and/or global monitoring
of key continuity.
Email goes through intermediaries, so suffers from inherent snooping,
arbitrary and unpredictable file size limits, and the fact one can never
really know if it has actually gone through. What the intermediary
should do is arrange for the parties to poke holes in each other's
firewalls whenever both computers are online, thereby allowing the
transmission of large and arbitrary content.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
