Donate $100 for the Cryptome archive of 65.000 files from June 1996 to the present

25 June 2011. Related New York Times report today on new Internet security/trust initiative, DNSSEC:

http://www.nytimes.com/2011/06/25/science/25trust.html

Certificates of Authentication Are Daft

Date: Sat, 25 Jun 2011 16:48:15 -0400
From: Ian G <iang[at]iang.org>
Crypto discussion list <cryptography[at]randombit.net>
Subject: [cryptography] this house believes that user's control over the root list is a placebo

On 21/06/11 4:15 PM, Marsh Ray wrote:
> On 06/21/2011 12:18 PM, Ian G wrote:
>> On 18/06/11 8:16 PM, Marsh Ray wrote:
>>> On 06/18/2011 03:08 PM, slinky wrote:
>>
>>> .... But we know there are still hundreds of "trusted" root CAs, many from governments, that will silently
>>> install themselves into Windows at the request of any website. Some of these even have code signing
>>> capabilities.
>>
>> Hmmm... I'm currently working on a risk analysis of this sort of thing.
>> Can you say more about this threat scenario?
>
> I did a blog post about it a while back: http://extendedsubset.com/?p=33
>
> This was about the CNNIC situation,

Ah, the "I'm not in control of my own root list" threat scenario.

See, the thing there is that CNNIC has a dirty reputation.  But CNNIC passed the test to get into the root lists.

Which do you want?  A CA gets into a root list because it is nice and pretty and bribes its way in?  This was the old way, pre 1995.  Or there is an objective test that all CAs have an equivalent hurdle in passing?

This was the post 1995 way.

There's no easy answer to this.  Really, the question being asked is wrong.  The question really should be something like "do we need a centralised root list?"

> since then we've seen Tunisia MITM
> its citizens and they have a national CA as well.

Yup.

> Basically, MS Windows has a list of "Trusted Root CAs". But the list
> displayed there is actually just a subset of the CAs that are
> effectively trusted. When you browse to a site with a CA not in this
> list, Windows can contact Microsoft and on-the-fly add that cert to your
> trusted root store. Innovative, huh?

This is the geek's realisation that they cannot control their list of "trusted" CAs.  Their judgement is undermined, as MS Windows' root list has gone the next step to dynamic control, which means that the users' ability to verify the root is undermined a bit more by not having an ability to stop the future dynamic enhancements.

In practice, if we assume a centralised root list, this is probably the better result.

It works quite simply:  1 billion users don't check the root list, at all.  They rely entirely on the ueber-CA to generate a good root list. A tiny fraction of that number (under 1 million, or 0.1%) know about something called a root list, something perversely called "trust" bits, and the ability to fiddle those bits.  They do that, and imagine that they have achieved some higher level of security.  But, this technique has difficulty establishing itself as anything more than a placebo.

Any model that offers a security feature to a trivially tiny minority, to the expense of the dominant majority, is daft.  The logical conclusion of 1.5 decades worth of experience with centralised root lists is that we, in the aggregate, may as well trust Microsoft and the other root vendors' root list entirely.

Or: find another model.  Change the assumptions.  Re-do the security engineering.

iang

_______________________________________________

cryptography mailing list
cryptography[at]randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography