[cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

Ben Laurie ben at links.org
Sun Jan 6 07:27:34 EST 2013

On Sat, Jan 5, 2013 at 1:26 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> In the light of yet another in an apparently neverending string of CA
> failures, how long are browser vendors going to keep perpetuating this PKI
> farce? [0].  Not only is there no recorded instance, anytime, anywhere, of a
> browser certificate warning actually protecting users from harm [1],

This is patently incorrect: Diginotar were caught by a browser warning.

> but the
> blind faith that browsers place in certificates is actively harming users when
> things fail, as they have again and again and again.
> Users, or at least technical ones with enough knowledge to understand the
> issues, have completely lost faith in browser PKI.  If you look at discussion
> threads on technical forums [2], browser PKI is seen purely as something to
> roll your eyes at, to make jokes about.  No-one (and as before that's with an
> implied "who understands the details") has any faith in it any more.
> The total inability and/or unwillingness of the browser vendors to respond to
> this and provide real security measures that don't involve simply changing the
> silly-walk they do with certificates and continuing as before

Certificate Transparency is a real security measure that is a response
by a browser vendor.

> is not only not
> helping users in any way, it's actively harming them, and users are aware of
> this.
> Browsers may as well turn off all their PKI-related code and just use anon-DH
> for everything, which would be safer than the current false-sense-of-security
> silly-walk they're doing, not to mention saving tens (hundreds?) of millions
> of dollars paid to commercial CAs by sites wanting to disable the browser
> warnings.
> Browser PKI costs a fortune to run, it doesn't protect users from anything the
> attackers are doing, and at worst it actively endangers them.  If it was a
> commercial good, RAPEX would have it withdrawn [3].
> Peter.
> [0] I mean "farce" in its theatrical sense here, "unlikely, extravagant, and
> improbable situations [...] highly incomprehensible plot-wise (due to the
> large number of plot twists and random events that often occur) [...] Farce is
> also characterized by [...] the use of deliberate absurdity or nonsense, and
> broadly stylized performances" (from Wikipedia, which has a more detailed
> definition than e.g. the OED).
> [1] See "So Long, And No Thanks for the Externalities: The Rational Rejection
> of Security Advice by Users", Cormac Herley.
> [2] And I realise the likes of Slashdot aren't the best of them, but it's the
> most accessible and has the most participants, so it's a quick way to gauge
> public opinion.
> [3] "RAPEX is the EU rapid alert system that facilitates the rapid exchange of
> information between Member States and the Commission on measures taken to
> prevent or restrict the marketing or use of products posing a serious risk to
> the health and safety of consumers".
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

More information about the cryptography mailing list