On Nov 18, 2013, at 2:49 AM, Theodore Ts'o <tytso(_at_)mit(_dot_)edu> wrote:
One of the reasons why the bogus Diginotar certificates were detected
was because Google Chrome had a feature called "certificate pinning"
--- which is not a feature normally associated with PKI's. It's
unfortunately not all that scalable, since it involved hard-coding
certificates, or their hashes, in the browser binary. The challenge
is coming up with a solution that *is* more scalable, and less
dependent on trusting that CA's are competently run.
Pinning every HTTPS certificate on the planet is not scalable. What you *can*
do is have each site pin their site. That's the point of HPKP ([1]).
For this to work, you need to at some point be without the MITM. I guess that
wouldn't help you much where MITM are pervasive, like Iran or Syria, but it
would work where attacks are the exception.
Another option in DANE. That has its own DNSSEC trust chain, and I don't know
whether it's more or less vulnerable to interference when compared to the web
PKI.
Yoav
[1] http://tools.ietf.org/html/draft-ietf-websec-key-pinning