Pen register request used to force disclosure of SSL private keys - LavaBit hearings
CodesInChaos
codesinchaos at gmail.com
Thu Oct 3 12:24:09 PDT 2013
> This, in my opinion, can make all US encryption, even US-based
> certificate authorities really untrustworthy. What is to stop them from
> getting GoDaddy to give up their root certificates with a NSL and a
> small legal justification?
We need to catch a CA which does this, for example using Certificate
Transparency.
Then handing over the CA private key is equivalent to committing company
suicide.
This means that
1. CAs will fight with all they've got
2. If corruption is successful, eliminates US CAs one by one until there
are none left to compel.
> some have suggested a rule #5: don't distribute updates automatically
> to your users and don't implement security critical functions in code
> that is delivered to the client via the server.
I don't think disabling auto-update is a good idea. What we need is secure
auto update.
This involves:
1) requiring multiple signatures on the update by people in different
jurisdictions
2) Reproducible builds
3) A Certificate Transparency like log of all updates.
I believe TOR is doing some work on points 1) and 2).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1749 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20131003/16c3a0c9/attachment-0001.txt>
More information about the cypherpunks
mailing list