On Wed, Jun 7, 2017 at 9:08 AM, Ryan Sleevi <[email protected]> wrote:
> > > On Wed, Jun 7, 2017 at 8:51 AM, Magnus Ahltorp <[email protected]> wrote: > >> Well, that depends on the assurance level, doesn't it? For >> domain-validated certificates, sure, but those are next to worthless >> anyway. It would be hard to hold a CA responsible for issuing them, so the >> need for logging them is really small. >> > > Let's not introduce CAs' marketing distinction into the technical > discussion. > Marketing is sometimes based on facts. In this case inconvenient facts for people proposing to trash the WebPKI trust model. If you want to spread disinformation, then I am going to respond to correct. https://www.scmagazineuk.com/updated-97-of-malicious-mobile-malware-targets-android/article/535410/ The press have stopped writing articles about 97% of malware targeting Android because it is no longer news. Apple do have some advantages in their structure besides enforcing what amounts to EV validation of developers. But it is the validation of every developer before they get developer credentials that makes the rest of their model feasible. > Domain validated certificates - the basis for the Web PKI - are the only > security level that matter. The holder of such a certificate can > impersonate any site named in the certificate - whether from example.com > to google.com. > Domain Validation is not the 'basis' for the WebPKI. It did not even exist until late in the dotCom boom. The WebPKI was originally designed to establish accountability. It is the bridge between the online and offline accountability infrastructure. What was not anticipated in the original design was that there would be a demand for certificates that only provided encryption and a minimal level of authentication. And in our defense, I will point out that even the banks were not encrypting their entire sites until quite late in the game. Back in 1997, RSA was a serious resource hog even at 1024 bits and SSL accelerators were only just starting to exist in usable form (you could buy 'em, taking delivery was another matter). The other forms of certificates, "Organizationally Validated" or "Extended > Validation", or, in the EU, Qualified Website Authentication Certificates, > while nominally trying to provide higher assurance, do not meaningfully do > so in the security model of the Web (which is the Origin). > I suggest that stating that the Web has a single security model is obviously wrong. The JavaScript security model is origin but even that is a retrofit and it is not the Web security model. > To that end, the past decade of CA misissuance responses have come down, > in part, to the misissuance of certificates that attest to a websites > identity, and CAs have been held responsible. > Issuance of phishing certificates with Paypal in the name is exploding. But if you aren't actually bothered about phishing fraud, I guess you can claim an improvement. One of the facts that the industry is going to have to face is that there is a choice, only one of the following can be true: * Every site is encrypted. * Certificates are not issued to criminals. Now the WebPKI model for EV and DV is very much that the second is true and always has been in the 25 years I have been involved in its development. And no, I do not need an adventure in 'alternative history'. I was there. I was part of the original design discussions. What I am getting at though is something different. There are in fact multiple security concerns for a system as large as the Web and one size fits all security is not going to work. The problem with equating enabling encryption with 'security' is that it just is not so. Encryption is a starting point for security but it is a weak one. That was how I broke SSL/1.0, Marc had only considered confidentiality as a security concern. The way to address the conflict raised above is to observer that while it is true that every communication should be encrypted, it is not true that every communication should be represented to the user as providing security. What we need to do is to bifurcate the DV level and distinguish between certificates that only enable confidentiality and those that provide authentication. The first would become a new category 'minimal validation' and would not be required to prevent issue of paypal certificates etc, or provide for revocation or any other controls. The second would be an enhanced DV providing full revocation and lifecycle management. > I can totally appreciate a perspective that believes that CAs' human > processes are far more secure than their automated processes, even if that > perspective is not supported by the data. > Actually it is. The work factor for obtaining an EV cert as a criminal is markedly higher than for DV which is in turn markedly higher than that for those who don't do any lifecycle controls. PHB
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
