On 02-07-13 05:51, Anthony Papillion wrote: > What is the most effective way to protect users against a compelled > fake certificate attack? Since any CA can issue any cert and any US > based CA could probably be compelled to issue a fake CA, how can we > protect against this? > > My initial thought would be to publish the certificate fingerprint on > a website and encourage users to verify that what they have matches > every now and then. But this is a huge hassle for users.
Yes, that's the way it is done. Check http://perspectives.project.org; Transparency: http://www.certificate-transparency.org/; or others. > > Are there any better ways? Publish the sites' TLS certificate in DNSSEC with DANE. Or use the CAA proposal. DANE: https://tools.ietf.org/html/rfc6698 CAA: https://tools.ietf.org/html/rfc6844 The difference is: (from the CAA-rfc) Like the TLSA record defined in DNS-Based Authentication of Named Entities (DANE) [RFC6698], CAA records are used as a part of a mechanism for checking PKIX certificate data. The distinction between the two specifications is that CAA records specify an authorization control to be performed by a certificate issuer before issue of a certificate and TLSA records specify a verification control to be performed by a relying party after the certificate is issued. Guido. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
