Re: [Sidrops] what to do when the CRL is hosed?

[Job Snijders <job@ntt.net>]

Kent,

On Tue, Mar 24, 2020, at 16:51, Stephen Kent wrote:
> Use of TLS, absent a CA compromise, protects against MITM attacks.

In a perfect world things are perfect? :-)

> The CA compromise you cited (DigiNotar) was serious because of the Web 
> PKI model, in which any trust anchor can issue a cert for any EE. Today, 
> with the use of cert pinning and cert transparency logs, the likelihood 
> of such attacks has very dramatically decreased in the Web PKI environment.

Yeah - I've seen tremendous improvements to Web PKI in the last few years. But still, CT logs are a reactive measure. In some countries operating systems may come with a compromised CA. A recent example: https://www.zdnet.com/article/kazakhstan-government-is-now-intercepting-all-https-traffic/

> Can you provide an example of one of the "crazier things" (relevant to 
> TLS and the Web PKI) hat have happened in the wild, and which are 
> applicable here?

I think there is no shortage of examples where the safety that should've been provided by TLS, was compromised because of a software defects or a misunderstanding in an implementation. This recently hit the news too: https://www.zdnet.com/article/lets-encrypt-to-revoke-3-million-certificates-on-march-4-due-to-bug/

I don't think this thread is not about whether TLS is perfect or not. I think most of us agree it is great we have an improved replacement for rsync in the pipeline. However, RPKI (as I understand it) was designed around being "self-contained" and the promise sort of seemed to be that regardless of the security (or insecurity) of the retrieval mechanism, a RPKI repository can and must be verified.

For the purpose discussion in SIDROPs, I think it is fair (and a necessity) to assume that MITMs are possible regardless of the repository retrieval mechanism in use.

Kind regards,

Job