On 09/18/2011 05:11 PM, Marsh Ray wrote: > B. If your threat model considers as an adversary government A, then > you're in good company with governments B through Z. So all the comments > on "won't save you from The Government", while true, are also > potentially writing off your biggest ally.
Unless, of course, we continue to use the system as it exists today, where any trusted CA can sign a certificate for anyone. If a particular government supports a CA that is "cooperative" with that government, then either nobody in the world would be safe, or the system will fracture and we will not have a global PKI. > C. At the end of the day, governments need to log into their VPNs and > check their MS Outlook Web Access email remotely just like everybody > else. Now consider that this applies to process engineers at power > plants and chemical facilities too. When you hear US DHS people talking > about "national infrastructure vulnerable to cyber attack" they are > sincerely concerned about this type of exposure. So the only trustworthy CAs will be the ones that sign certificates for power companies or other "national security" related entities? We need a system that can be used and trusted (to a reasonable degree) by everyone, not just big or "important" organizations. > At some point, the influence of people on the defense side will outweigh > those who benefit from the attack side. I doubt this will happen any time soon. Consider this official (and apparently still current) FAQ from the Department of Justice: http://www.justice.gov/criminal/cybercrime/cryptfaq.htm Yes, that was issued over a decade ago, but "key recovery" -- which we are meant to believe is not the same as key escrow -- remains the DOJ's goal when it comes to cryptography. There is also the more recent push by the Obama administration to create a system that allows law enforcement agencies to more easily hijack domain names. > Now that the cat's out of the bag about PKI in general and there's an > Iranian guy issuing to himself certs for www.*.gov seemingly at will, I > think the current PKI system will not escape the black hole at this > point, it crossed the event horizon sometime earlier this year. I doubt it. The cat has been out of the bag on how easily email can be forged for decades now, but how often do you receive digitally signed email? The cat has been out of the bag about running out of IPv4 addresses for many years, but IPv6 deployment has been sluggish. Without a strong incentive, these things will not change, and the PKI is no different. I doubt that the current PKI will be gone by the end of this decade -- criminal MITM attacks are just not in-your-face enough to generate a public outcry, and governments are not terribly interested in thwarting their own law enforcement agencies. -- Ben
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography