LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

On keys, trust, and webs

On keys, trust, and webs

Posted Oct 10, 2011 1:13 UTC (Mon) by ras (subscriber, #33059)
In reply to: On keys, trust, and webs by neilbrown
Parent article: On keys, trust, and webs

I stopped going to key signing parties years ago after coming to the same conclusion. We have two examples of PKI: X509 and the web of trust. Both are deeply flawed. The Web of Trust adds no security whatsoever, but seems to be harmless in that it doesn't undermine the security of the systems it is bolted onto. X509 in contrast does give us something we didn't have before - when it works it prevents man in the middle attacks. But it is brittle. A single weak link can and has broken the entire thing. And when it breaks, it compromises the security of every system on the planet using it.

Unfortunately we seem to be trapped by commercial incentives. X509 is brittle because CA's make money from selling trust. It is in their interest to keep you dependent on them. We would all be better off if we just used their cert to download a self-signed cert from the vendor, giving ourselves forward secrecy. If that had been in place before the Iran thing Google would have downloaded their own certs to most browsers, so the hacked cert would have only effected new connections. As it is, they got all of connections.

I think you are right is saying when it comes to establishing trust, creating an audit trail of signed postings is the best way to go. A couple of years worth of signed postings to LKML or debian devel creates a history far more reliable than someone on the other side of the planet claiming they had sighted drivers licence. It is also easily transferred to other projects.

Sadly that is undermined by Google and other email merchants who don't provide a way to send signed messages with their software. The cynic in me says Google would far prefer you to depend on their login and password management, their server security, and their "True Names" policy for establishing trust. It's far better from Google's perspective if we all put our faith in "I saw it in Linus's g+ posting" rather than "I saw it in a message signed by Linus".

We probably have only ourselves to blame. The current PKI are not only broken, they are unbelievably difficult to use. Who here has managed to produce a self signed cert with openssl, or has truly mastered gpg options? The mere thought of gpg's 76 line output for gpg --help makes me shudder. In the light of that mess it is not surprising commercial solutions are stepping in to fill the gap.

I don't think it is technically difficult to design a system that would work well. The problem seems to be one of social engineering; of agreeing on a standard and getting the code out there; not of designing it. A such it seems like a problem open source could solve.

(Log in to post comments)

On keys, trust, and webs

Posted Oct 11, 2011 21:15 UTC (Tue) by jcm (subscriber, #18262) [Link]

In fairness, Google wasn't vulnerable (in Chrome) to the root cert. issues because they had added a cert hashing check and whitelists to their browser specifically to work around this kind of attack (something I love about them as the modern Xerox PARC, Sun, or Bell Labs of our time). It only worked if you were using Chrome, but they did think about it.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds