LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Web of trust and fingerprints in print

Web of trust and fingerprints in print

Posted Mar 25, 2010 14:43 UTC (Thu) by edmundo (guest, #616)
Parent article: Blaze: The Spy in the Middle

Is the solution to stop using CAs and use a web of trust, like PGP/GPG, instead?

And in the case of banks and other large organisations, shouldn't there be an easy way for them to publish a fingerprint of their genuine key, which they could mention in the small print in every brochure they print, and for me to compare that fingerprint with what my browser thinks it is?

(Log in to post comments)

Web of trust and fingerprints in print

Posted Mar 26, 2010 1:03 UTC (Fri) by PaulWay (✭ supporter ✭, #45600) [Link]

In a word, no. The web of trust is much easier to subvert - partly because you then have a non-uniform level of verification (see Martin Krafft) and partly because the number of checks you need to perform slows things down.

But what you're probably thinking of is just having multiple CAs able to sign a single SSL certificate. I think this would probably give a lot better assurance in the short term.

One thing that might be interesting would be an academic survey of which CAs are signing which SSL certificates. See if there are patterns that might indicate a level of trust or distrust that isn't publicly stated.

Have fun,

Paul

Web of trust and fingerprints in print

Posted Mar 26, 2010 12:52 UTC (Fri) by __alex (subscriber, #38036) [Link]

There is also a non-uniform level of verification among CAs right now. A GPG style WOT is perfectly
acceptable *if* you constrain your trusted signers list to only signers you trust to offer a high level
of verification (e.g. what CAs are meant to do.)

I agree that a multiple signers approach *combined* with audited high levels of verification that CAs theoretically provide is a strong approach. I don't think it's only useful as a short-term fix though.
Why don't you think it's a long term approach?

Web of trust and fingerprints in print

Posted Mar 28, 2010 17:29 UTC (Sun) by PO8 (guest, #41661) [Link]

Web of trust is the right solution, if you do it right. It models the situation with paper credentialing rather nicely, and society seems to function pretty well on that system.

The key is that each side needs to be able to easily specify an automatically-checkable trust policy that meets its needs. There is no one "right criterion" for deciding whether to trust a counterpart---different situations and different counterparties demand different levels of trust verification. If the web of trust is treated as a credentialing mechanism, and a trust policy is used to check for the right credentials, then this to my mind is a far better solution than any centrally-run identity-based one.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds