[cryptography] what has the NSA broken?

ianG iang at iang.org
Fri Sep 6 05:33:46 EDT 2013

On 6/09/13 08:12 AM, James A. Donald wrote:
> Most private keys are issued by, not merely certified by, the CAs.
> If issued by, not private.  Chances are the controlling authority also
> gets a copy of that private key.

Hmmm, curious.  I haven't seen that.  I would also suspect it breaks a 
lot of CPSs and user agreements.  But no matter, they're all broken anyway.

> To install your keys on your https server is painful, despite numerous
> people assuring me it is easy, and involves transporting the secret key
> hither and yon, even when done correctly.
> And it is never correct to transport secret keys hither and yon.
> It would be far easier if installation of an http server /automatically
> generated the private key on the server that the private key was to
> secure/, so as to minimize private key transport, automatically creating
> a self signed certificate, and then you could send off the self signed
> certificate to be made into a CA signed certificate while continuing to
> use the same private key, so that when you set up a server, you never
> have to be aware of the existence of such a thing as a private key,
> merely a certificate.

Indeed.  But.  The PKI internet-industrial-complex (which is what it is) 
is so convinced that the self-signed cert is the work of the devil that 
no such conversation can ever be had.  It is entirely pointless to have 
that conversation with any producer of software for PKI, even if Snowden 
himself were to reveal that their beliefs are the NSA's biggest secret.

> Also, of course, browsers should not put up horrible scary warnings
> about self signed keys, treating them instead as at worst no worse than
> http, and, at best, taking advantage of key continuity.
> It seems to me that the current complicated user hostile system for
> getting servers certified is designed to create and maintain a massive
> security hole, that it would be a lot easier to do things the right way,
> while now we are doing things the wrong way.
>  From the point of view of the person configuring a server, the public
> key should just be a guid that the server randomly generates to uniquely
> identify itself, the CA certifies the association of this guid with an
> organization and/or domain name, and as for the private key, no one
> should know about that, therefore, no one should ever have to care about
> that or think about that.

Yep.  You can even show it as beneficial to the CAs as they can more 
easily up-sell a cert.  But no chance, it would be easier for them to 
slice off limbs than admit to self-signed certs having a role to play.


More information about the cryptography mailing list