[cryptography] Math corrections

Jeffrey Walton noloader at gmail.com
Tue Sep 20 09:25:32 EDT 2011

On Mon, Sep 19, 2011 at 7:31 PM, Benjamin Kreuter <brk7bx at virginia.edu> wrote:
> On 09/18/2011 05:11 PM, Marsh Ray wrote:
>> B. If your threat model considers as an adversary government A, then
>> you're in good company with governments B through Z. So all the comments
>> on "won't save you from The Government", while true, are also
>> potentially writing off your biggest ally.
> Unless, of course, we continue to use the system as it exists today,
> where any trusted CA can sign a certificate for anyone.  If a particular
> government supports a CA that is "cooperative" with that government,
> then either nobody in the world would be safe, or the system will
> fracture and we will not have a global PKI.
If 'global PKI' == 'insecure', why is that a bad thing?

>> C. At the end of the day, governments need to log into their VPNs and
>> check their MS Outlook Web Access email remotely just like everybody
>> else. Now consider that this applies to process engineers at power
>> plants and chemical facilities too. When you hear US DHS people talking
>> about "national infrastructure vulnerable to cyber attack" they are
>> sincerely concerned about this type of exposure.
> So the only trustworthy CAs will be the ones that sign certificates for
> power companies or other "national security" related entities?  We need
> a system that can be used and trusted (to a reasonable degree) by
> everyone, not just big or "important" organizations.
>> At some point, the influence of people on the defense side will outweigh
>> those who benefit from the attack side.
> I doubt this will happen any time soon.  Consider this official (and
> apparently still current) FAQ from the Department of Justice:
> http://www.justice.gov/criminal/cybercrime/cryptfaq.htm
> Yes, that was issued over a decade ago, but "key recovery" -- which we
> are meant to believe is not the same as key escrow -- remains the DOJ's
> goal when it comes to cryptography.  There is also the more recent push
> by the Obama administration to create a system that allows law
> enforcement agencies to more easily hijack domain names.
Its a chronic problem, and its getting progressively worse. When a
person has a chronic, progressive disease (such as cancer), they
usually dies sooner than latter. This problems will not die - they
need to be solved by engineers, security architects, and
cryptographers who don't bend to political pressures.

>> Now that the cat's out of the bag about PKI in general and there's an
>> Iranian guy issuing to himself certs for www.*.gov seemingly at will, I
>> think the current PKI system will not escape the black hole at this
>> point, it crossed the event horizon sometime earlier this year.
> I doubt it.  The cat has been out of the bag on how easily email can be
> forged for decades now, but how often do you receive digitally signed
> email?  The cat has been out of the bag about running out of IPv4
> addresses for many years, but IPv6 deployment has been sluggish.
> Without a strong incentive, these things will not change, and the PKI is
> no different.  I doubt that the current PKI will be gone by the end of
> this decade -- criminal MITM attacks are just not in-your-face enough to
> generate a public outcry, and governments are not terribly interested in
> thwarting their own law enforcement agencies.
All the more reason the security folks should model government as a
threat. It does not matter which government - US, UK, Iran, Libya,
North Korea, Tunisia, etc. They are all trying to restrict or remove
privacy, and some consequences are dire. What good is a written
security policy that carries an indemnity to a dead dissident?


More information about the cryptography mailing list