IETF Logo Mail Archive

Re: [saag] Channel binding is great but not a silver bullet

"Hallam-Baker, Phillip" <pbaker@verisign.com> Thu, 26 February 2009 21:03 UTC

Return-Path: <pbaker@verisign.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 23E523A696B for <saag@core3.amsl.com>; Thu, 26 Feb 2009 13:03:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.415
X-Spam-Level:
X-Spam-Status: No, score=-5.415 tagged_above=-999 required=5 tests=[AWL=-0.213, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NfOIXgVnx73b for <saag@core3.amsl.com>; Thu, 26 Feb 2009 13:03:49 -0800 (PST)
Received: from robin.verisign.com (robin.verisign.com [65.205.251.75]) by core3.amsl.com (Postfix) with ESMTP id 0B1C928C30C for <saag@ietf.org>; Thu, 26 Feb 2009 13:03:11 -0800 (PST)
Received: from MOU1WNEXCN02.vcorp.ad.vrsn.com (mailer2.verisign.com [65.205.251.35]) by robin.verisign.com (8.12.11/8.13.4) with ESMTP id n1QL3WT4002052; Thu, 26 Feb 2009 13:03:32 -0800
Received: from MOU1WNEXMB09.vcorp.ad.vrsn.com ([10.25.15.197]) by MOU1WNEXCN02.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 26 Feb 2009 13:03:31 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C99855.ADBD5BCE"
Date: Thu, 26 Feb 2009 13:03:31 -0800
Message-ID: <2788466ED3E31C418E9ACC5C3166155768B2DA@mou1wnexmb09.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] Channel binding is great but not a silver bullet
Thread-Index: AcmYT6c/js0Io7T/TLW8ADuvnFl8OwABFFik
References: <2788466ED3E31C418E9ACC5C3166155768B2CB@mou1wnexmb09.vcorp.ad.vrsn.com><0c2301c9979f$8a1cd770$0600a8c0@china.huawei.com><2788466ED3E31C418E9ACC5C3166155768B2CE@mou1wnexmb09.vcorp.ad.vrsn.com><20090226143809.GF7227@mit.edu> <1235663917.3293.16.camel@localhost><20090226165448.GK9992@Sun.COM> <tslprh5rlvt.fsf_-_@mit.edu>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: Sam Hartman <hartmans-ietf@mit.edu>, Nicolas Williams <Nicolas.Williams@sun.com>
X-OriginalArrivalTime: 26 Feb 2009 21:03:31.0928 (UTC) FILETIME=[AE376D80:01C99855]
Cc: der Mouse <mouse@Rodents-Montreal.ORG>, saag@ietf.org
Subject: Re: [saag] Channel binding is great but not a silver bullet
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2009 21:03:50 -0000

Without wanting to go too far down this route. 
 
Yes the approach has merit and one can even imagine a situation in the distant future where this type of approach transforms the role of CAs rendering certain types of low assurance product obsolete. But what you cannot get from that approach alone is a demonstration of accountability which is the cornerstone of the Extended Validation design.
 
And even if we start right now, such a scheme requires deployment of a whole new infrastructure and a whole new set of applications to run on top of it.
 
While I certainly hope that it takes the cryptographers as long to turn the SHA1 querry into a full break as it took them to convert the MD5 compromise into a fuill break I do not want to depend on that. And I certainly think that we, the crypto-security community are going to be nervous about the security of SHA1 long before the rest of the industry is.
 
 
And even if such an infrastructure was deployed, the CAs wil still be in business selling DV validated certs because there will still be a large number of businesses that make support for legacy browsers a much higher priority than not supporting crypto algorithms that make us nervous. 

________________________________

From: saag-bounces@ietf.org on behalf of Sam Hartman
Sent: Thu 2/26/2009 3:20 PM
To: Nicolas Williams
Cc: der Mouse; saag@ietf.org
Subject: [saag] Channel binding is great but not a silver bullet



Nico, while I'm in favor of channel binding and believe your approach
has a lot of value, please be careful to apply it only where applicable.

Phil is talking about the web browser PKI.  Channel binding to
existing authentication solves some problems in that space, but
definitely not all.  For example it is not useful for securing
enrollment or certain classes of URI-only handoff.

So, I think the web will continue to need a PKI.:-)

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email