On Sun, Nov 17, 2013 at 07:05:04PM -0500, Phillip Hallam-Baker wrote:
That being said, the problem for PKI is that, assuming active
MITM attacks both on ISP chains and CA chains, it offer no
better security than DH,
As DH involves end systems only, there is no point of deploying
PKI with no additional benefits.
If we assume that the attack model is flying horses armed with lasers there
is no additional benefit.
The point is not what the consequences of the assumptions are, the question
is how likely the assumptions are. If you leave that out of the equation
then the result is nonsense.
Actually, the attack was called "FLYING PIG" --- that was the GHCQ
code name, per the Snowden leaks[1]. Some have speculated that
Diginotar was so badly penetrated that it wasn't just the Iranians
which penetrated it, but the NSA/GHCQ as well.
One of the reasons why the bogus Diginotar certificates were detected
was because Google Chrome had a feature called "certificate pinning"
--- which is not a feature normally associated with PKI's. It's
unfortunately not all that scalable, since it involved hard-coding
certificates, or their hashes, in the browser binary. The challenge
is coming up with a solution that *is* more scalable, and less
dependent on trusting that CA's are competently run.
- Ted
[1] http://www.techdirt.com/articles/20130910/10470024468/