[Security] TLS-SRP Questions - trust vs confidentiality

Johansson Olle E oej at edvina.net
Fri Aug 22 01:43:32 CDT 2008


21 aug 2008 kl. 21.19 skrev Dirk Meyer:

> Jonathan Dickinson wrote:
>> And my hard-laboured formatting got messed up.
>
> :)
>
>> Initiator opens connection
>> Target gets connection and presents certificate
>> Initiator verifies certificate with IC -> Fail if invalid
>> Initiator presents certificate
>> Target verifies certificate -> Fail if invalid
>> Success
>>
>> The point is, from what I can tell, TLS supports all of that.
>
> Yes, but the question is how to verify a certificate from someone you
> do not know which is not signed by a CA. Or I'm I missing something in
> your argumentation?

Good point. As I see it, you have two different issues here:

1) Confidentiality
What Jonathan describes assures confidentiality. Both parties
prove that they have access to the private key that matches the
public key that is embedded in the certificate. At this point,
we can set up an encrypted session.

2) Trust
In the certificate, there's an identity - a Jid, maybe a name in
clear text and an organization. Do we trust that the person
that uses the private key that matches the public key in the
certificate really is what the certificate indicates?
For that, we need to go one step further and check the
signature of the certificate, then go challenge that to our
CA store, that we have checked before installing, and not
installed by default with the O/S or the browser. And of
course, we're aware of all difference in the policies,
so we have different levels of trust for different CAs.

The problem with web browsers was that this was never made
very clear with good UIs to the users, so the browsers ended up
acting on the users behalf and installing a large amount of
CA certs that the user was assumed to have approved.

What we have today in the web is basic confidentiality - encryption -  
because no users ever
click on the little icon of a lock, and tries to understand the  
certificate. I sell web certificates
and even the techies that contact me have no clue about this and wants  
to pay extra
for something they don't use themself - their company name in the SSL  
cert, assured
by an unknown US company (for the users of the certificate).

Mixing trust with encryption makes the discussion very hard. I think
we have to keep the option to connect to the existing CA/PKI structures
with X.509 and the TLS/SSL CAs for situations when trust is needed,
and let that business sort out the level 8 and 9 problems with that.
We'll just put a large SEP field around it and hope that they can
sort it out.

SEP field? Read Douglas Adams :-)
"Somebody Else's Problem"


/O


More information about the Security mailing list