Ben Laurie <[email protected]> with: >a) I don't believe your figures,
Well I don't believe in the tooth fairy, but in this case you're going to have to provide a more convincing rebuttal than "I choose not to believe in this inconvenient information". >I suspect you don't understand CT - perhaps you'd care to explain why it is >PKI-me-harder? Because it's a band-aid on a mechanism that doesn't really work in the first place. The solution to the inability of PKI to protect users isn't to rearrange the PKI deckchairs, it's to adopt a layered risk-management strategy that actually helps protect them. We have no real evidence of PKI addressing anything that attackers are doing, so no matter how much you band-aid it it's not going to help protect users from harm. "Fixing PKI" isn't the problem, PKI itself is the problem. It doesn't work, and as long as browser vendors keep distracting themselves by fiddling with even more PKI, they'll never get around to addressing the actual problem. >In any case, its time you updated your out-of-date rant - I'll update it as soon as browser PKI starts working (meaning that we have real evidence that it's effectively preventing the sorts of things attackers are doing, phishing and so on). Deal? >or, even better, explained your solution to the problem. I've been explaining it for years (and I'm pretty sure you're aware of at least some of it, since we discussed it when I visited Google a year or two back). Here's a starter: In the real world, risk is never binary but always comes in shades of grey. When security systems treat risk as a purely boolean process, they're prone to failure because the quantisation that's required in order to produce a boolean result has to over- or under-estimate the actual risk. What's worse, if an all-or-nothing system like this fails, it fails completely, with no fallback position available to catch errors. Drawing on four decades of experience with security design for the built environment (buildings and houses) known as crime prevention through environmental design (CPTED), PKI as Part of an Integrated Risk Management Strategy for Web Security, presented at EuroPKI 2011, looks at how CPTED is applied in practice and, using browser PKI as the best-known example of large-scale certificate use, examines certificates as part of a CPTED-style risk-mitigation system that isn't prone to all-or-nothing failures. Link: http://www.cs.auckland.ac.nz/~pgut001/pubs/pki_risk.pdf (That's a slightly updated version of the original talk). I have a much longer version, with references to research papers and actual effectiveness in practice from its use by commercial vendors, if anyone wants the full thing. Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
