On Feb 22, 2010, at 05:20 , Nguyễn Đình Nam wrote: > On Feb 22, 3:56 am, Eddy Nigg <[email protected]> wrote: >> On 02/21/2010 09:34 AM, Nguyễn Đình Nam: >> >>> The way to solve it is not to inform people of each potential attack, >>> because there will be too many false positive, pushing people to just >>> ignore it, rendering the scheme ineffective. The way to solve it is to >>> let a small number of relevant and knowledgable people aware of the >>> incident... >> >> Chances that this will happen are almost nil I think. > I googled your name and I found > https://bugzilla.mozilla.org/show_bug.cgi?id=470897 > So it did happened. Actually a CA abused the trust. > The proposed scheme is explicitly to prevent this case. You'r e-mail subject describes your intention well: "everything (in software) can be fixed by adding another layer". Yet you can't (easily) fix a broken trust issue with another layer, especially if the added layer has the same (broken) traits as the original one (vulnerable centre of gravity).
I don't trust a random (or for example the CA of my country) CA more than I would trust a bunch of (possibly well chosen and knowledgeable etc) people chosen (not by me) to "guard and direct" my trust decisions. What you're trying to do is a "who is watching the watchers" kind thing and as you described, you do this by adding another central piece of machinery to the picture where another central piece of machinery is easily manipulated into rogue actions. I don't see how this would make anything better. If you're talking about a country level PKI (probably supported by law) and the need to bring some bad guys operating in that system to justice under the same law environment.... This should be fixed on that local level, not as an addon software piece. Probably some sound multiparty control/public verification mechanism backed by cryptography and implemented by the central CA and/or enforced by local laws would give better results. >> there are privacy issues involved too if this would >> be in a default build. I guess it's not feasible. > I think it should be in the default build instead of an add-on. Yes > there is a small privacy issue: if the intrusion detection server is > malicious, it'll know each time a user establishes a secured > connection to somewhere else the first time, but not following > accesses. The same problem haunts OCSP or all central services. > If the intrusion detection server is managed by the creator > of browser itself (in this case, it's Mozilla), the privacy issue is > solved. How come? Some people are OK with their browser sending "check if this url contains something bad" kind of messages to the internet (to google, to antivirus provider, to microsoft or anyone else) others are not. The fact that the big brother happens to be the browser vendor does not solve the privacy issue for those who care. The scheme would be similar in nature and function to the "URL scanners" installed by software such as AVG. Some people install them by accident or knowingly and are OK. Others disable them ASAP. Implementing something like this in the core browser would be like implementing a big brother agent. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
