[cryptography] Request - PKI/CA History Lesson

ianG iang at iang.org
Fri May 2 07:33:39 EDT 2014

On 2/05/2014 06:41 am, Jeffrey Goldberg wrote:
> On 2014-05-01, at 8:49 PM, ianG <iang at iang.org> wrote:
>> On 1/05/2014 02:54 am, Jeffrey Goldberg wrote:
>>> On 2014-04-30, at 6:36 AM, ianG <iang at iang.org> wrote:
>>> OK. So let me back peddle on “Ann trusts her browser to maintain a list of
>>> trustworthy CAs” and replace that with “Ann trusts her browser to do
>>> the right thing”.
>> Right, with that caveat about choice.
> I think that we are in fierce agreement. At first
> I didn’t understand the significance of your insistence
> on *choice*, but I see it now. More below.

I think the point of choice or competition comes down to feedback loops
for improvement.  There's no way to improve the situation, without a
feedback loop.  If we had used some system of continuous improvement
since 1994 then the model might have been ready for the shift into
phishing in 2003 and the threat ramp-up in 2011.  We didn't, and we weren't.

Dan also points at recourse which can be seen as a feedback loop.  We
need a way to punish those doing a bad job.  Now, this was impossible
with the CAs because the only punishment allowed was to drop the CA from
the root list, and this was too big to work effectively.  This was all
known in advance, we discussed it in Mozo forum, and we actually did get
some better ideas in place such as rules for dropping the CA, but still
not enough to make the feedback loop work (for which we can thank
CABForum, who isolated and destroyed the opportunities for feedback).

>>>> In this context, we would claim that users b-trust because they know
>>>> they can switch.  With browsers they cannot switch.
>>> Their choice is to transmit private information using their browsers.
>>> Their choice is to not participate in e-commerce.
>> Right, there is always in economics some form of substitute.  But
>> actually we've probably moved beyond that as a society.
>> I would say that e-commerce is utility grade now, so it isn't a
>> choice you can really call a choice in competition terms.
> I agree that the behavior in b-trust must be about “choice behavior”
> in that Ann behaves one way instead of another.
> But I don’t think that we should have some minimal threshold of choice
> before can call the behavior b-trust. As long as there is some
> non-zero amount of choice the behavior (in these cases) will exhibit
> a non-zero amount of trust.
> For me the sentence, “I had little choice but to trust X” is perfectly
> coherent.

Yes, that still works.  It is when it goes to "no choice" that it fails.
 For example, I have no choice but to use my browser for online banking.
 I'm too far from a branch, and their phone service is mostly about
telling me how to use the browser.

> Is it possible that you are letting your righteous anger at what
> browser vendors have done interfere with how you are defining “trust”?

Indeed, this is always possible.  If you ask anyone at the vendors, I'm
sure they'll dismiss it all as righteous anger, and why doesn't he just
write patches instead?

There is a curious parallel with web-PKI in the Wall Street / financial
crisis.  You have there a dominating cartel of huge players that
successfully changed the rules to suit themselves (dropping of
Glass-Steagall) purchasing of the regulators (revolving doors) and
riding the wave of an innovation (securitization) all the way to doom.

Now if you look at it in a structural sense, the debt overhang has
broken the strength of the banking system.  It's in deadly embrace;
banks won't let the regulators or the prosecutors or the public do
anything to clear out the debris, so here we sit, in the middle of a
Japan-style lost decade.

It's uncanny.  Practically every structural element is the same between
web-PKI and wall street.  And, lots of righteous anger too...


>>> All I’m asking is that we consider the people we are asking to
>>> “b-trust” the system. Can we build a system that is b-trustworthy
>>> for the mass of individuals who are not going to make c-trust
>>> judgements.
>> Right, this is the question, how do we do that?
>> That is what Certificate Transparency and Perspectives seek to do, as
>> well as other thoughts.  First they make the c-trust available by
>> setting up alternate groups and paths. Then the c-trusters develop their
>> followings of b-trusters.
> I agree with that last bit. In a sense, if people see that experts trust
> the system they will too. But how will this play out with Certificate
> Transparency for most users? What do they actually need to know and do
> to follow some c-trusters?

Most users will follow the c-trust shipped with their browsers.

>> There likely needs to be a group of c-trusters in the middle
>> that mediate the trust of the b-trusters.
> And how will that work without putting unrealistic expectations on
> the vast major of users. How do they pick which c-trusters to trust?

If the system is put in place to allow a variation to be set up, then I
suspect the vendors will encourage more or less "official" variants.

>>> I think that we have a higher chance of success if we use a language that
>>> can talk about agents who do not have a deep or accurate understanding of
>>> why a system is supposed to work. And so, I think that, with some refinement,
>>> my notion of b-trust is worthwhile.
>> Yes it could be.  It might not be applicable to web-PKI because the
>> vendors confuse X "do the right thing by users" with X' "maintain a good
>> CA list.”
> I’m confused.

Well, until there is some feedback loop to tell us whether "the right
thing" is met by "maintain a good CA list" then we cannot ever know.
It's all by appeal to authority or appeal to god.

Indeed by some arguments (Spence) in such a system sans feedback, it is
more or less doomed to be the wrong thing.

> (Perhaps by the vendors?)

:)  Yes.  This was an intentional part of the web-PKI model.  There are
lots of academic papers about how the legal work was indecipherable,
what few realised was that this was deliberate, to keep people from
looking at the legal work.

With a wink to Bill Frantz and his post of yesterday, the web-PKI was a
legal reconstruction of early-PKI to shift liability away from the CAs.
 It's very elegant, it's work of art if you like these sorts of things.
 Once it is understood, everything else falls into place.


More information about the cryptography mailing list