[Info-vax] [OT] Zero trust software, was: Re: Rethinking DECNET ?

Bill Gunshannon bill at server3.cs.scranton.edu
Wed Sep 3 08:38:49 EDT 2014 

In article <lu5gu3$uvg$1 at dont-email.me>,
	Stephen Hoffman <seaohveh at hoffmanlabs.invalid> writes:
> On 2014-09-02 21:44:02 +0000, David Froble said:
> 
>> Bill Gunshannon wrote:
>> 
>>> Remember reading about how VeriSign gave keys to the NSA?  I remember 
>>> asking people over 10 years ago why I, or anyone, should trust their 
>>> certificates over self-signed ones.
>> 
>> We're using self generated certificates at our customer sites.  I don't 
>> know why, since I don't get along very well with certificates.  Also 
>> don't know why not.
>> 
>> What are the advantages, and disadvantages, of using purchased 
>> certificates vs the ones you can generate yourself?
> 
> The salient advantage of a purchased certificate over a self-generated 
> certificate chain is that you do not need a trusted path to load the 
> root certificate into the client devices; the root certificates are 
> pre-loaded by the folks that provided the operating system or the web 
> browser or related tools.

And that is supposed to give me the confidence to trust them?

> 
> This trusted path might be physical possession of the device when you 
> manually load the certificate.  An untrusted path can be a remote 
> network access or a certificate you've mailed out, where you're not 
> really sure which server you're actually loading the root certificate 
> from.  (Yes, you could digitally sign the mail and some receivers might 
> verify the signature, but eventually there's a trusted certificate or 
> physical access somewhere...)

Trusted in what way? VeriSign gave the keys to a third-party.

> 
> Whether with a commercial certificate or with a private certificate or 
> private root certificate authority and private signing chain, you don't 
> want the end-user to load and trust a rogue certificate, or trusting a 
> rogue root certificate.

And what do you call a certificate that's keys have been provided freely
to a third-party?

> 
> If you've ever looked in the root certificate lists for various 
> packages, there can be 500 or 600 different entities from all over the 
> place, and your client will trust the certificates issued by any of 
> them, as well as the certificates issued by their partners.

And my point is:  Why on earth should I trust them?

> 
> In terms of what is happening with a private certificate authority 
> versus a commercial authority — and once that root certificate is 
> loaded into the client, either by the vendor or by a trusted load by 
> the local site — the provided security is the same.  Purchased and 
> private certificates of the same key length provide the same security.

My private certificates provide much more security because I can be
certain I haven't given them to any third parties.

> 
> With a private certificate chain, you're the only source of matching 
> certificates, 

Unless the certificate authority has given them to a third party.  And
worse still, done it without your knowledge while you were happily working
under the assumption that your communications are secure.

>               and it's cryptographically exceedingly difficult to forge 
> keys, and you don't have to pay for the certificates you need — well, 
> you pay for them based on the overhead of generating the certificates 
> and keeping the root certificate private key, well, private.

And you trust that they will, in fact, be kept private?  Reality does
not agree with you.

> 
> The folks maintaining a private chain do need to keep their signing key 
> private, as do the commercial providers, and you don't want either 
> bunch to generate untrusted certificates.  If a certificate provider is 
> compromised for whatever reason, or if the root certificate private key 
> of a self-signed certificate authority is compromised, then you end up 
> reissuing certificates.  Possibly also dealing with certificate 
> revocations, but these revocation checks tend to be problematic at best.

Unless the certificate was deliberately compromised and the authority
isn't going to re-issue it or even tell you that they compromised it
deliberately.

> 
> There are some interesting discussions around revocation, certificate 
> pinning, and verifying that the certificate matches the server you've 
> connected to — this irrespective of whether it's a commercial 
> certificate or a certificate signed by a private self-signed 
> certificate authority.
> 
> Note: OpenVMS does not have a list of root certificate authorities 
> pre-installed.   Just the one HP certificate.  (The Mozilla web 
> browsers for VMS do have certificate stores.)
> 
> Some VMS-related certificate-related reading: 
> <http://labs.hoffmanlabs.com/node/1853>

All of this come down to trust.  And my opinion has always been why would
anyone trust a third party over themselves?  Maybe it is time to re-publish
Ken Thompson's Turing Award reception talk.

bill

-- 
Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolves
billg999 at cs.scranton.edu |  and a sheep voting on what's for dinner.
University of Scranton   |
Scranton, Pennsylvania   |         #include <std.disclaimer.h>

More information about the Info-vax mailing list