On Mon, May 16, 2016 at 06:04:30AM +0200, Daniel Margolis wrote:
> But in general I
> think we're saying the same thing--that this is a problem with domain
> verification, and not something to solve here.
Yes, except that I would put it more strongly. This is a problem
which we do and must pretend does not exist with "domain validated"
certificates. DV is a leap-of-faith by design, and the problem
must simply be swept under the rug as outside the thread model.
The only "solutions" are EV, which fails to scale, or CT which only
provides forensic evidence after the fact. The latter might deter
attackers who are reluctant to leave a trail of evidence of their
activity, though in practice all one learns is which CA got fooled,
not who did it. If the CA was not negligent or complicit, there's
little recourse. One learns of the existence of MiTM, but not
who's behind it.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
