Re: [TLS] [certid] fyi: paper on compelled, certificate creation attack and applicable appliance

Marsh Ray <> Thu, 25 March 2010 17:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 42F5D3A6B6F for <>; Thu, 25 Mar 2010 10:42:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.131
X-Spam-Level: *
X-Spam-Status: No, score=1.131 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LPQxIhgsDqiM for <>; Thu, 25 Mar 2010 10:42:52 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 20F0C3A6B31 for <>; Thu, 25 Mar 2010 10:40:29 -0700 (PDT)
Received: from ([]) by with esmtpa (Exim 4.68) (envelope-from <>) id 1Nur34-000NHI-Qv; Thu, 25 Mar 2010 17:40:50 +0000
Received: from [] (localhost []) by (Postfix) with ESMTP id 433C76048; Thu, 25 Mar 2010 17:40:48 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Report-Abuse-To: (see for abuse reporting information)
X-MHO-User: U2FsdGVkX1/9xDakdjOVB30zTajTGy+gMAkLAj1ck/Y=
Message-ID: <>
Date: Thu, 25 Mar 2010 12:40:46 -0500
From: Marsh Ray <>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: Gecko/20100216 Thunderbird/3.0.2
MIME-Version: 1.0
To: ArkanoiD <>
References: <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.0.1
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc:, =JeffH <>
Subject: Re: [TLS] [certid] fyi: paper on compelled, certificate creation attack and applicable appliance
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 Mar 2010 17:42:53 -0000

On 3/24/2010 11:14 PM, ArkanoiD wrote:
> Well, that's quite obvious that PKI in the "big internet" as we know
> it is just a card house

True, but there are lots of card houses in compsec in the sense that
flipping just one bit the right way results in a complete compromise.

Predicting whether or not that single bit logic will prove to be robust
or fragile in actual deployed systems is an art form that designers are
still learning. This is as much a social-political-economic-human issue
as a technical one.

I don't see what the big worry is about a CA being "compromised" by some
government. It looks to me like many of the trusted roots installed by
typical software are pseudo-governmental entities (e.g., post offices)
in the first place.
> Below is a list of trusted root certificates which are pre-installed
> with the iPhone 3.0 software.
> Subject Name
>      Country Name                 : US
>      Organization Name            : U.S. Government

There's nothing subversive about that, it's totally out in the open.

> if *ANY* CA we trust get compromised or mailicious, it is all
> flawed.

>From the perspective of the https server, that understates it a bit.

Because the https server cannot independently prove the absence of a
mitm, he must rely on the client to do a good job of this.

Thus, the web server ends up transitively trusting _every_ trusted root
cert in _every_ client which connects.

Remember the README for PGP?

  Trusting a key is not the same as trusting the key's owner. Trust is
  not necessarily transferable; I have a friend who I trust not to lie.
  He's a gullible person who trusts the President not to lie. That
  doesn't mean I trust the President not to lie. This is just common
  sense. If I trust Alice's signature on a key, and Alice trusts
  Charlie's signature on a key, that does not imply that I have to
  trust Charlie's signature on a key.
     -- Philip Zimmerman

Transitive trust in this case has brought about the near-complete failure
of the original mission of PKI in ssl (allowing you to shop online).

The only reason that the world isn't up-in-arms about it is that 59% of
PCs are pwned by malware already, making the slightly more complicated
mitm attack unnecessary.

However, there are important uses of SSL/TLS other than end user web
browsers. These are probably better off with just the minimal number of
trusted roots on the clients. But if you're going to the trouble of
reconfiguring your clients anyway, why not just set up your own private CA?

IMHO, the $B+ certificate industry needs to work harder at improving
their actual effective security value than it currently does if they
want the world to continue fund their existence.

> There is nothing we can do besides examining chain of trust manually
> and watching for certificate changes.

We could implement our protocols such that the remote peer is required
to satisfy multiple chains of trust.

When a chain is only as strong as its weakest link, it's best to have
several of them (in a redundant configuration).

> The TOFU technology described
> there is quite obvious, i always wondered why ssh has it and browsers
> do not.

In theory, SSH's approach is inferior to SSL's PKI. In practice it's not
inferior only to the extent that the user is good at scrutinizing the
new keys he gets presented.

If you want that behavior in a web browser, just delete all your trusted
root certs and add a persistent explicit trust whenever you see a cert
the first time. (I have tried this in Firefox)

- Marsh