[jdev] manifesto & DANE does not cut it
Ralf Skyper Kaiser
skyper at thc.org
Fri Nov 15 09:30:51 UTC 2013
On Thu, Nov 14, 2013 at 6:11 PM, Matt Miller <linuxwolf at outer-planes.net>wrote:
> On Nov 14, 2013, at 10:43 AM, Ralf Skyper Kaiser <skyper at thc.org> wrote:
> > On Thu, Nov 14, 2013 at 4:49 PM, Matt Miller <linuxwolf at outer-planes.net>
> > On Nov 14, 2013, at 9:34 AM, Ralf Skyper Kaiser <skyper at thc.org> wrote:
> > >
> > > On Thu, Nov 14, 2013 at 4:24 PM, Dave Cridland <dave at cridland.net>
> > > On Thu, Nov 14, 2013 at 4:09 PM, Matt Miller <
> linuxwolf at outer-planes.net> wrote:
> > >
> > > On Nov 14, 2013, at 8:33 AM, Ralf Skyper Kaiser <skyper at thc.org>
> > (In fact it's not just the root key that the user/admin has to trust but
> all keys up to his subdomain).
> No, it's really just the root key everyone places trust in; each other key
> is signed by the next key up in the chain.
No. The user has to trust ALL keys and not just the single ROOT KEY. The
user has to trust:
1. The key was generated securely (enough bits, good primes, ...)
2. A good RNG was used (hi debian! Thanks for a bad RNG).
3. The key is not leaked (on purpose) by _any_ of the admins in the domain
4. The key is stored securely and not stolen
5 . ...This list is incomplete...and goes on and on.
Maybe this example gives a better idea:
User in Iran. Jabber admin sets up a jabber server at
The user has to trust ROOT (domain "."). ROOT is ultimately geopolitically
aligned with the US.
The user has to trust .IR. That's ultimately the Iranian government.
The user has to trust MY-UNIVERSITY.IR (which is ultimately aligned with
The user has to trust MYJABBERSERVER.my-university.ir which is the actual
jabber server admin.
That really sounds like a great idea! Unless of course
1. You are a gay person in Iran
2. An Atheist in Saudi Arabia (or a women)
3. Leonardo da Vinci and dare to suggest that the earth is round
4. A black person wishing to sit in the front row of a bus
DANE does not protect any of the above people.
DANE just does not cut it. Not in a Post-Prism world.
Certificate Pinning does.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the JDev