The problem with ID based encryption is revocation. If someone loses their key the best you can do is to tell people that it is bad. And any mechanism that could tell you the key status could be used for key binding.
So the only applications where it really works is in low level device type schemes where the crypto is installed during manufacture.
The CA model was never designed to do more than support Internet commerce. It was designed to be secure enough to exchange credit card information.
CAs are not useless against defending against intelligence services, they are only vulnerable to being suborned by a limited number of such agencies, the ones that they have plant in. And any defection is visible on the Internet. Hence the use of schemes such as Comodo CertSentry and Google's Certificate Transparency which are designed to prevent covert subornation of a CA by making the results of the attack visible.
One of the many reasons security is hard is that you have to defend against all the attacks, not just one particular one that someone is obsessing about. Nobody has proposed a replacement for the CA model that works as well within the existing constraints.
Peter Eckersley proposed a scheme 'Sovereign Keys' that solves the hard problems of PKI by pretending that the system administrator will never ever make a mistake. Moxie's 'Convergence' is three years old now and we are still waiting for an actual written specification. The problem with Convergence is that it depends on a notary infrastructure that doesn't have a business model. So it is hard to see how the world of commerce is going to be keen on moving to an infrastructure that we know will have scaling issues.
The CA model isn't prefect but it is the only part of the Internet security apparatus that fails rarely enough for the failures to still be news. McAfee fails to spot viruses on an hourly basis. There are serious security fixes for Windows, OSX and Linux every single month. Those don't make the news because they aren't news any more.
The market for the proposals that are 'stronger' is essentially the same as the constituency that use PGP every day and use Tor and keep their money in BitCoin. It is not a negligible constituency but the people who are in it have to spend about a quarter of their waking moments managing their security.
Web of Trust isn't perfect either. Choosing between the two is pointless because neither meets every need that the other meets. So instead of having the argument over which one to pick we should work on ways that let people use both in a seamless connected fashion.
Even at the height of the troubles, the number of deaths in the UK due to terrorism never exceeded 500 and the UK murder rate was a fraction of the US murder rate at the time.
Most of the guns used by the IRA were bought in the US through NORAID, the US fund raising arm.
Newtown took place in the heart of gun-nut country, not the inner cities.
The number of gun deaths in rural America are way higher than in Europe.
The typical gun murder is of a family member. Those happen just as often in rural America, in fact they are rather more frequent because guns are easier to come by.
Most countries that regulate guns also regulate sales of ammonium nitrate fertilizers which is by far the next most popular tool for mass murder.
The US does not regulate ammonium nitrate particularly well which is why that factory in Texas was located next to two schools and the likely perpetrator could not even be prosecuted for the murders despite having made two pipe bombs.
Very few firearms deaths are caused by career criminals. The vast majority are suicides and accidental shootings. Making guns illegal would practically eliminate those causes of death. Only criminals would have guns to leave round the house for the kids to use.
The UK does not have idiotic mandatory sentences for low level drug possession or peddling. But carry a firearm during a crime and you get ten years almost automatically. Fire the gun and its fifteen. Anyone involved in the crime kills someone and its a whole life sentence.
Its just a hobby, you folk don't have the right to cause 50,000 deaths a year for your hobby. Moreover I don't think the general public is impressed by the NRA attempting to save their hobby at all costs by attempting to persuade the politicians to ban video games instead.
And the issue is not the 99.995% of owners who don't commit murder, its the 0.005% who do.
And given that the total number of firearms deaths is three times the number of murders, the number of 'responsible' owners is far smaller. There is a child under 5 killed with a firearm every week in the US.
Any gun that is accessible enough to be used in 'self-defense' within 1 minute 20 seconds is going to be accessible to a child.
Schools are only gun free to the extent that there are no guns brought in from outside.
Europe has roughly the same population as the US and the murder rate is actually identical - if you exclude firearms deaths. The number of Americans murdered with knives etc. is pretty much the same as the number of Europeans.
The higher US murder rate is entirely due to the NRA and the politicians who are to weak in the spine to stand up to them.
The UK gun murder rate is essentially zero because it is almost impossible for a criminal to get a gun.
We need a war on guns. Make drugs legal and guns illegal. Shut down the manufacturers and the death merchants. It won't take every gun off the street but it will eliminate most of them within a few years.
Every time we have yet another NRA sponsored massacre we have the gun nuts round to say the answer is more nuts with guns.
You are worse than pedophiles in my view.
Where were these slef styles defenders of liberty when Bush was setting up the gulag in Gitmo and using torture? They were cheering him on. If there ever was a fascist takeover of the US, the NRA would be there in their jackboots and pillowcases rounding up opponents to help the new regime.
The claim to be rated by the better business bureau has been shown to be false. KlearGear makes several such claims that have been shown to be false for the purpose of gaining business. That meets the legal definition of fraud. In addition to creating the possibility of criminal sanctions, fraud voids a contract.
The Bill of rights is also enforceable on state governments.
KlearGear is attempting to enforce a purported contract term, guess what regulates contracts, oh yes, its the courts. And guess what the courts are part of, oh yes they are part of the government.
One of the sources of the Bill of Rights was precisely a concern about the government 'privatizing' censorship. That is how the British libel laws came into being, the purposes were to reduce the number of duels by providing an alternative dispute resolution process and to enable the rich and powerful to suppress their critics. It is no coincidence that in the 20th century the UK libel laws were used by a long series of corrupt bastards to suppress legitimate criticism, from John Major, the adulterer suing the New Statesman over an allegation of adultery, to Robert Maxwell the guy who stole almost a billion dollars worth of pension funds, to Jeffrey Archer and John Aitken who went to jail for perjury after making fraudulent libel claims.
The contract clause is unenforceable for multiple reasons. The first amendment has a bearing on one of them.
First there is no contract, The goods were never delivered, KlearGear failed to perform its obligation, there was never an exchange of a consideration. Therefore no contract.
Second, the original agreement was with the husband, the comments were made by the wife.
Third, the contract terms were added after the original agreement as is demonstrated by the Way Back Machine archives
Fourth, even if there had been a contract it would be a contract of adhesion. The seller defines the terms and the buyer has a weak negotiating position. In such cases civilized jurisdictions (i.e. not necessarily a corrupt jurisdiction) generally strike out clauses that are surprising or contrary to normal practice absent clear proof that the buyer was aware the term existed. A line of text in a fifty page contract in 6pt type is not normally enforceable.
Fifth, the term in question was unconscionable which means that it offends the basic principles of commerce and/or society. Constitutional precedent and in particular the first amendment is frequently used to establish that a clause is 'unconscionable'. Kleargear is not 'violating' the first amendment but the courts are not going to enforce a contract term whose purpose is to take away constitutionally protected rights.
Sixth, even if all the above were not so, the claim for $3,500 is a liquidated damages clause and thus invalid. As a matter of public policy, corporations are not allowed to set fines.
Seventh, the amount was clearly in dispute. Thus the reporting to Experian was in breach of the fair credit reporting act.
I am sure that there are weaker claims out there, but I can't think of one offhand.
The point of the document is that I took all the points that had been made five or more times already and put them into one document so that we can move the discussion on to the next stage. Otherwise every time we get a new person joining the group we have to go through the same thing all over. And the third or fourth time round it becomes 'we already know that', 'NOO you are trying to censor me, NSA plant!'.
It isn't meant to become an IETF draft, they would make me take out all the fun parts. Like pointing out the abject incompetence of an organization that lets a 29 year old contractor with a pole dancer for a girl friend have access to that material six months after joining. Why do Alexander and Clapper still have jobs? And spying on US citizens and then trading the raw SIGINT with foreign powers that are certain to share it with my commercial competitors? What were these idiots thinking?
There is work going on in IETF and in fact we started before his Bruce-ship made his call to arms. I doubt the PRISM-PROOF branding will stick. But it is powerful mind share as this story proves. We have botched deployment of almost all the security protocols developed in IETF except for TLS and that succeeded before it went in. This is a chance to hit the reset button and fix the mindbogglingly stupid deployment gaps. Like having no standard way to discover recipient keys and having two different message formats (OpenPGP and S/MIME) forcing people to choose between two key endorsement schemes rather than allow them to pick the one suited to their needs.
Yes, I do think there was interference in the past efforts but I suspect it was subtler than most imagine and not coming from the NIST folk. Rather, I think the interference came from folk who would encourage both sides in technical disputes to dig in and refuse to compromise, folk who participate with no visible means of financial support and seem to have limitless time to write drafts but are not very technical.
Hmmm I replace my hard drives when I start to see RAID errors. I don't plan to run SSD raid as the on board fault tolerance should be ok.
Would be nice to have hard data on expected failures so that I know whether to plan for a three or a six year lifespan. I generally replace my main machine on a six year cycle as I have a lot of expensive software. Looking to upgrade this year when the higher performance intel chips launch.
1tb is quite a lot. Probably more than I need in solid state. The price is also quite a bit more than the $0.05/gig for Hard drives. But it's getting a lot narrower. And RAID 1 doubles that cost anyway...
Umm, i am wearing one right now.
Sleeping in it just would not occur to me. Plus you have to take it off to charge it. So as a privacy thing, well the only reason it would get you in trouble would be wearing it during sex so you could get the fuel points.
Not a security issue that worries me at all.
Now the implants.. They might be an issue.
1. Actually, revocation checking does not solve the problem, alteast if someone had the CA private key, they could generate the same ID's as other existing certificate. OSCP/revocation lists only checks id's not names, which makes it not useful for all possible problems.
Neither CRLs nor OCSP are intended to mitigate a CA private key breach.
The only control in the system is to revoke the CA root and that can be effected on Windows by issuing a new CTL (as happened to revoke the Diginotar root) that drops the compromised root. The other browsers have similar mechanisms.
2. I also think DNSSEC can be useful, it would be really helpful for the domain-owner to be able to make it clear that his website uses cert X and cert Y (which implies CA A and CA B). And not any other cert or CA. Deployment of DNSSEC is very slow though at the moment.
The war could well be over by the time DNSSEC is deployed. The Iranian group have developed new attacks and dramatically escalated the sophistication of their attacks. The time between attacks has been weeks, not years. There is simply no prospect of large scale DNSSEC deployment in the next 6 months. the Iranian 'elections' are in March. I can't even see any possibility of deployment ahead of the next presidential election.
We need at least 2 things:
- a fallback method that browser makers want to adopt where DNSSEC hasn't been deployed by the ISP or when you are stuck in a "hotel network" or your OS does not support and so on. Because the browser needs to get the keying material to be able to check the if the data is properly signed. It do not think it even matters where it got it from, any old fallback channel might probably do. For OSCP http is used, so maybe that is good enough here too ?
Working on both of those.
- much better industry support for automating the keyrollover communication with TLDs. If I get my domain at some provider and run my own DNS-server there is hardly any provider, if any, which support EPP or whatever to communicate my DS-record to the TLD. Many TLDs that have deployed some DNSSEC don't (yet) even support DNSSEC in their EPP from their direct customers/members.
3. Can you be a bit more specific about what you proposed in 1993 ?
Not without sounding really whinny.
At this point its water under the bridge, I have changed my mind on what the approach to security should be and so has the industry.
The browser that an Iranian dissident should be using is probably not the same as the one your granny uses to shop online for sex toys. There are security concerns in both cases but the risks and issues are totally incommensurate.
No seriously, the "trust" in "trusted third party" has nothing to do with the trust that you put in the second party (i.e. the server or business with which you are communicating). It has all about to do with the trust you put in the third party (the certification agency), that it correctly does its job (only giving certificates to properly identified entities and appropriately securing their infrastructure so that hackers and spies can't just "help themselves"). The threat that SSL certificates are supposed to protect against is wiretapping, not rogue businesses. I'm sure, all of those shady banks that failed in the 2008/2009 crisis had valid SSL certificates, and rightly so!
Let me explain. I have been working on Web security now for 19 years. I was present at the original meetings at which the SSL system was proposed, I convened several of the relevant meetings.
At no time was government wiretap a design consideration for SSL. NEVER. In fact to claim this was totally ridiculous since at the time we were fighting a running battle with the FBI and the NSA who were trying to stop us using strong cryptography at all. The original SSL design was limited to 40 bits and was very clearly crackable.
SSL is not designed to be wiretap proof, my proposal and the EIT proposal were stronger in that regard. But at the time the criteria was whether shopping online could be made as safe as shopping in a store. That was the design criteria by which SSL was judged and the design criteria it passed (after they eventually hired some competent crypto people). I was the person who stated the design criteria at the meeting.
The problem is what they do when they can't reach that data. All the browsers out there now simply fail silently and go to the site anyway.
For some reason this is seen as a problem with CAs and not the broken browsers. But from the browser providers perspective 99% of their customers are really interested in getting to sites reliably and without fuss and less than 1% are dissidents whose lives might be threatened.
This is not the fault of the guy who writes the code. They only own one small piece of the browser and do not get to make the 'commercial' decisions.
Expecting this to be any different with a DNSSEC scheme is to engage in mystical thinking of a naive variety.
Unfortunately the registrar system is rather less trustworthy than you imagine. We have not to date encountered an outright criminal CA. We do however know of several ICANN registrars that are run by criminal gangs.
The back end security model of the DNS system is not at all good. While in theory a domain can be 'locked' there is no document that explains how locking is achieved at the various registry back ends. A domain that is not locked or one that is fraudulently unlocked is easily compromised.
The part of the CA system that has been the target of recent attacks is the reseller networks and smaller CAs. These are exactly the same sort of company that runs a registrar. In fact many registrars are turning to CAs to run their DNSSEC infrastructure since the smaller ones do not have the technical ability to do it in house. In fact a typical registrar is a pure marketing organization with all technical functions outsourced.
There are today about 20 active CAs and another 100 or so affiliates with separate brands. In contrast there are over a thousand ICANN registrars.
Sure there are some advantages to incorporating DNSSEC into the security model. But to improve security it should be an additional check, not a replacement. Today DNSSEC is an untried infrastructure, it is grafted on to a legacy infrastructure that is very old and complex and security is an afterthought.
The current breach is not even an SSL validation failure. The attacker obtained the certificate by bypassing the SSL validation system entirely and applying for an S/MIME certificate that did not have an EKU (which it should). That makes it a technical exploit rather than a validation issue. DNSSEC is a new code base and a very complicated one. Anyone who tells you that it is not going to have similar technical issues is a snake oilsman.
Slashdot Mirror
The problem with ID based encryption is revocation. If someone loses their key the best you can do is to tell people that it is bad. And any mechanism that could tell you the key status could be used for key binding.
So the only applications where it really works is in low level device type schemes where the crypto is installed during manufacture.
The CA model was never designed to do more than support Internet commerce. It was designed to be secure enough to exchange credit card information.
CAs are not useless against defending against intelligence services, they are only vulnerable to being suborned by a limited number of such agencies, the ones that they have plant in. And any defection is visible on the Internet. Hence the use of schemes such as Comodo CertSentry and Google's Certificate Transparency which are designed to prevent covert subornation of a CA by making the results of the attack visible.
One of the many reasons security is hard is that you have to defend against all the attacks, not just one particular one that someone is obsessing about. Nobody has proposed a replacement for the CA model that works as well within the existing constraints.
Peter Eckersley proposed a scheme 'Sovereign Keys' that solves the hard problems of PKI by pretending that the system administrator will never ever make a mistake. Moxie's 'Convergence' is three years old now and we are still waiting for an actual written specification. The problem with Convergence is that it depends on a notary infrastructure that doesn't have a business model. So it is hard to see how the world of commerce is going to be keen on moving to an infrastructure that we know will have scaling issues.
The CA model isn't prefect but it is the only part of the Internet security apparatus that fails rarely enough for the failures to still be news. McAfee fails to spot viruses on an hourly basis. There are serious security fixes for Windows, OSX and Linux every single month. Those don't make the news because they aren't news any more.
The market for the proposals that are 'stronger' is essentially the same as the constituency that use PGP every day and use Tor and keep their money in BitCoin. It is not a negligible constituency but the people who are in it have to spend about a quarter of their waking moments managing their security.
Web of Trust isn't perfect either. Choosing between the two is pointless because neither meets every need that the other meets. So instead of having the argument over which one to pick we should work on ways that let people use both in a seamless connected fashion.
The IETF is the official name of the 'Elders of the Internet' mentioned in this video.
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CDgQtwIwAA&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DiDbyYGrswtg&ei=LdGtUubBH9TMsATK0oDICw&usg=AFQjCNFBy44NoDrPLOCiq1g54j1FoZ9dgw&sig2=1mVXPzNhCXnfxb_jPPP3Zg
Even at the height of the troubles, the number of deaths in the UK due to terrorism never exceeded 500 and the UK murder rate was a fraction of the US murder rate at the time.
Most of the guns used by the IRA were bought in the US through NORAID, the US fund raising arm.
Newtown took place in the heart of gun-nut country, not the inner cities.
The number of gun deaths in rural America are way higher than in Europe.
The typical gun murder is of a family member. Those happen just as often in rural America, in fact they are rather more frequent because guns are easier to come by.
Most countries that regulate guns also regulate sales of ammonium nitrate fertilizers which is by far the next most popular tool for mass murder.
The US does not regulate ammonium nitrate particularly well which is why that factory in Texas was located next to two schools and the likely perpetrator could not even be prosecuted for the murders despite having made two pipe bombs.
Very few firearms deaths are caused by career criminals. The vast majority are suicides and accidental shootings. Making guns illegal would practically eliminate those causes of death. Only criminals would have guns to leave round the house for the kids to use.
The UK does not have idiotic mandatory sentences for low level drug possession or peddling. But carry a firearm during a crime and you get ten years almost automatically. Fire the gun and its fifteen. Anyone involved in the crime kills someone and its a whole life sentence.
Its just a hobby, you folk don't have the right to cause 50,000 deaths a year for your hobby. Moreover I don't think the general public is impressed by the NRA attempting to save their hobby at all costs by attempting to persuade the politicians to ban video games instead.
The purpose of the 2nd amendment was to stop the federal government outlawing slavery by making it illegal for the states to organize slave patrols.
The people who wrote it did not believe in freedom. They were slave owners.
Actually its only 99.995%
And the issue is not the 99.995% of owners who don't commit murder, its the 0.005% who do.
And given that the total number of firearms deaths is three times the number of murders, the number of 'responsible' owners is far smaller. There is a child under 5 killed with a firearm every week in the US.
Any gun that is accessible enough to be used in 'self-defense' within 1 minute 20 seconds is going to be accessible to a child.
Schools are only gun free to the extent that there are no guns brought in from outside.
Europe has roughly the same population as the US and the murder rate is actually identical - if you exclude firearms deaths. The number of Americans murdered with knives etc. is pretty much the same as the number of Europeans.
The higher US murder rate is entirely due to the NRA and the politicians who are to weak in the spine to stand up to them.
The UK gun murder rate is essentially zero because it is almost impossible for a criminal to get a gun.
We need a war on guns. Make drugs legal and guns illegal. Shut down the manufacturers and the death merchants. It won't take every gun off the street but it will eliminate most of them within a few years.
Its only a matter of time before this happens.
Every time we have yet another NRA sponsored massacre we have the gun nuts round to say the answer is more nuts with guns.
You are worse than pedophiles in my view.
Where were these slef styles defenders of liberty when Bush was setting up the gulag in Gitmo and using torture? They were cheering him on. If there ever was a fascist takeover of the US, the NRA would be there in their jackboots and pillowcases rounding up opponents to help the new regime.
Take the guns away, every damn one.
I thought he was you actually.
In the future everyone will be Satoshi Nakamoto for 15 minutes.
Oh and there is an eight:
The claim to be rated by the better business bureau has been shown to be false. KlearGear makes several such claims that have been shown to be false for the purpose of gaining business. That meets the legal definition of fraud. In addition to creating the possibility of criminal sanctions, fraud voids a contract.
The Bill of rights is also enforceable on state governments.
KlearGear is attempting to enforce a purported contract term, guess what regulates contracts, oh yes, its the courts. And guess what the courts are part of, oh yes they are part of the government.
One of the sources of the Bill of Rights was precisely a concern about the government 'privatizing' censorship. That is how the British libel laws came into being, the purposes were to reduce the number of duels by providing an alternative dispute resolution process and to enable the rich and powerful to suppress their critics. It is no coincidence that in the 20th century the UK libel laws were used by a long series of corrupt bastards to suppress legitimate criticism, from John Major, the adulterer suing the New Statesman over an allegation of adultery, to Robert Maxwell the guy who stole almost a billion dollars worth of pension funds, to Jeffrey Archer and John Aitken who went to jail for perjury after making fraudulent libel claims.
The breach led to the contract being voided. KlearGear never delivered and Paypal refunded the money. So there was no exchange on either side.
The buyers might have had a claim for non-performance but the idea that the seller could enforce their one sided terms is ridiculous.
A clause that prevents reporting the failure to perform is certainly not going to be valid, not even in Texas.
The contract clause is unenforceable for multiple reasons. The first amendment has a bearing on one of them.
First there is no contract, The goods were never delivered, KlearGear failed to perform its obligation, there was never an exchange of a consideration. Therefore no contract.
Second, the original agreement was with the husband, the comments were made by the wife.
Third, the contract terms were added after the original agreement as is demonstrated by the Way Back Machine archives
Fourth, even if there had been a contract it would be a contract of adhesion. The seller defines the terms and the buyer has a weak negotiating position. In such cases civilized jurisdictions (i.e. not necessarily a corrupt jurisdiction) generally strike out clauses that are surprising or contrary to normal practice absent clear proof that the buyer was aware the term existed. A line of text in a fifty page contract in 6pt type is not normally enforceable.
Fifth, the term in question was unconscionable which means that it offends the basic principles of commerce and/or society. Constitutional precedent and in particular the first amendment is frequently used to establish that a clause is 'unconscionable'. Kleargear is not 'violating' the first amendment but the courts are not going to enforce a contract term whose purpose is to take away constitutionally protected rights.
Sixth, even if all the above were not so, the claim for $3,500 is a liquidated damages clause and thus invalid. As a matter of public policy, corporations are not allowed to set fines.
Seventh, the amount was clearly in dispute. Thus the reporting to Experian was in breach of the fair credit reporting act.
I am sure that there are weaker claims out there, but I can't think of one offhand.
Not an IETF list.
It is not even meant to be a proposal.
The point of the document is that I took all the points that had been made five or more times already and put them into one document so that we can move the discussion on to the next stage. Otherwise every time we get a new person joining the group we have to go through the same thing all over. And the third or fourth time round it becomes 'we already know that', 'NOO you are trying to censor me, NSA plant!'.
It isn't meant to become an IETF draft, they would make me take out all the fun parts. Like pointing out the abject incompetence of an organization that lets a 29 year old contractor with a pole dancer for a girl friend have access to that material six months after joining. Why do Alexander and Clapper still have jobs? And spying on US citizens and then trading the raw SIGINT with foreign powers that are certain to share it with my commercial competitors? What were these idiots thinking?
There is work going on in IETF and in fact we started before his Bruce-ship made his call to arms. I doubt the PRISM-PROOF branding will stick. But it is powerful mind share as this story proves. We have botched deployment of almost all the security protocols developed in IETF except for TLS and that succeeded before it went in. This is a chance to hit the reset button and fix the mindbogglingly stupid deployment gaps. Like having no standard way to discover recipient keys and having two different message formats (OpenPGP and S/MIME) forcing people to choose between two key endorsement schemes rather than allow them to pick the one suited to their needs.
Yes, I do think there was interference in the past efforts but I suspect it was subtler than most imagine and not coming from the NIST folk. Rather, I think the interference came from folk who would encourage both sides in technical disputes to dig in and refuse to compromise, folk who participate with no visible means of financial support and seem to have limitless time to write drafts but are not very technical.
Hmmm I replace my hard drives when I start to see RAID errors. I don't plan to run SSD raid as the on board fault tolerance should be ok.
Would be nice to have hard data on expected failures so that I know whether to plan for a three or a six year lifespan. I generally replace my main machine on a six year cycle as I have a lot of expensive software. Looking to upgrade this year when the higher performance intel chips launch.
1tb is quite a lot. Probably more than I need in solid state. The price is also quite a bit more than the $0.05/gig for Hard drives. But it's getting a lot narrower. And RAID 1 doubles that cost anyway...
Was about to make a witty reply till i realized i stopped readin slashdot round about the time i got married.
Umm, i am wearing one right now. Sleeping in it just would not occur to me. Plus you have to take it off to charge it. So as a privacy thing, well the only reason it would get you in trouble would be wearing it during sex so you could get the fuel points. Not a security issue that worries me at all. Now the implants.. They might be an issue.
That is not an approved disposal scheme in the US DoD. Explosives can and do leave pieces large enough to recover information from.
1. Actually, revocation checking does not solve the problem, alteast if someone had the CA private key, they could generate the same ID's as other existing certificate. OSCP/revocation lists only checks id's not names, which makes it not useful for all possible problems.
Neither CRLs nor OCSP are intended to mitigate a CA private key breach.
The only control in the system is to revoke the CA root and that can be effected on Windows by issuing a new CTL (as happened to revoke the Diginotar root) that drops the compromised root. The other browsers have similar mechanisms.
2. I also think DNSSEC can be useful, it would be really helpful for the domain-owner to be able to make it clear that his website uses cert X and cert Y (which implies CA A and CA B). And not any other cert or CA. Deployment of DNSSEC is very slow though at the moment.
The war could well be over by the time DNSSEC is deployed. The Iranian group have developed new attacks and dramatically escalated the sophistication of their attacks. The time between attacks has been weeks, not years. There is simply no prospect of large scale DNSSEC deployment in the next 6 months. the Iranian 'elections' are in March. I can't even see any possibility of deployment ahead of the next presidential election.
We need at least 2 things: - a fallback method that browser makers want to adopt where DNSSEC hasn't been deployed by the ISP or when you are stuck in a "hotel network" or your OS does not support and so on. Because the browser needs to get the keying material to be able to check the if the data is properly signed. It do not think it even matters where it got it from, any old fallback channel might probably do. For OSCP http is used, so maybe that is good enough here too ?
Working on both of those.
- much better industry support for automating the keyrollover communication with TLDs. If I get my domain at some provider and run my own DNS-server there is hardly any provider, if any, which support EPP or whatever to communicate my DS-record to the TLD. Many TLDs that have deployed some DNSSEC don't (yet) even support DNSSEC in their EPP from their direct customers/members.
3. Can you be a bit more specific about what you proposed in 1993 ?
Not without sounding really whinny.
At this point its water under the bridge, I have changed my mind on what the approach to security should be and so has the industry.
The browser that an Iranian dissident should be using is probably not the same as the one your granny uses to shop online for sex toys. There are security concerns in both cases but the risks and issues are totally incommensurate.
No seriously, the "trust" in "trusted third party" has nothing to do with the trust that you put in the second party (i.e. the server or business with which you are communicating). It has all about to do with the trust you put in the third party (the certification agency), that it correctly does its job (only giving certificates to properly identified entities and appropriately securing their infrastructure so that hackers and spies can't just "help themselves"). The threat that SSL certificates are supposed to protect against is wiretapping, not rogue businesses. I'm sure, all of those shady banks that failed in the 2008/2009 crisis had valid SSL certificates, and rightly so!
Let me explain. I have been working on Web security now for 19 years. I was present at the original meetings at which the SSL system was proposed, I convened several of the relevant meetings.
At no time was government wiretap a design consideration for SSL. NEVER. In fact to claim this was totally ridiculous since at the time we were fighting a running battle with the FBI and the NSA who were trying to stop us using strong cryptography at all. The original SSL design was limited to 40 bits and was very clearly crackable.
SSL is not designed to be wiretap proof, my proposal and the EIT proposal were stronger in that regard. But at the time the criteria was whether shopping online could be made as safe as shopping in a store. That was the design criteria by which SSL was judged and the design criteria it passed (after they eventually hired some competent crypto people). I was the person who stated the design criteria at the meeting.
The problem is what they do when they can't reach that data. All the browsers out there now simply fail silently and go to the site anyway.
For some reason this is seen as a problem with CAs and not the broken browsers. But from the browser providers perspective 99% of their customers are really interested in getting to sites reliably and without fuss and less than 1% are dissidents whose lives might be threatened.
This is not the fault of the guy who writes the code. They only own one small piece of the browser and do not get to make the 'commercial' decisions.
Expecting this to be any different with a DNSSEC scheme is to engage in mystical thinking of a naive variety.
The back end security model of the DNS system is not at all good. While in theory a domain can be 'locked' there is no document that explains how locking is achieved at the various registry back ends. A domain that is not locked or one that is fraudulently unlocked is easily compromised.
The part of the CA system that has been the target of recent attacks is the reseller networks and smaller CAs. These are exactly the same sort of company that runs a registrar. In fact many registrars are turning to CAs to run their DNSSEC infrastructure since the smaller ones do not have the technical ability to do it in house. In fact a typical registrar is a pure marketing organization with all technical functions outsourced.
There are today about 20 active CAs and another 100 or so affiliates with separate brands. In contrast there are over a thousand ICANN registrars.
Sure there are some advantages to incorporating DNSSEC into the security model. But to improve security it should be an additional check, not a replacement. Today DNSSEC is an untried infrastructure, it is grafted on to a legacy infrastructure that is very old and complex and security is an afterthought.
The current breach is not even an SSL validation failure. The attacker obtained the certificate by bypassing the SSL validation system entirely and applying for an S/MIME certificate that did not have an EKU (which it should). That makes it a technical exploit rather than a validation issue. DNSSEC is a new code base and a very complicated one. Anyone who tells you that it is not going to have similar technical issues is a snake oilsman.