[cryptography] Allergy for client certificates

Guido Witmond guido at witmond.nl
Wed Oct 9 05:40:22 EDT 2013

On 10/09/13 00:18, Thierry Moreau wrote:
> Guido Witmond wrote:
>> On 09/30/13 19:31, Thierry Moreau wrote:
>>> Perspective: I'm still working towards a working prototype based on
>>> (A) the client PPKP usage paradigm (Public-Private Key Pair)
>>> (B) the first party certification paradigm (get rid of requesting any
>>> client PKI certificate from any CA)
>>> (C) an end-user enrollment scheme that facilitates (B) (and PPKP usage
>>> migration in some respect)
>> I guess, you and I have the same idea!.
>> What do you think of my proposed solution: [0]
>> Regards, Guido.
>> 0: http://eccentric-authentication.org/blog
> I did look at it when you first made an announcement on this list.
> I looked at it very briefly again today.
> I am not sure you totally get rid of CAs. You seem to propose a CA for
> pseudonyms, freely available to arrange anonymous secure connections.

Hi Thierry,

I don't use Global CA's at all. Perhaps I need to clarify that point on
my site:

Each Local CA, one for each site, signs the server certificate for that

It also creates a subCA that signs the customers' client certificates.
Then store the root CA private key offline.

When a visitors sign up, they get a client certificate signed by the subCA.

Whenever a customer visits the site again, their user agent (browser)
checks the server certificate to learn the CA and the agent only offers
the client certificates that match that server certificate CA.

This protects the user against phishing as the crooks can redirect DNS
and DNSSEC (by hacking into the DNS-registrars) but they cannot copy the
site's root Certificate. That should live offline on a smart card/hsm.

The user agent cannot offer this protection with Global CA supplied
server certificates. There is nothing for the user agent to tie the
client accounts to: Not the server certificate, because that changes
every year because the CA wants (more) money. Not the CA-root because
that one is used to sign many site certificates, giving the same problem
again of selecting the correct client certificate amongst the many in my
And if the agent ties the client certificate to the domain name of the
site, it falls prey to phishers who can use a Diginotar attack. And
apparently NSA can do that in real time.

Perhaps I should give the local CA a different name.

Regards, Guido.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131009/0544e1b5/attachment.asc>

More information about the cryptography mailing list