Re: [Cryptography] Verisimilitrust
On Fri, Jan 8, 2016 at 4:09 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
From the Mozilla policy list, in a discussion about what to do about Kazakhstan requesting that their MITM certificate be added to the browser trust lists:
It would appear from this information, that this CA (and probably others like it) is deliberately serving a dual role:
1. It is the legitimate trust anchor for some domains that browser users will need to access (in this case: Kazakh government sites under gov.kz).
2. It is the trust anchor for fake MITM certificates used to harm browser users, and which should thus be regarded as invalid.
causing an immediate panicked response to try and find a reason to deny the request, because the CA/Browser Forum policies don't actually say you can't have an acknowledged MITM cert as a trusted root:
Kazakhstan has submitted the request for root inclusion: https://bugzilla.mozilla.org/show_bug.cgi?id=1232689
So, we really do need to have this discussion now.
I think we need to formally give up on the use of the word "trust" in its conventional sense in relation to PKI. Browser PKI has done to the term "trust" what the popular press has done to the word "hacker".
Thus it would be prudent to extend the trust list format (and the NSS code using it) to be able to specify additional restrictions beyond those specified in the CA root itself.
[...]
In other words certificates are going to be turned inside-out, instead of the cert encoding policy-related information as per X.509, we've got a third party (browser vendors) imposing its policy on the certificate from the outside. We've already got the same third party overriding CAs on revocation via hardcoded cert blacklists, and as has been shown over and over again, CAs do only the bare minimum of checking for anything but EV certs. So if this change is made we can summarise the purpose of a CA as follows:
Verify identity in certs - Not really (except to justify premium-priced EVs). Provide policy for certs - No, the browser vendor will. Provide revocation info for certs - No, the browser vendor will. Charge money to turn off the browser warnings - Yes.
So that's pretty much pared browser PKI down to its essence, a license to print money for a select group of companies.
The entire planet ignored warnings preached by early wise men and bought into the CA "trust" hype and money printing game for decades. Shame it took rampant surveillance and attacks for people to begin pulling their head out of the sand, let alone search for different models. If your new model involves someone getting rich, or relies on centralization / trust that you have no part in endorsing... it's broken.
On Fri, 8 Jan 2016 15:42:39 -0500 grarpamp <grarpamp@gmail.com> wrote:
If your new model involves someone getting rich, or relies on centralization / trust that you have no part in endorsing... it's broken.
...or works exactly as designed.
participants (2)
-
grarpamp
-
juan