[cryptography] The Government and Trusted Third Party

Marsh Ray marsh at extendedsubset.com
Sun Sep 18 12:32:23 EDT 2011

On 09/18/2011 05:32 AM, Jeffrey Walton wrote:
> The one thing I cannot palette: [many] folks in Iran had a
> preexisting relationship with Google. For an Iranian to read his/her
> email via Gmail only required two parties - the person who wants to
> do the reading and the Gmail service. Why was a third party
> involved?

This is a good question and it's the starting point of some of the
proposed solutions being floated (e.g. pinning).

I think the answer comes from the realm of ordinary software
engineering: state.
(no, not "State" like the government, let's not get sidetracked here :-)

The entire concept of a "preexisting relationship" adds new state to the
client endpoint (the web browser). This might seem like a small thing,
but it really isn't. To the extent a solution built on this
observation is effective, this state is also security critical.

Now that we have security critical state in the user's web browser, it
add a lot of complication to the user interface.

* A user may change hardware or reinstall the software, so now you need
a mechanism to back it up and restore it, perhaps across vendors.
Otherwise, the user's security actually regresses when they switch to a
brand-new, clean and more secure PC.

* The state probably needs to be private since it contains browsing history.

* The state may become corrupted either maliciously or by accidentally.
This could be as common as cert warnings are today. So now the users
need a method to:
   - wipe out the state entirely "clear the cache and cookies"
   - delete entries selectively e.g., look through the cookies for the
site and all the affiliate sites serving resources in into the page.
   - bypass the errors manually "continue using the site anyway"

My personal view is that there's still probably a useful feature there
if these issues can be overcome with some luck and heroically elegant
software engineering.

But if you're someone who believes that users always thoughtlessly
bypass security warnings today, then you might see this feature as
another "damn the torpedoes full speed ahead" button that users press
when actually under attack.

Note that out of over 300,000 IP addresses that made OCSP queries for
fraudulent DigiNotar certs, there was only one user who had the presence
of mind to ask about it on a help forum:

This man deserves a medal and a place in history.
Shall we make a Wikipedia page for him?
Would the editors understand why he is noteworthy?

- Marsh

More information about the cryptography mailing list