From: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu
To: Vernon Schryver <vjs(_at_)CALCITE(_dot_)RHYOLITE(_dot_)COM>
cc: ietf-openproxy(_at_)IMC(_dot_)ORG, ietf(_at_)ietf(_dot_)org
...
I think you misread this - what Adam *meant* was that without a workable
low-cost PKI system, or other means of distributing certificates, the
person at the other end doesn't have a certificate to verify that an OPES-class
mechanism hasn't done something ELSE to the bits.
If I create a self-signed CA to protect my personal website on my
computer, how do you get the certificate so you can verify that an OPES
hasn't translated my text into an obscene poem in kanji? That's
the threat model here....
The counters to that threat model include the clunky one I've mentioned
several times. I would fetch your self-signed certificate from your web
or FTP site or you would mail it to me as a MIME attachment or on a CDROM
or floppy disk. If you've bought the expensive, $125-$900 commercial CA
story, I would not need any effort, but could use an existing list such
as is hidden somewhere inside Netscape and Internet Explorer.
Somewhere between one cert per SMTP peer and the commercial CA snake
oil, you and 10,000 of your closest friends could operate a cheap CA so
that I would need fetch only one cert to avoid Kanji translations for
all 10,000. If I were among your 10,000 friends, I'd need do nothing.
What's missing from Openssl 0.9.5a for such a non-commercial, modest CA?
Yes, there are problems with this model, including some similar to the
problems with the PGP web of trust. One of its special problems is that
end users for now would need to look at Received: lines for equivalents
of sendmail's "verify=OK/NO/FAIL/..." tokens.
Still, if 30% of traffic were thus protected by STARTTLS, would the data
muggers bother? Given 30% of HTTP and SMTP protected by TLS, wouldn't
OPES be safe to unleash on the Internet? With 30% of content encrypted
and authenticated, how would OPES be an interesting plug-in except when
invited?
And yes, lest we go around that mulberry bush yet again, STARTTLS does
not protect against an adversary who specifically targets you. STARTTLS
is good against the uninvited "we're from an ISP and we're here to help"
bulk manglers whose prospective paying customers are parties other than
the TCP ends, paying only a few $0.01 or $1.00 for ads to be inserted
into your messages or for your words to be checked for conformance with
government defined correctness. Defeating adversaries looking for
$1000's or $1,000,000's is something else.
Besides, what barriers are there to low cost, low security PKI solutions
including:
- netnewsgroups in which sites publish their certificates
- the web directories that now contain phone numbers and email addresses
- ad hoc, free or nearly free CAs
Note yet again that I did say *low* security PKI. Protection from
routine translation to Kanji, ad insertion, and political correctness
filters does not need the high security mechanisms that protect the
secrets of nation states, drug dealing pedophile terrorists, and online
book and porn retailers.
Insisting that low security protections are worthless because they
are not high security protections is crazy.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com