[cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Jan 5 08:26:27 EST 2013

In the light of yet another in an apparently neverending string of CA
failures, how long are browser vendors going to keep perpetuating this PKI
farce? [0].  Not only is there no recorded instance, anytime, anywhere, of a
browser certificate warning actually protecting users from harm [1], but the
blind faith that browsers place in certificates is actively harming users when
things fail, as they have again and again and again.

Users, or at least technical ones with enough knowledge to understand the
issues, have completely lost faith in browser PKI.  If you look at discussion
threads on technical forums [2], browser PKI is seen purely as something to
roll your eyes at, to make jokes about.  No-one (and as before that's with an
implied "who understands the details") has any faith in it any more.

The total inability and/or unwillingness of the browser vendors to respond to
this and provide real security measures that don't involve simply changing the
silly-walk they do with certificates and continuing as before is not only not
helping users in any way, it's actively harming them, and users are aware of

Browsers may as well turn off all their PKI-related code and just use anon-DH
for everything, which would be safer than the current false-sense-of-security
silly-walk they're doing, not to mention saving tens (hundreds?) of millions
of dollars paid to commercial CAs by sites wanting to disable the browser

Browser PKI costs a fortune to run, it doesn't protect users from anything the
attackers are doing, and at worst it actively endangers them.  If it was a
commercial good, RAPEX would have it withdrawn [3].


[0] I mean "farce" in its theatrical sense here, "unlikely, extravagant, and
improbable situations [...] highly incomprehensible plot-wise (due to the
large number of plot twists and random events that often occur) [...] Farce is
also characterized by [...] the use of deliberate absurdity or nonsense, and
broadly stylized performances" (from Wikipedia, which has a more detailed
definition than e.g. the OED).

[1] See "So Long, And No Thanks for the Externalities: The Rational Rejection
of Security Advice by Users", Cormac Herley.

[2] And I realise the likes of Slashdot aren't the best of them, but it's the
most accessible and has the most participants, so it's a quick way to gauge
public opinion.

[3] "RAPEX is the EU rapid alert system that facilitates the rapid exchange of
information between Member States and the Commission on measures taken to
prevent or restrict the marketing or use of products posing a serious risk to
the health and safety of consumers".

More information about the cryptography mailing list