[Info-vax] [OT] Zero trust software, was: Re: Rethinking DECNET ?

Tue Sep 2 18:38:54 EDT 2014

On 2014-09-02 21:44:02 +0000, David Froble said:

> Bill Gunshannon wrote:
> 
>> Remember reading about how VeriSign gave keys to the NSA?  I remember 
>> asking people over 10 years ago why I, or anyone, should trust their 
>> certificates over self-signed ones.
> 
> We're using self generated certificates at our customer sites.  I don't 
> know why, since I don't get along very well with certificates.  Also 
> don't know why not.
> 
> What are the advantages, and disadvantages, of using purchased 
> certificates vs the ones you can generate yourself?

The salient advantage of a purchased certificate over a self-generated 
certificate chain is that you do not need a trusted path to load the 
root certificate into the client devices; the root certificates are 
pre-loaded by the folks that provided the operating system or the web 
browser or related tools.

This trusted path might be physical possession of the device when you 
manually load the certificate.  An untrusted path can be a remote 
network access or a certificate you've mailed out, where you're not 
really sure which server you're actually loading the root certificate 
from.  (Yes, you could digitally sign the mail and some receivers might 
verify the signature, but eventually there's a trusted certificate or 
physical access somewhere...)

Whether with a commercial certificate or with a private certificate or 
private root certificate authority and private signing chain, you don't 
want the end-user to load and trust a rogue certificate, or trusting a 
rogue root certificate.

If you've ever looked in the root certificate lists for various 
packages, there can be 500 or 600 different entities from all over the 
place, and your client will trust the certificates issued by any of 
them, as well as the certificates issued by their partners.

In terms of what is happening with a private certificate authority 
versus a commercial authority — and once that root certificate is 
loaded into the client, either by the vendor or by a trusted load by 
the local site — the provided security is the same.  Purchased and 
private certificates of the same key length provide the same security.

With a private certificate chain, you're the only source of matching 
certificates, and it's cryptographically exceedingly difficult to forge 
keys, and you don't have to pay for the certificates you need — well, 
you pay for them based on the overhead of generating the certificates 
and keeping the root certificate private key, well, private.

The folks maintaining a private chain do need to keep their signing key 
private, as do the commercial providers, and you don't want either 
bunch to generate untrusted certificates.  If a certificate provider is 
compromised for whatever reason, or if the root certificate private key 
of a self-signed certificate authority is compromised, then you end up 
reissuing certificates.  Possibly also dealing with certificate 
revocations, but these revocation checks tend to be problematic at best.

There are some interesting discussions around revocation, certificate 
pinning, and verifying that the certificate matches the server you've 
connected to — this irrespective of whether it's a commercial 
certificate or a certificate signed by a private self-signed 
certificate authority.

Note: OpenVMS does not have a list of root certificate authorities 
pre-installed.   Just the one HP certificate.  (The Mozilla web 
browsers for VMS do have certificate stores.)

Some VMS-related certificate-related reading: 
<http://labs.hoffmanlabs.com/node/1853>

-- 
Pure Personal Opinion | HoffmanLabs LLC