[cryptography] Nirvana

ianG iang at iang.org
Fri Sep 23 14:50:37 EDT 2011

On 19/09/11 02:22 AM, M.R. wrote:
> On 18/09/11 10:31, Ian G wrote:
>>> On the other hand, a perfectly adequate low-level retail
>>> transaction security system can best be achieved by using a
>>> trusted-third-party, SSL-like system.
>> That's a marketing claim. Best ignored in any scientific
> > discussion.
> Yes, I agree, let's ignore it!
> In your view then, is the alternative at all a public key based
> crypto system? If yes, is it SSH (or SSH-like) "trust on first
> contact" or something else?

If the mission is to design an "adequate low-level retail transaction 
security system" then TOFU (trust on first use) is perfectly adequate 
for my money.  If we're talking about credit cards, they already have a 
defence built into to them, so we're covered both ways.

> ~I~ have a dream: one nice morning, in a year or two, when we download
> the new release of our favorite browser, it all of a sudden tells us
> if the server we are connecting to employs SSL-nouveau (with a series
> of trusted third parties, and who exactly they are) or SSH-nouveau
> (trusting the continuation of server's public key in our possession).

Right.  And, we actually have that.  The server can use SSL server certs 
that are self-signed not CA-signed.  At that point, SSL performs pretty 
much like TOFU.  What is needed then is some security UI work on the 
browsers to benefit from the TOFU.

The funny thing is that SSL use would expand if we could easily use 
self-signed.  CAs would benefit, too.  But, trying to talk marketing 
concepts to vendors is like trying to talk deficit reduction to 

> In that brave new world, the server operator might even give the
> client a choice: if there was a previous contact, it is SSH-nouveau,
> otherwise it is SSL-nouveau. And the users who are about to order
> a $34.95 book from Amazon just click through, and those that are
> about to overthrow, by blood and iron, the oppressive, dictatorial
> government of Greater Horribilia actually know what the hell is
> going on, and act with prudence commensurate to their calling...

Yes.  Marrying TOFU with CA-signed works quite well.  It's been demo'd 
in various plugins.  Having the client pin the certificate to the CA, is 
more or less the same thing, it's an optimisation that the plugin people 
discovered in the mid 00's when they worked through the concept.

The advantage of this approach is that the banks would get better 
protection too, because some of the client-side innovations ("secure 
bookmarks") would help a lot with phishing.

> Absolute nirvana!

Assuming one takes the current infrastructure as a starting point :)


More information about the cryptography mailing list