[conspire] CA signed certs, and not CA signed ... PGP/GPG cross-signed? ... Firefox CertificateWatch extension ...
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Sat Mar 12 08:49:54 PST 2016
Many excellent points :-) ... I'll comment upon a couple of 'em ...
> Date: Fri, 11 Mar 2016 07:16:41 -0800
> From: Rick Moen <rick at linuxmafia.com>
> To: conspire at linuxmafia.com
> _My_ signature can be deemed verifiable in a variety of ways
> out-of-band. People visiting can note down its hash while visiting my
> local LAN. People who talk to me can verify the hash with me
> personally, or on telephone (esp. if they know my voice). I can
> post a
> gpg-signature of the hash, thereby letting people vet it via PGP chain
> of trust. Lots of other ways, not coming immediately to mind.
Yes, I think PGP/GPG signing SSL/TLS certs (be the certs CA signed or
self-signed) is an *excellent* idea - and I actually see quite a number
of sites - notably those with self-signed SSL/TLS certs, that do that.
Perhaps what we need and ought come up with (if it's not already been
done by someone somewhere? ... RFC anyone?), is a good *standardized*
way for there to be PGP/GPG signing of SSL/TLS certs. Such that, e.g.
browsers, etc., could *also* display the information as to whether
or not a SSL/TLS cert is PGP/GPG signed - that would be at least
part of solving that problem. Would *also* need, though, some means
for, e.g. browser, to tie into PGP/GPG - notably to be able to give
some trust value by/from the user and/or their operating system,
regarding to what extent they do/don't trust the PGP/GPG signer(s)
(or whichever is most trusted among multiple signers), to give some
reasonable indication as to how trusted or not - by the user (or
whatever their criteria is - which may also include information
provided by the operating system) - is the PGP/GPG signer as
to doing signing attestations of SSL/TLS certs.
That *could* also, at least in part, be a bridge away from the present
CA/SSL/TLS cert mess, to something using better attestation than that of
the CAs. And in the interim, potentially both could be used (until CAs
are made entirely obsolete). Anyway, just my thoughts on that. :-)
> What do I suggest be done? For starters, it would be a good idea if
> more users take measures within their browsers to curtail the 'any
> cert
> that's signed by anyone is interchangeably good' assumption. One way to
> do that is with the Firefox CertificateWatch extension, which very
> simply notifies the user in real time of any cert attestation's change
> from what it was before. In that display, it shows what the old vs. new
> attestors were and are.
Yes, an excellent and very practical extension. :-) Unexpected
changes to a cert, especially if not reasonably well accounted for, may
often well indicate problems or Man-In-The-Middle attacks where there's
a CA problem or the like, and issues which browsers may otherwise
totally be oblivious to. But with catching and flagging such changes,
users are at least given a fighting chance.
More information about the conspire
mailing list