On 09/17/2011 11:59 PM, Arshad Noor wrote:
The real problem, however, is not the number of signers or the length
of the cert-chain; its the quality of the "certificate manufacturing"
process.
No, you have it exactly backwards.
It really is the fact that there are hundreds of links in the chain and
that the failure of any single weak link results in the failure of the
system as a whole. When the number of CAs is large like it is, it
becomes impossible to make all the CAs reliable enough ("give them
enough nines" of reliability) to end up with an acceptable level of
security.
On 09/15/2011 06:32 PM, [email protected] wrote:
The source of risk is dependence, perhaps especially dependence on
expectations of system state.
This is an extreme example of that principle.
Your insecurity gets exponentially worse with the the number of
independent CAs.
Something this analysis doesn't capture probably even causes it
understate the problem: CAs aren't failing randomly like earthquakes.
Intelligent attackers are choosing the easiest ones to breach. In other
cases, the CAs themselves will willfully sell you out!
Now you may be a law-and-order type fellow who believes that "lawful
intercept" is a magnificent tool in the glorious war on whatever. But if
so, you have to realize that on the global internet, your own systems
are just as vulnerable to a "lawfully executed" court order gleefully
issued by your adversary (as if they'd even bother with the paperwork).
And don't let anybody tell you that it will be hard for him to pull off
an active attack on the internet, because in normal circumstances it
just isn't.
It was demoed for DefCon 18:
http://www.wired.com/threatlevel/2008/08/how-to-intercep/
http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
In the case of Kapela and Pilosov’s interception attack, Martin
Brown of Renesys analyzed that incident and found that within 80
seconds after Kapela and Pilosov had sent their prefix
"advertisement" to hijack DefCon’s traffic, 94 percent of the peers
from whom Renesys collects routing traffic had received the
advertisement and begun to route DefCon traffic to the eavesdroppers’
network in New York.
Yep, that's right. IP routes are agreed on based on the honor system.
- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography