[Security] Rogue CAs

Jonathan Schleifer js-xmpp-security at webkeks.org
Wed Dec 31 09:06:24 CST 2008


"Eric Rescorla" <ekr at rtfm.com> wrote:

> > Yup, SSL is pretty much dead now.
> 
> Uh, no.

Well, 2 root certs have been compromised. Even one root cert is enough
to kill SSL. But it's not dead forever, we need to rethink whether it's
a good idea to give so many CAs our trust by default in all kind of
applications. IMO, what kills SSL here is the trust many apps give the
CAs, which they don't deserve.

> See my writeup here:
> http://www.educatedguesswork.org/2008/12/understanding_the_sotirov_et_a.html

I will read it later. I came just back from 25c3.

> Uh, there have been a grand total of two certificates that we know of
> being issued to the wrong people. That's hardly the end of the world.
> Yes, I totally agree that CA procedures could be significantly
> tighter, but I think "can't rely" is rather too strong.

Well, if you are in the same network with those who just presented an
attack on a root CA, you better not rely on SSL :).

> Additionally,the only part of SSL/TLS that this stuff implicates is
> a feature SSH doesn't even have, namely third party authentication.

Exactly. But for my server, I got the exact fingerprint. But I don't
have it for every server I use using SSL.

> If you want to run SSL/TLS in a mode where you know the peer's key
> already, it doesn't matter what the CAs do.

Sure, but it's easier to just tunnel everything via SSH into a trusted
network :).

-- 
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20081231/5a8db842/attachment.pgp 


More information about the Security mailing list