SSLegance

tz thomas at mich.com
Sat Jul 27 16:42:54 PDT 2013


There are two problems.

First, CA AND/OR ToFU, or notaries or some other kind of acceptance of the
certificates.  That is a large issue, but the CA model is broken.  It would
be even more convenient not to have to bother with any authentication,
encryption and passwords, but if we are going to bother with it, it may as
well be actually secure.  We need not trust them collectively - the
difficulty comes when there are lots of different certs from the same site,
but I might trust a google domain cert signed with a google signing cert
over one signed by diginotar.

Second, they generally don't escrow the ephemeral keys, but, if I
understand correctly, if the key exchange does not have perfect forward
secrecy, if the traffic is recorded, and the original private keys are
exposed (subpoenaed, hacked, broken) any session is as well.  Note that the
exposure of one private key unlocks ALL such recorded sessions.  This would
apply even if I generate my own keypair and private cert.

On Sat, Jul 27, 2013 at 5:56 PM, Lodewijk andré de la porte <l at odewijk.nl>wrote:

> What problem are we solving, exactly? No eavesdropping is simple enough.
> No MITM is not preventable without information known to come from the
> intended source. Presently we have "all knowers" called certificate
> authorities. We trust them as a collective not individually. Their security
> depending on their collective is a fatal mistake. The idea of an all-knower
> is very, very convenient for the design of these systems.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1766 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20130727/4364b217/attachment-0001.txt>


More information about the cypherpunks mailing list