Re: [TLS] TLS, PKI, and web security. Was: Eleven out of every ten SSL certs aren't valid

[Kyle Hamilton <aerowolf@gmail.com>]

On Sat, Jul 3, 2010 at 12:09 AM, Peter Gutmann
<pgut001@cs.auckland.ac.nz> wrote:
> Uh... I thought it was to protect Joe Sixpack from having his credit card
> stolen?  Professional sysadmins are the last person you want to worry about
> optimising for, any sysadmin worth his salt will be able to secure their data
> given no more than chewing gumm and rubber bands.  It's the 1.7-billion or so
> global population of users who aren't professional sysadmins that I'm
> interested in helping, not a handful of sysadmins somewhere.

At least in the United States, VISA and MasterCard are still (and have
been for the past 8 years or so) offering $0 liability, so there's not
even a real reason to do this anymore.  (As well, there are banks that
generate one-time-use credit card numbers, that will never authorize
another transaction.)

So, really, why are we doing this again?  I mean, a whole bunch of
arguing of the politics of the situation for what is, essentially,
simply about the end-user's *convenience?*

I think we need to remember something here:  We have been arguing
about what is going to be protected for over a decade.  I think we're
looking too small, and I think that the PKIX is also looking too
small.  We're about to be assaulted and blindsided by a new set of
software working with a new set of probably-proprietary protocols, in
response to President Obama's call for technology reform in the
so-called "Identity Ecology".

>>* Users must be informed of the essential role they have in the security
>>architecture. They need to know a bit more of the mechanics of PKI in order
>>to bring to bear the common sense that people are actually pretty good at.
>
> Umm... I better not reply to a statement like this, because the response would
> be... inflammatory.

What, that users have to be responsible for themselves and their
transactions, and thus they have to learn what tools they have
available?  They *do* play an essential role, in fact *the* most
essential role.  Without them, we have no reason to do the work we do.
 But they are, as they will always be, legally culpable for their own
actions, and so it does make sense that they understand the
consequences.

What we don't need to do is drag people through PKI 101.  I believe
it's entirely possible to implement and explain a system like this
without necessarily exposing the users to what's going on underneath.

>>* TLS client certificate auth can allow the server to disprove the MitM. Web
>>clients and servers should implement first-rate support for this
>>configuration and provide integrated tools for users and admins to manage
>>them.
>
> Steffen, you've won your prize :-).
>
> Peter.

Instead of saying something like that, how about we actually
*implement* something like that?  I found a way to do it, but it
breaks traditional X.509 path validation rules on the certificate
itself, instead applying them to X.509 attribute and/or identity
certificates contained within the certificate structure that relate to
the same key.

But, I am stuck asking... what would "first-rate support" look like?

-Kyle H