[cryptography] wont CA hackers CA pin also? and other musings (Re: PKI "fixes" that don't fix PKI (part III))

Ian G iang at iang.org
Sat Sep 10 14:46:50 EDT 2011

On 11/09/2011, at 1:30, Douglas Huff <dhuff at jrbobdobbs.org> wrote:

> On Sep 10, 2011, at 8:28 AM, Ian G wrote:
>> Hi Adam,
>> On 10/09/2011, at 20:16, Adam Back <adam at cypherspace.org> wrote:
>>> So I hear CA pinning mentioned a bit as a probable way forward, but I didnt
>>> see anyone define it on this list,
>> Adam described it in this list. The specific mechanism is less important than what it achieves: the browser knows that the website is constrained to use the certs of only one CA.
>> The rest is implementation detail.
> It's not at all though!


> Today CA compromise isn't even a, let alone the most, common way of "exploiting" the blanket trust of all CAs involved in the PKI infrastructure.

Is the current attack an exploit? Or is it a direct attack on the infrastructure?

> The two most common methods are:
>  1) MITM where the attacker controls the victim's network connection to some extent and redirects them to or proxies them through a different server.

Do you have any numbers on that? I thought this was relatively rare.

>  2) Phishing using a similar-looking domain name.

Yes. That's the big one in this space. Afaik.

> In case 1 any type of pinning that is not hardcoded in the software,

Sorry, please explain? Are you assuming that the user's machine / browser is compromised? If that is the case, isn't hard-coding just obfuscation?


More information about the cryptography mailing list