Relevance of PGP?
Mark Woodward
markw-FJ05HQ0HCKaWd6l5hS35sQ at public.gmane.org
Fri Jun 10 13:05:42 EDT 2011
On 06/10/2011 12:44 PM, Tom Metro wrote:
>
> Mark Woodward wrote:
>> I find that the notion of "trust" is completely broken with secure
>> communications. We've already seen that supposedly trusted certs gave
>> keys to china and the US government so that browsers would accept bogus
>> keys.
> Agreed. My trust in certificate authorities has been greatly diminished.
> Both due to reports of fraudulent certificates issued by legitimate CAs
> (or their subsidiaries), and due to the way our browsers (and email
> clients) are packed with hundreds of root certificates from shady CAs
> (some controlled by questionable foreign governments).
>
> The certificate issuing industry has substantial financial incentive to
> provide cheap certificates, and little incentive (in the short term) to
> do the necessary work to validate the authenticity of the applicant.
When you think about it, it is not about trust. It is about security. A
over a hundred years ago, a sovereign would use a wax seal to ensure
that documents we delivered unaltered.
That worked because the sovereign had his own seal. Today, we don't have
our own seals (we trust corporations, not a good idea). What we need is
a mechanism to distribute and verify public keys. We need a digital way
of sending keys under separate cover. Like banks send pin numbers.
Because, seriously, that's what it is.
>> The only way to "trust" a key, IMHO is to have each entity that
>> wishes to have private communication with you create their own cert
>> and send you, via an alternate "safer" transport, the public key.
>> Only that way can you be sure.
> It seems like cert fingerprints ought to be distributed via DNS(SEC),
> but even then, unless you've cached that, it could still be subject to
> man-in-the-middle exploits.
>
> I use the Certificate Patrol extension in Firefox to cache certificate
> fingerprints for the SSL sites I use regularly, so I can quickly spot
> when a cert changes unexpectedly.
>
> https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/
>
DNS is too easily hijacked. You need two things: (1) a VERY public key
linked to your email address so that you can be sure that the mail you
receive came from the person who's name is on it. That service has to be
free and distributed. It could very well be a format where we send the
public key with the mail, and cache the public key on your system. That
way if the key is new or changes, you can decide if we wish to accept or
reject the mail. (2) We need a very very secret methodology to send
public keys under separate cover in order to keep anyone from
intercepting our communications or data. None of this is particularly
difficult, it is just that our corporate overlords will make it
difficult for us to exercise our freedom.
> -Tom
>
More information about the Discuss
mailing list