Comment by balabaster
11 years ago
How does a CA that's formed by a conglomerate of U.S. companies (under the jurisdiction of the NSA) make us any safer than we are currently? It doesn't. The chain of trust chains up all the way to a U.S. company, which can be coerced into giving up the certificate and compromising the security of the entire chain. I'm on the side of the EFF trying to encrypt the web, but this is not the solution.
truth be told, it doesn't make anyone safer. it's a big fat placebo, especially once the NSA realizes that this project is entirely under their jurisdiction.
Now, if there was a project in Iceland or Seychelles that was doing something similar, I would be much more apt to participate.
Security theatre for the win(?) Do these people [EFF] not realize that the people they're trying to win over are network nerds? These are people that actually understand this shit and the repercussions of it.
I can't profess to understanding all the details of encryption infrastructure, but I learned very quickly in kindergarten, you can't trust anyone you don't know. It doesn't matter who they are, who they know or what they know. Half the time, you can't even trust "cold hard facts", the facts are frequently misinterpreted, fabricated or eventually proven to be wrong - once it was a fact that the earth was flat, then we were the centre of the universe, now the universe as we know it is held together by a God particle. Science claims facts that invalidate there being a God... all facts are a matter of our fallable understanding of this scientific instrument we are building. Even people you do trust can be coerced into doing things that compromise your ability to trust them or their motives.
If you want to automate trust, then you're eventually going to have to realize that you can't. All you can do is mitigate the cost of being wrong.
Absolute power corrupts absolutely - the CA (or whoever controls that CA) has absolute power in this scenario. If you have the director's family hostage, everyone else's security just went down the pan.
Chain of trust is like putting all your eggs in one basket. You just don't do it. Web of trust is a marginal step up, but it's more of a pain in the ass and can also be overcome by a group with malicious intent.
Something like Certificate Transparency would counter that - where the browser can only accept certificates that have been made public record. So the owners will at least know when their domain has been attacked.
A site owner would normally know when their logs are no longer accumulating traffic that something was wrong. When their site still appears to be up and they get as far as analyzing router logs to realize that they're actually getting no traffic, even though the site appears to be functioning normally would be a huge red flag that something is very wrong. I would expect any operations team worth their salt to understand this inside of 15 minutes anyway.
Certificate Transparency may help to alert people, it's certainly a step in the right direction, but it doesn't fix the problem in my mind. I honestly don't think the problem can be fixed. All we can do is try and mitigate the risk of our trust being broken.