Stating the problem in terms of PKIX is way too specific. The requirements should apply equally to any new technology being proposed.
Otherwise we end up with a set of requirements that are trivially satisfied just by having something that is not called PKIX. SOPA/PIPA attempt to force actions on the DNS, an infrastructure that the US Congress appears to regard itself as being in control of. So the same issues are raised for DNSSEC in spades. I would not be surprised if some idiot attempts to 'fix' SOPA/PIPA by giving the plaintiffs the power to order ICANN and/or the registry to insert fraudulent records. As for the activities of intelligence services and co-operation therewith, it seems rather unlikely that any intelligence service is going to attempt to engage in a covert operation that leaves highly visible traces unless the object is to be visible or they are very desperate. Fraudulent certificates are rather visible. I do not believe that the police are above the law. There are courts that sit on a 24 hour basis for precisely the purpose of vetting wiretap requests. The obvious response to a purported US national security letter is to tell the investigator that you do not recognize them as lawful authority as clearly contrary to the searches and seizures clause and that if they want to maintain the secrecy of their investigation they will return with a court order. On Fri, Jan 20, 2012 at 5:49 AM, Yoav Nir <[email protected]> wrote: > > On Jan 20, 2012, at 10:05 AM, Vesna Manojlovic wrote: > > > 'morning > > > > On Thu, 19 Jan 2012, Paul Hoffman wrote: > >> Which attacks are we interested in? > >> > >> a) Attackers can get a trusted PKIX certificate due to errors on the > >> part of some CAs that are trusted by web browsers. > > > > I would like to add: > > > > d) Atacker can get a trusted PKIX certificate due to a legislation / law > > that enables them to order some CAs to hand out that PKIX certificate > > > > In light of SOPA/PIPA, ACTA, and Iranian (etc) government. > > You don't need any special legislation. If the FBI/DHS contacts an > American CA, tells them they're following some terrorists who are planning > some big attack in the US, and need a certificate in order to listen in on > their communications, most people would help their government. Even without > the coercion of law enforcement. > _______________________________________________ > therightkey mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/therightkey > -- Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
