Re: Questions about MD5+CA

[wishi <brouce () gmx net>]

Dave Aitel schrieb:
> Totally. This was a good opportunity for Mozilla or the IE team to be
> thought leaders in security, and neither stepped up. The right thing
> to do would have been to announce an update that disabled the root CA
> in 10 days. That gives everyone ten days to get a new certificate from
> somewhere else. Security is about hard choices. Currently, we're all
> about sticking our heads in the sand - which devalues SSL as a
> security protocol entirely.
>
> In my role as CTO at Immunity I try to do similar things: our newest
> researcher Skylar is learning about this the hard way when she calls
> up asking why her shiny new dell laptop does not yet support wireless. :>
>
> -dave
>  
> > I agree. If revoking a root CA cert is so inconvenient or
> > Internet-breaking that it can't be done even after an attack on the
> > root has been demonstrated in practice, then our trust in the PKI
> > system is perhaps misplaced.
>
> > If they don't revoke the root, the security of the PKI system from
> > now until 2020 (when the RapidSSL cert expires) will rely on the
> > assumption that our team did not make a second CA cert that nobody
> > knows about and that nobody else did either. We didn't, but how can
> > we possibly prove that? How can any CA that used MD5 prove beyond
> > doubt that they have not signed a colliding key in the past?

http://www.cs.cmu.edu/~perspectives/index.html
Just found that worth mentioning.

Anyhow this neither solves the problem, nor affects it directly:
Security is a business.

It's _just_ about money; in the end. Management doesn't care about
security, or an engineering perspective. Especially this case showed
that an academic paper from 2007 has been ignored until someone bought
200 playstations and built a cluster, implemented the theory, and made it.

RapidSSL had no Defense In Depth like "random" numbers, or credential
checks. But I guess they effectively - because of this - made a lot of
money. They kept the inventions very low. Obviously too low.

The PKI CA chain of trust weakened for profit interests. Other CAs have
better (more expensive) implementations - they invested in security. But
the weakest chain - that what it is all about.

Security is about choices. For sure. About the choice to maximize profit
 at all costs, or not. That brings me back to "Perspectives" - the
firefox add on. I personally don't trust CAs, or huge PKIs. Latter
always get weaker, the larger they grow. And CAs are an economy of
strangely named companies that no one transparently monitors.

It's interesting: in theory PKIs work very well, as long as there's no
money. ;)

wishi
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave