[cryptography] SSL is not "broken by design"

ianG iang at iang.org
Fri Sep 23 15:11:33 EDT 2011

On 24/09/11 04:17 AM, Ben Laurie wrote:
> On Thu, Sep 22, 2011 at 4:46 PM, Peter Gutmann
> <pgut001 at cs.auckland.ac.nz>  wrote:
>> Ben Laurie<ben at links.org>  writes:
>>> Well, don't tease. How?
>> The link I've posted before (but didn't want to keep spamming to the list):
>> http://www.cs.auckland.ac.nz/~pgut001/pubs/pki_risk.pdf
> That was a fun read and I mostly agree, but it raises some questions...
> a) Key continuity is nice, but ... are you swapping one set of
> problems for another? What happens when I lose my key? How do I roll
> my key? I just added a second server with a different key, and now a
> bunch of users have the "wrong" key - what do I do? How do I deal with
> a compromised key?

All this was figured out in the mid 00's in Trustbar.  The answer to 
those above question is ... wait for it ... CA pinning :)

Yes, we don't mean the limited hack by google, but dynamically pinning 
the site with the CA within the client-side level.  The client starts 
TOFU-style and records the cert, and watches to see how variations 
occur.  It can analyse and accept variations on various metrics.  See 
page 25.

E.g., another issue was that accelerator farms tended to use either the 
same cert or many certs, operating to a pattern.  Solved.

Another issue worth saying over and over again is secure bookmarks, 
which Tyler's Petnames demo'd.  This coupled the bookmark to the URL to 
the cert.  Which matches the current online banking advice of using ones 
bookmarks to go to ones bank.  Pretty sad, really.  So few lines, so 
many phishes.


PS: Sorry, Peter, I'm just rehashing a lot of the content in the 
slides.  ...

More information about the cryptography mailing list