Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

Phillip Hallam-Baker <hallam@gmail.com> Thu, 02 January 2014 21:58 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 934861AD67C for <therightkey@ietfa.amsl.com>; Thu, 2 Jan 2014 13:58:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kt6pwJiUjijI for <therightkey@ietfa.amsl.com>; Thu, 2 Jan 2014 13:58:06 -0800 (PST)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id A35F51AD67A for <therightkey@ietf.org>; Thu, 2 Jan 2014 13:58:05 -0800 (PST)
Received: by mail-la0-f46.google.com with SMTP id eh20so7640429lab.19 for <therightkey@ietf.org>; Thu, 02 Jan 2014 13:57:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=DHHGirYfmt/hPvKA0MGnBzCDOsQ4xgbNJ9QcmK+saGo=; b=tK+m/nE49mnG34C3v78VkfHoHaUJEwDGCqs2jTbJwxeRudUhG1uGUlD8Uztd0iEQ77 9g7oIzX1WKJawI+5Pm75Nf5+tD6N8qhXNBl4NWGSFonudW5ESW9UTuI1g8yhEd8YjuhS GKiiMOp7RDAqQeKCNrPMSRA1i5scQ7XHyD5a8b5w1jDdlxc+USsierfU17xWCH+k+boo GaQZFQkVoTSi6OgXTFdZSQpkMTNVVk9HErkUe9alrcvO2helUCuH2F11JdhshWTtouaO /LVmR/Q4FHbLrGKO3J3vbsxN5lQKb2VBh+6ND3KstdukBDulZSx22rliY11Veq2nEd9i /T5g==
MIME-Version: 1.0
X-Received: by 10.112.138.70 with SMTP id qo6mr19140758lbb.34.1388699877820; Thu, 02 Jan 2014 13:57:57 -0800 (PST)
Received: by 10.112.37.172 with HTTP; Thu, 2 Jan 2014 13:57:57 -0800 (PST)
In-Reply-To: <DB4645B1-9247-42ED-83D2-5251538D5D96@mnt.se>
References: <22429D73-4EFC-4091-8F5B-BAD38968EA54@taoeffect.com> <CAMm+LwiMXdEnHqD0y_S-fP6081Tk=A=7-9LsJQhRuawmmmfdTg@mail.gmail.com> <FEFA307D-97E0-4C58-AB43-5B9AB8E8FC70@taoeffect.com> <CAMm+Lwjwww28tV_qvqQVH3xo1xqvjb6z++258+LOqgxWn-Oh9w@mail.gmail.com> <52B88104.9040607@appelbaum.net> <52C2D54F.8000209@comodo.com> <52C45CDC.5020608@appelbaum.net> <96EF8E55-5860-4534-B370-83395C3985D4@vpnc.org> <52C5B67D.4050301@appelbaum.net> <CAMm+LwjMGOTueS_hu+xPTtXkjfEXqUbPeGR=WYP+t48CJdn_3w@mail.gmail.com> <DB4645B1-9247-42ED-83D2-5251538D5D96@mnt.se>
Date: Thu, 2 Jan 2014 16:57:57 -0500
Message-ID: <CAMm+Lwh739peDF9MTh55KAvxwZ+eOfHNDArFphP_1gv_Q-1XtQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Leif Johansson <leifj@mnt.se>
Content-Type: multipart/alternative; boundary=089e0112c02ceacfc104ef03e25f
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, Jacob Appelbaum <jacob@appelbaum.net>
Subject: Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jan 2014 21:58:07 -0000

On Thu, Jan 2, 2014 at 4:00 PM, Leif Johansson <leifj@mnt.se> wrote:

>
>
> 2 jan 2014 kl. 21:25 skrev Phillip Hallam-Baker <hallam@gmail.com>om>:
>
> > Please don't overstate the results of
>> > the excellent research that you did; doing so diminishes the
>> > research.
>>
>> I'm not overstating anything. I think you don't understand what we
>> actually did if you think that later, patching things will somehow
>> magically stop previously successful attacks...
>>
>
> You are confusing people by using a valid attack against the algorithm to
> argue against the trust model. PKIX is designed on the assumption that the
> digest algorithm chosen is secure against a second preimage attack.
>
>
> The fundamental flaw in the pkix trust model is that there is no
> deployable mechanism for limiting the impact of such an attack.
>
> That realization should inform future design and that bit is certainly on
> topic ;-)
>

It is on topic but not limited to PKIX.

We have since learned that algorithm agility is not quite the security
benefit we once thought as the security of the system is determined by the
weakest algorithm you support, not the strongest one you implement.


Problem is that I can't see a way to really control this type of attack
without a very considerable cost in usability and I think it would
constrain other defenses.

Anyone using Windows XP in the Enterprise for any purpose other than
finding viruses is guilty of security malpractice at this point. It is an
obsolete OS that would have been at EOL if lazy sysadmins hadn't begged to
keep it.


My current solution in my email project is to attempt to require SHA512 for
all certificates. But I am not sure that is actually sustainable.

-- 
Website: http://hallambaker.com/