[cryptography] SSL is not "broken by design"
iang at iang.org
Fri Sep 23 15:11:33 EDT 2011
On 24/09/11 04:17 AM, Ben Laurie wrote:
> On Thu, Sep 22, 2011 at 4:46 PM, Peter Gutmann
> <pgut001 at cs.auckland.ac.nz> wrote:
>> Ben Laurie<ben at links.org> writes:
>>> Well, don't tease. How?
>> The link I've posted before (but didn't want to keep spamming to the list):
> That was a fun read and I mostly agree, but it raises some questions...
> a) Key continuity is nice, but ... are you swapping one set of
> problems for another? What happens when I lose my key? How do I roll
> my key? I just added a second server with a different key, and now a
> bunch of users have the "wrong" key - what do I do? How do I deal with
> a compromised key?
All this was figured out in the mid 00's in Trustbar. The answer to
those above question is ... wait for it ... CA pinning :)
Yes, we don't mean the limited hack by google, but dynamically pinning
the site with the CA within the client-side level. The client starts
TOFU-style and records the cert, and watches to see how variations
occur. It can analyse and accept variations on various metrics. See
E.g., another issue was that accelerator farms tended to use either the
same cert or many certs, operating to a pattern. Solved.
Another issue worth saying over and over again is secure bookmarks,
which Tyler's Petnames demo'd. This coupled the bookmark to the URL to
the cert. Which matches the current online banking advice of using ones
bookmarks to go to ones bank. Pretty sad, really. So few lines, so
PS: Sorry, Peter, I'm just rehashing a lot of the content in the
More information about the cryptography