Gervase Markham wrote:
Johnathan Nightingale wrote:
1. To a first approximation my sense is that, unsurprisingly, EV and
Eddy's proposal are trying to accomplish the same thing:
strengthening the internet's TLS/SSL certificate infrastructure to
provide stronger identity verification.
Actually, I'm afraid I might have to quibble even over your attempt to
find common ground. :-(
EV is indeed an attempt to strengthen identity verification. (How well
it will work in practice is, of course, under debate.) Eddy's
proposal, however, is an attempt to map a generic underlying framework
onto the status quo. His suggestion is that CAs self-classify their
existing offerings into one of 4 categories.
Therefore the reason I object is that it seems to me that, in the face
of the new consumer-level identity spoofing threats which were not
present for the first ten years of the life of SSL, _none_ of the
current practices are sufficient. Therefore, classifying them doesn't
really help.
Actually many of them were, they were simply ignored by CAs and
developers that were more interested in making money selling snake oil
than doing things right. For example SSL for identification is
worthless without DNS being secured, and no-one on any list wants to
talk about that. Unfortunately, the number people who actually
understand the problems are very small, normally the people trying to
make these decisions are people who are more familiar with PGP, or worse
completely uninformed about the workings of public-private key encryption.
If the current system can't be fixed, than the EV certs will soon fall
prey to the same failings, and the only thing that will work is a mutual
auth system like has been discussed on CAcerts anti-fraud list, or a
system that the people over at WikID have already implemented (
http://www.wikidsystems.com/WiKIDBlog/categories/Mutual%20Authentication )
If we really want to fix things, then we need to look at forcing things
to be done right. EV certs won't do it, they don't address half of the
real problems, like the failings of DNS, or unsecured and unsigned
CRLs. These problems need to be addressed before EV certs, or other
forms of improved persona verification can have any great effect.
I happen to agree with Eddy that SSL Can be fixed, but not without some
major changes, some of which are going to be rather painful, like fixing
DNS, and the browsers to check responses.
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
