ietf
[Top] [All Lists]

RE: WG Review: Open Pluggable Edge Services (opes)

2001-06-21 04:50:02
Becoming your own CA: Some interesting discussion on it in Tim Berners-Lee's
recent book - "Weaving the Web" - I think a whole chapter on this subject -
most of it in line with the discussion on this thread in the past few days.

Real bottleneck is - how the hell does an arbitrary web service exchange
identity securely with an arbitrary client on the public web? When you
depend on this identity (call it certificate, or whatever) to actually
encrypt data.

Manoj Dhooria
Geometric Software, Bombay.

-----Original Message-----
From: Adam Shostack [mailto:adam(_at_)homeport(_dot_)org]
Sent: Wednesday, June 20, 2001 9:36 PM
To: Vernon Schryver
Cc: ietf-openproxy(_at_)IMC(_dot_)ORG; ietf(_at_)ietf(_dot_)org
Subject: Re: WG Review: Open Pluggable Edge Services (opes)


On Wed, Jun 20, 2001 at 08:12:49AM -0600, Vernon Schryver wrote:
| >                                                  Why should anyone be
| > required to pay such an outrageous tax simply to be able to protect
| > their home photo collection from being tampered with in transit to
| > a visitor's browser?
| >
| > Granted, we could all become our own CAs, but that scares end users
| > and reduces the trust model because we don't want to train users to
| > accept a new CA cert from every site they go to.
|
| No, on several counts:
|
|   1. The only reason that might scare end users is because of scary
|     words from browsers, and then only for HTTP.  Browsers are not
|     too-smart-by-half SMTP MUA's not SMTP servers.  There are no scary
|     CA pop-ups from your browser-broken-MUA if you use SMTP for mail
|     submission.
|
|   2. there are no pop-ups, scary or otherwise, when you and other
|     SMTP client and server operators exchange certs for sendmail's use.
|
|   2. becoming your own CA is easy, once someone tells you the magic
|     Openssl incantation.

Unfortunately, the become your own CA solution doesn't actually help
deal with the issue of man-in-the-middle attacks.  The threat under
discussion is that there is a proxy modifying content; we'd like to
prevent that.  If the server sends a key without reference to some
established authority, then the MITM may simply replace that key with
one of its own, or translate the http-over-SSL request into a
cleartext http request, or otherwise munge the session, because there
is no way for the browser to figure out if the self-signed key is the
one the server sent.

(I find it unfortunate because often, become your own CA is a good
idea, and this is one of the few cases where its not.)

Adam

--
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume




<Prev in Thread] Current Thread [Next in Thread>