On Wed, 23 Oct 2013, DataPacRat wrote:
Do either of them provide any protection against a subpoena attack?
An exemplar could be the attack against Lavabit's customers, which was only prevented by Lavabit shutting down entirely. More generally, it's a government issuing some sort of demand, often secret, to an online service provider, requiring at least that they hand over various keys, occasionally much more.
My general thought, as of the start of this thread, is that such attacks could be made much harder to implement and much less effective by massively increasing the number of CAs (essentially, by turning everyone into a CA).
That's basically what DANE does. Everyone becomes their own CA within their own domain, by securely (DNSSEC) publishing TLS public keys. You still need to run these TLS servers yourself to protect against the "subpoena attack". So it won't help you with ISPs offering TLS. But if I run a TLS server in my own infrastructure and publish my TLS key using DANE as I do: dig +short tlsa _443._tcp.nohats.ca 3 0 1 6327233AE15A460A4AD9875C547FE83208924387E09F3A18E6594D4A CCDF5D87 Then no "subpoena attack" could be launched. They could force a registrar or TLD to change the delegation of my domain by modifying the DS and NS records at the parent (.ca) and point to their own TLS server using a modified TLSA record, but this would be clearly visible to the entire world (and hopefully me, as my server would not be getting any traffic anymore) The only defense against a "subpoena attack" is not outsourcing your end to end encryption. That's what we need to facilitate. Where we do need to depend on others for delegation, it should be public and we should have notaries/transparency/logs. Any such change should be visibly globally and to everyone to avoid targeted attacks. Paul _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
