Getting on the phone to call a (potentially unreliable or corrupt) representitive of amazon.com to verify their server id is not likely to measurably improve the security of the transaction, and is almost certain not prevent me from losing anything of value (since my credit card numbers aren't worth that much to me anyhow -- I'd lose some time, but not money, if they were stolen, but I'd probably lose more time if I called every e-commerce site to verify the server id before placing an order). As long as people understand what the CA's are capable of doing, and what they're not capable of doing, I have no problem with them. It does seem that many people are confused about their capabilities, though.
Printed means of distributing fingerprints should not be overlooked; you could include the fingerprint in small print in printed advertisements. Or perhaps a printed publication listing current correct fingerprints for major e-commerce sites; a "yellow pages" of the internet. It seems "backwards" but it solves a lot of problems. No, wait - I claim copyright on that idea!
Alternatively, a government-run key signing authority, that only signs keys requested by companies and requires signatures of the company owners/CEOs would be another way of dealing with this. Or perhaps a government "tree of trust" - with Governments able to issue signing keys to certificate authorities, with the proviso that if they are abused the company will be shut down, and the abusers hung, drawn and quartered.
Then you can be assured the signing authority is as good as the Government. Personally, in a world so corrupt that alcohol is legal and marijuana illegal, I still wouldn't trust it:-)
Most two year olds could come up with a half dozen solutions for this problem.
Fine, someone go fetch me a two year old child.
Certificate Authorities [...] are certainly one partial solution.
Yeah... because, heck - who needs a whole solution to rest the security of their business on?
But saying a Certificate Authority is bad because you can be lulled into a false sense of security is kind of like saying "you should only do electrical work on your house with the power switched on, since switching the power off lulls you into a false sense of security." You're certainly still vulnerable to attacks to the Certificate Authority, in exactly the same way you can still be electrocuted even if you think the fuse box is off.
I don't relate to your analogy - I think "don't trust the power cables to be safe just because they are switched off" is more like it, but it is still rubbish.
How about, trusting a certificate authority to certify keys is like trusting a Government to decide what is right and wrong rather than using the old "respect and love your neighbour" approach that has worked in the past. Most people are happy (or at least, full and content), and the Government makes a lot of money, but the people are not free.
No, I've got one that's much better - "it's like trusting a secretary of another company with sealing the envelopes of important letters"
black is white. stop is go. SSH's handling of the situation is most certainly not more secure than a central signing authority.
You are right - it is a matter of opinion. I based my statement on the fact that any system that involves Alice, Bob and Trent automatically has one more place to attack than a system just involving Alice and Bob. Hence, because SSH does not support the model involving Trent (or more to the point, Trent is the system administrator or user), if Trent's real name turns out to be Mallory it's less of a problem. (Alice and Bob are the two people trying to communicate, Trent is a trusted arbitrator, and Mallory is a malicious user)
On the other hand, if Alice and Bob don't know how to ensure that their communications aren't being snooped (ie, they don't know to pick up the phone and verbally check, or swap keys, or securely exchange SSH keys), and the system they are using doesn't present suitable warnings and instructions, then yes - the certificate authority is more secure. But IMHO this is a flawed "bullshit security" model that happens to be what Certificate Authoritys' business models are based on.
For anyone who hasn't taken the time to read the article yet, or ever learn basic security stuff, let me boil it down: In every single system known to man or mathematics, to identify an entity X, you must trust something to say "method Y is an accurate method to identify X".
Don't be so hostile. How do you know I'm not an encryption expert?
The point I was making was that it's better to get those identification methods straight from the horse's mouth than trust some agency that might be corrupt. And I explained why there are financial incentives for them to be selectively corrupt; the "purchase-key" attack.
IMO, the only way that works is the web of trust model, designed for PGP, but the concepts apply equally to SSH keys or anything else really.
To me, the CA's are selling people the right to cast aside the problem of teaching and learning secure key exchange, whilst reaping in the profits. They are capitalising on "the path of least resistance" - either learn some basic security concepts, and go to great lengths to ensure your keys are exchanged properly or pay them $5 a year for their "snake oil" certificates of security that cost them next to nothing to produce.
This is definitely FUD. The SSH documentation deals specifically with this issue. This is a good thing and SSH's handling of the situation is more secure than a central signing authority.
What he's basically advocating is removing the need for people to have secure methods for exchanging keys. Instead of having the chance of a "man-in-the-middle" attack during the first connection (which, if you've exchanged the fingerprint of the server with the admin of the server involved, is eliminated), he'd rather that we trust some other person with our security.
What if:
Someone actually manages to break the key authority's signing key
Someone replaces the key authority's signing key in your browser/software
Somebody working for the key authority secretly leaks the key (a "purchase-key" attack)
If any of these happen then your security is FUBAR. Bear in mind that the key could potentially be used to attack e-commerce sites, and is therefore pretty valuable. If the secret of the key being leaked is kept well enough, it is quite possible that no-one will ever find out - except for the odd sum of money missing from random credit cards worldwide.
Compare that to SSH, where upon connecting to the server, you are notified that you are connecting to an unknown host key, and it gives you its fingerprint to check against what you have recorded it should be. If the key ever changes, you are presented with a huge warning message saying that the host key has changed, and that a man in the middle attack may be in progress.
If you were using this commercially, you generally would be using SSH between two machines that you admin yourself, or between one that you admin and one that your peer's company admins, and you can verify the keys, set them up in each systems ssh_known_hosts file, and rest secure that you are not vulnerable to man-in-the-middle attacks.
Personally, I think he's trying to promote the idea that "security needs trusted arbitraries" to the corporate IT world - I wonder if Kurt Seifried has received any "donations" from any large key authorities recently?
Let's face it - if people use security that doesn't need key authorities, then they'll go away.
Every security system that uses a trusted authority is vulnerable to a purchase-key attack, and don't let anyone convince you otherwise!
Today, the only choice Americans get in parliamentary issues is their vote, however they get to decide very little on particular issues.
With the explosive growth of the internet, it is certainly feasible that soon virtually everyone in the United States will have an internet connection.
What is your attitude towards people being able to:
Make a vote on critical decisions via the internet
Make their vote more detailed - eg set their opinion on issues like health, drug reform, education, research dollars, etc?
Individuals choosing where their tax money goes - research vs military vs education vs space programme...
Slashdot Mirror
Printed means of distributing fingerprints should not be overlooked; you could include the fingerprint in small print in printed advertisements. Or perhaps a printed publication listing current correct fingerprints for major e-commerce sites; a "yellow pages" of the internet. It seems "backwards" but it solves a lot of problems. No, wait - I claim copyright on that idea!
Alternatively, a government-run key signing authority, that only signs keys requested by companies and requires signatures of the company owners/CEOs would be another way of dealing with this. Or perhaps a government "tree of trust" - with Governments able to issue signing keys to certificate authorities, with the proviso that if they are abused the company will be shut down, and the abusers hung, drawn and quartered.
Then you can be assured the signing authority is as good as the Government. Personally, in a world so corrupt that alcohol is legal and marijuana illegal, I still wouldn't trust it :-)
How about it, politics?
Fine, someone go fetch me a two year old child.
Yeah... because, heck - who needs a whole solution to rest the security of their business on?
I don't relate to your analogy - I think "don't trust the power cables to be safe just because they are switched off" is more like it, but it is still rubbish.
How about, trusting a certificate authority to certify keys is like trusting a Government to decide what is right and wrong rather than using the old "respect and love your neighbour" approach that has worked in the past. Most people are happy (or at least, full and content), and the Government makes a lot of money, but the people are not free.
No, I've got one that's much better - "it's like trusting a secretary of another company with sealing the envelopes of important letters"
You are right - it is a matter of opinion. I based my statement on the fact that any system that involves Alice, Bob and Trent automatically has one more place to attack than a system just involving Alice and Bob. Hence, because SSH does not support the model involving Trent (or more to the point, Trent is the system administrator or user), if Trent's real name turns out to be Mallory it's less of a problem. (Alice and Bob are the two people trying to communicate, Trent is a trusted arbitrator, and Mallory is a malicious user)
On the other hand, if Alice and Bob don't know how to ensure that their communications aren't being snooped (ie, they don't know to pick up the phone and verbally check, or swap keys, or securely exchange SSH keys), and the system they are using doesn't present suitable warnings and instructions, then yes - the certificate authority is more secure. But IMHO this is a flawed "bullshit security" model that happens to be what Certificate Authoritys' business models are based on.
Don't be so hostile. How do you know I'm not an encryption expert?
The point I was making was that it's better to get those identification methods straight from the horse's mouth than trust some agency that might be corrupt. And I explained why there are financial incentives for them to be selectively corrupt; the "purchase-key" attack.
IMO, the only way that works is the web of trust model, designed for PGP, but the concepts apply equally to SSH keys or anything else really.
Why do you think Carl Ellison and Bruce Schneier warn of the risks of PKI?
To me, the CA's are selling people the right to cast aside the problem of teaching and learning secure key exchange, whilst reaping in the profits. They are capitalising on "the path of least resistance" - either learn some basic security concepts, and go to great lengths to ensure your keys are exchanged properly or pay them $5 a year for their "snake oil" certificates of security that cost them next to nothing to produce.
This is definitely FUD. The SSH documentation deals specifically with this issue. This is a good thing and SSH's handling of the situation is more secure than a central signing authority.
What he's basically advocating is removing the need for people to have secure methods for exchanging keys. Instead of having the chance of a "man-in-the-middle" attack during the first connection (which, if you've exchanged the fingerprint of the server with the admin of the server involved, is eliminated), he'd rather that we trust some other person with our security.
What if:
If any of these happen then your security is FUBAR. Bear in mind that the key could potentially be used to attack e-commerce sites, and is therefore pretty valuable. If the secret of the key being leaked is kept well enough, it is quite possible that no-one will ever find out - except for the odd sum of money missing from random credit cards worldwide.
Compare that to SSH, where upon connecting to the server, you are notified that you are connecting to an unknown host key, and it gives you its fingerprint to check against what you have recorded it should be. If the key ever changes, you are presented with a huge warning message saying that the host key has changed, and that a man in the middle attack may be in progress.
If you were using this commercially, you generally would be using SSH between two machines that you admin yourself, or between one that you admin and one that your peer's company admins, and you can verify the keys, set them up in each systems ssh_known_hosts file, and rest secure that you are not vulnerable to man-in-the-middle attacks.
Personally, I think he's trying to promote the idea that "security needs trusted arbitraries" to the corporate IT world - I wonder if Kurt Seifried has received any "donations" from any large key authorities recently?
Let's face it - if people use security that doesn't need key authorities, then they'll go away.
Every security system that uses a trusted authority is vulnerable to a purchase-key attack, and don't let anyone convince you otherwise!
Today, the only choice Americans get in parliamentary issues is their vote, however they get to decide very little on particular issues.
With the explosive growth of the internet, it is certainly feasible that soon virtually everyone in the United States will have an internet connection.
What is your attitude towards people being able to:
...and has at least 1280x960 resolution.