On 01/25/14 20:09, coderman wrote:
On Sat, Jan 25, 2014 at 7:53 AM, Guido Witmond <guido@witmond.nl> wrote:
... Client certificates are part of my answer to MitM attacks.
The other part is to forget about third-party CA's.
my heart a twitter already!
(these are the key points, and you hit them first.)
Lurking at several cryptography mailing lists, gave me some hints :-)
See http://eccentric-authentication.org/ to read more.
I'd love to hear comments.
i've come across this on other lists, and will one day provide a better response. my initial feedback relates to:
- supported suites. NULL encryption is still a valid TLS mode!
1st. Although NULL encryption is a problem, I expect that most crypto-toolkit developers will disable these in their default configuration. From there it will bubble up the stack into the distributions. That's a lesson that NSA has thought us: make defaults safe! 2nd. There is nothing in eccentric authentication that specifies one branch of public key mathematics over another. I deliberately leave the choice of either RSA, EC, or others out. As I'm not a cryptographer, I can't make that decision. I do specify what I expect the protocol needs to accomplish. It's up to the experts to match the appropriate parts. My prototype used RSA/TLS/DNSSEC
- end-point security (each site acting as a CA is like every bitcoin user acting as a bank. you've elevated the threat model on the unsuspecting.)
Not really. Each site signs only for itself. There is no need to trust anything else than your own systems (Or the hoster who does the work for you). That trust level is already needed for every current web site. In fact, with a proper setup, the Root certificate's private key for the site does not live at the server, for signing, it uses a subRoot. Now when the site gets hacked, the hackers can create more accounts for themselves or invalidate other peoples' accounts. But the attackers can never impersonate any of the sites user accounts at other sites, as these use their own signing key. I believe it is more safe than hashing passwords. The more worrisome part are the end-users' computers. The Posix-model is not designed to protect users against themselves. Although, every user expects that to be the case. Things like microkernels, Capsicum, Qubes-OS, Genode, Pola, least authority designs are in DIRE need.
- Namecoin and other decentralized alternatives to DNSSEC.
DNSSEC might be just as difficult as IPsec, or its private key might have already been leaked to NSA due to compromised hardware. We need to have alternatives. The eccentric-protocol can use other global unique naming schemes. The requirements are: easy and cheap enough so every website can get a unique and human memorize-able name. Namecoin might fit the requirements, or GNS (GnuNet). I hope this sparks the curiosity. With regards, Guido.