[cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

Ben Laurie ben at links.org
Tue Jan 8 04:38:44 EST 2013


On Tue, Jan 8, 2013 at 8:40 AM, ianG <iang at iang.org> wrote:
>
>> IMO, the answer to phishing is to solve the password problem, and the
>> solution to the password problem is really good password managers. But
>> I haven't had much luck selling that solution. Probably because,
>> rather like Peter's solution, it has a largish element of fluff.
>
>
>
> Nod.  Actually, using client certs gets you most of the way there [0]. But
> like passwords, we need to replace the bad password manager (aka the human)
> with a better password manager, in software.  So the solution is the same.

Quite so. What I didn't bother to expand on, but its clearly the end
game, is once you have a really good password manager then it can
manage other secrets, such as private keys, and since we've cut the
human out of the interaction part of signing in, they will be just as
usable as passwords. But with clearly superior security properties.

> [0] Point being that if one does the analysis, client certs dominate
> passwords at many levels.  Especially when we've got away from insisting
> that a password be memorable, something I'm sure everyone here understands.
>
> So why aren't client certs the focus of more attention?  Well, I will leave
> a conjecture on the table:  because the CAs have a lot of trouble selling
> them, and the vendor teams work closely with CAs and other infrastructure
> sellers of PKI software.  So, the vendor teams see no demand.

I will readily agree that this is why CAs aren't doing research on
client certs, but they're hardly the only actors in this world. My
experience is that client certs do not get focus because they have a
horrible UI, because they shift the user experience from the website
to the browser and because there's no good story for portability (i.e.
moving them between devices). There are also secondary issues, like
privacy concerns.

I guess I should mention another thing Google is doing at this point:
http://www.browserauth.net/.



More information about the cryptography mailing list