Re: A mighty fortress is our PKI, Part III

2010-09-16 Thread James A. Donald

On 2010-09-16 6:12 AM, Andy Steingruebl wrote:

The malware could just as easily fake the whole UI.  Is it really
PKI's fault that it doesn't defend against malware?  Did even the
grandest supporters ever claim it could/did?


That is rather like having a fortress with one wall rather than four 
walls, and when attackers go around the back, you quite correctly point 
out that the wall is only designed to stop attackers from coming in front.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


RE: A mighty fortress is our PKI, Part III

2010-09-16 Thread Carl Ellison
I, too, would love to get the details, but Peter is right here.

The flaw he reported was in the PKI itself, not in the UI.  If there were a
bulletproof OS with perfect non-confusing UI, once the malware has a valid
signature that traces to a valid certificate, it's the PKI that failed.

As for EV being as meaningless as ordinary certificates, that's the point
Peter is making.  Of course, neither of them certifies the qualities of the
publisher that the end user cares about.  That would be too expensive and
open to liability (therefore, more expensive still).  But, in a verbal shell
game, the CAs make it sound like someone with an expensive certificate is
trustworthy (in the end-user's value system).

-Original Message-
From: owner-cryptogra...@metzdowd.com
[mailto:owner-cryptogra...@metzdowd.com] On Behalf Of Andy Steingruebl
Sent: Wednesday, September 15, 2010 4:12 PM
To: Peter Gutmann
Cc: cryptography@metzdowd.com
Subject: Re: A mighty fortress is our PKI, Part III

On Wed, Sep 15, 2010 at 8:39 AM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
 Some more amusing anecdotes from the world of PKI:

Peter,

Not to be too contrary (though at least a little) - not all of these
are really PKI failures are they?

 - There's malware out there that pokes fake Verisign certificates into the
  Windows trusted cert store, allowing the malware authors to be their own
  Verisign.

The malware could just as easily fake the whole UI.  Is it really
PKI's fault that it doesn't defend against malware?  Did even the
grandest supporters ever claim it could/did?

 - CAs have issued certs to cybercrime web sites like
  https://www.pay-per-install.com (an affiliate program for malware
  installers), because hey, the Russian mafia's money is as good as anyone
  else's.

Similarly here - non-EV CAs bind DNS names to a field in a
certificate. No more.  They don't vouch for the business being run,
and in any case any such audit would be point in time anyway. I
suppose way back when people promised that certs would do this, but
does anyone believe that anymore and have it as an expectation?
Perhaps you're setting the bar a bit high?

BTW - do you have pointers to most of the things you've reported?  I'd
love to get the full sordid details :)

- Andy

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: A mighty fortress is our PKI, Part III

2010-09-15 Thread Andy Steingruebl
On Wed, Sep 15, 2010 at 8:39 AM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
 Some more amusing anecdotes from the world of PKI:

Peter,

Not to be too contrary (though at least a little) - not all of these
are really PKI failures are they?

 - There's malware out there that pokes fake Verisign certificates into the
  Windows trusted cert store, allowing the malware authors to be their own
  Verisign.

The malware could just as easily fake the whole UI.  Is it really
PKI's fault that it doesn't defend against malware?  Did even the
grandest supporters ever claim it could/did?

 - CAs have issued certs to cybercrime web sites like
  https://www.pay-per-install.com (an affiliate program for malware
  installers), because hey, the Russian mafia's money is as good as anyone
  else's.

Similarly here - non-EV CAs bind DNS names to a field in a
certificate. No more.  They don't vouch for the business being run,
and in any case any such audit would be point in time anyway. I
suppose way back when people promised that certs would do this, but
does anyone believe that anymore and have it as an expectation?
Perhaps you're setting the bar a bit high?

BTW - do you have pointers to most of the things you've reported?  I'd
love to get the full sordid details :)

- Andy

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com