[clug] the new SSL :-)
Michael Cohen
scudette at gmail.com
Fri Mar 26 08:16:26 MDT 2010
On Fri, Mar 26, 2010 at 11:34 PM, Daniel Pittman <daniel at rimspace.net> wrote:
> ...at which point you are trusting the DNS root, which is often run by the
> government, and is certainly run at the fiat of the government. That puts
> them in a ... poor negotiating position to resist pressure to cooperate...
When encryption really matters you need to use your own CA which you
protect yourself. For example the openvpn manual recommends using your
own CA for your VPN deployments - not just to save money - but to have
better security of your certificates and keys. In the VPN space its
easy to ensure all your clients have the correct root CA installed. A
CA under your control is always more secure than a public company (at
least if your own key is compromised you can only blame yourself).
Presumably for more secure SSL applications you would use both client
and server side certificates (signed by your own CA) and distribute
your root CA key to the clients. This sometimes appears unprofessional
, as if you are trying to save money by self signing your own certs,
though it really is actually more secure.
Key management in general is a real problem and always will be. You
have to trust someone in the end - if its not the root CA its the
browser software, the OS software, the hardware etc. Much of SSL is
about security theater - its designed to make people comfortable about
e-commerce. Not unlike the recent "chip" in the credit cards is
designed to make people feel more secure but in reality is fairly
useless as described here:
http://www.cl.cam.ac.uk/research/security/projects/banking/nopin/oakland10chipbroken.pdf
(A criticism of the above paper is that although its pretty clever,
since most vendor POS devices are not trusted anyway the whole
security model is flawed - so their discovery doesnt add all that
much.)
Michael.
More information about the linux
mailing list