[cryptography] Diginotar Lessons Learned (long)
pgut001 at cs.auckland.ac.nz
Fri Sep 9 21:22:33 EDT 2011
Lucky Green <shamrock at cypherpunks.to> writes:
>We are also seeing a near universal call for "fixes" of the broken PKI
>paradigm. I couldn't agree more that fixes - and indeed redesigns - are badly
>needed and have been for some 15+ years. Pretty much since the day the word
>PKI was coined. What I hear much more rarely are discussions if the proposed
>fixes actually solve the problem.
This is the problem with the mass of point solutions to various bits of PKI
that are being proposed (including my own fix for OCSP). Even if we fixed
every piece of it, it would have close to zero effect on securing browser
users, because browser PKI doesn't defend against anything that attackers are
doing (insert standard refs to things like APWG data supporting this). So we
need to figure out what we're actually trying to achieve:
1. Fiddle with PKI because it's technical and fiddling with technology is
fun, and it's a convenient distraction from having to think about the
2. Act to protect browser users, which has little to nothing to do with PKI.
At the moment most (all?) of the response seems to be (1), "here's a flaw, and
here's a proposed kewl technical thing to do to fix it". So at the end of it
all we may have a slightly less broken browser PKI, but the attackers won't
We need to look at "how do we protect browser users" (thus <propaganda>my
EuroPKI talk</propaganda>), not "how do we fix something that, even if it
worked, wouldn't actually work".
May I make the following modest proposal:
A "fix" (of whatever form you want to try) is only regarded as valid if it
leads to at least a 25% decrease in phishing, measured over the interval
before and after its introduction.
(Just as a data point for those banking on some PKI silver bullet, EV certs
led to a 0% decrease in phishing after their introduction).
More information about the cryptography