lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 09 Sep 2011 11:34:36 -0400
From: Valdis.Kletnieks@...edu
To: JT S <whytehorse@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Western Union Certificate Error

On Fri, 09 Sep 2011 16:23:50 +0700, JT S said:

> revoke. For all I know, anyone who breaks into any CA which is trusted
> by my browser can issue and sign a cert for any domain and the browser
> will blindly accept it.

Yep. That's how it works...

> I personally would prefer that the browsers only trust keys that I
> have signed, have low trust for keys signed by keys I have signed, and
> no trust for the rest.

Paging Phil Zimmerman....

> I'd really like the ability to walk into western union or my bank or local
> google office and sign their key as well as the ability to revoke my signature
> without revoking my key.

A big chunk of the problem there is that although you might *like* that
ability, it really presupposes the existence of an office you can walk into.
I've never seen a local Google office, and at least around here, Western
Union offices are just a terminal at the customer service desk of supermarkets.

There's a second, more subtle problem - if you *did* find an office, what
exactly are you attesting by signing something?  If you talk to me at a key
signing party, I'll claim that key B4D3D7B0 is mine - and more importantly, I
can (at least in theory, if I have my laptop with me) *prove* I control it by
generating signatures with it.  However, if you walk into a Western Union
branch office, all the guy can claim is "Yeah, that fingerprint you have for
our key matches what was on the piece of paper they mailed us last year".
However, *the guy at the branch is no more able to verify that piece of paper
than you are*.  He can't prove control of the key by signing something with
the Western Union key (and if he *could*, that's even *more* scary).

Then there's the third problem - currently, I have *6* keys on my PGP keyring
that are specifically flagged as "do not trust" because I've found copies of my
key signed by them when I know for a fact I've never met the person and had
them verify my key.  Ming you, there's only about a dozen valid signatures on
my key.  In other words, my personal set of "personally verified as Doing It
Wrong" is half the size of "people who do it right".  And that's among people
that are smart enough to use PGP.

What is the meaning of any single given signature (including yours) on a key
when every Joe Sixpack who doesn't even really understand keysigning is going
around and signing keys?  What do you do if a key has 3 million signatures,
but 1M of them are probably bogus?  I won't discuss the question of how you
maintain a web-of-trust structure with 10M entries in it - the current PGP
strong set has only about 45K in it at the moment.



Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ