Dailydave mailing list archives
Re: Questions about MD5+CA
From: wishi <brouce () gmx net>
Date: Sat, 03 Jan 2009 02:47:40 +0100
Dave Aitel schrieb:
Totally. This was a good opportunity for Mozilla or the IE team to be thought leaders in security, and neither stepped up. The right thing to do would have been to announce an update that disabled the root CA in 10 days. That gives everyone ten days to get a new certificate from somewhere else. Security is about hard choices. Currently, we're all about sticking our heads in the sand - which devalues SSL as a security protocol entirely. In my role as CTO at Immunity I try to do similar things: our newest researcher Skylar is learning about this the hard way when she calls up asking why her shiny new dell laptop does not yet support wireless. :> -daveI agree. If revoking a root CA cert is so inconvenient or Internet-breaking that it can't be done even after an attack on the root has been demonstrated in practice, then our trust in the PKI system is perhaps misplaced.If they don't revoke the root, the security of the PKI system from now until 2020 (when the RapidSSL cert expires) will rely on the assumption that our team did not make a second CA cert that nobody knows about and that nobody else did either. We didn't, but how can we possibly prove that? How can any CA that used MD5 prove beyond doubt that they have not signed a colliding key in the past?
http://www.cs.cmu.edu/~perspectives/index.html Just found that worth mentioning. Anyhow this neither solves the problem, nor affects it directly: Security is a business. It's _just_ about money; in the end. Management doesn't care about security, or an engineering perspective. Especially this case showed that an academic paper from 2007 has been ignored until someone bought 200 playstations and built a cluster, implemented the theory, and made it. RapidSSL had no Defense In Depth like "random" numbers, or credential checks. But I guess they effectively - because of this - made a lot of money. They kept the inventions very low. Obviously too low. The PKI CA chain of trust weakened for profit interests. Other CAs have better (more expensive) implementations - they invested in security. But the weakest chain - that what it is all about. Security is about choices. For sure. About the choice to maximize profit at all costs, or not. That brings me back to "Perspectives" - the firefox add on. I personally don't trust CAs, or huge PKIs. Latter always get weaker, the larger they grow. And CAs are an economy of strangely named companies that no one transparently monitors. It's interesting: in theory PKIs work very well, as long as there's no money. ;) wishi _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Questions about MD5+CA Alexander Sotirov (Jan 01)
- Re: Questions about MD5+CA Dave Aitel (Jan 02)
- Re: Questions about MD5+CA wishi (Jan 02)
- Re: Questions about MD5+CA Jon Oberheide (Jan 03)
- Re: Questions about MD5+CA wishi (Jan 02)
- Re: Questions about MD5+CA Dave Aitel (Jan 02)