The entire PKI architecture was designed to solve the
man-in-the-middle problem: how do I know you are who you say you are, and
aren't someone else pretending to be you.
To do this we created certificates, which are signed public keys. The theory is that we trust the certificate
authority that signed the key, and believe that the registration authority have
validated the identity of the subscriber who asked for the key to be signed.
But nearly everything about the theory is provably wrong.
We know that certificate authorities get to be that by
paying a tax to browser manufacturers.
They are trusted because of a commercial agreement that is an
externality to the users of the system.
We know for sure that we can't trust the certificate authority. The breaches of Comodo and Diginotar allowed certificates to be minted by a CA that were false. We know that intelligence agencies around the world can buy wildcard root certificates from CAs that will allow national governments to intercept all traffic.
We know that registration authorities do as little as
possible to validate the subscribers, usually requiring no more than an e-mail
from the domain in question, or merely trusting WHOIS records.
So what are the alternatives?
Definitely not certificate pinning. This is not scalable, and doesn't address the
underlying problems with the architecture.
It's a band-aid on a gaping wound.
Convergence looks interesting, but I suspect that if
implemented as suggested it would suffer from all the same problems. We now have to trust notaries, rather than
certificate authorities, and it ends up looking like the web of trust model
from PGP, and that failed dismally.
I propose that the answer is self-signed
certificates. I know that I trust
me. I control everything about the
issuing and revocation of my certificates.
And so does every subscriber.
While it is possible to for anyone to mint a certificate that looks like
me, they would have to mint certificates for everyone to undertake the current
man-in-the-middle attack strategy. We
don't make it less secure for the defenders, but we make it exponentially more
difficult and costly for the attackers, and that makes all us more secure.
Sometimes the old ways really are the best.
Phil Kernick Chief Technology Officer
@philkernick www.cqr.com
Phil Kernick Chief Technology Officer
@philkernick www.cqr.com