Security quotes of the week

This has not changed since I started working in security in the days when dinosaurs roamed the earth and megabytes were only found on disk drives. We released a Unix variant that we charged $5000 extra for because it had an unprivileged root (using POSIX capabilities) and every customer's first questions was "How do I become Real Root?".

So here we are on the cusp of something. At long last, we're finally approaching the critical mass necessary to replace the CA system that we've long since grown out of. But when evaluating replacement models for the CA system, the very first question we should ask is "who do I have to trust, and for how long?" If the answer is "a prescribed set of people, forever" we should probably proceed with extreme caution. I believe that if we don't develop a solution which offers trust agility, we will inevitably find ourselves back in the exact same place that we're currently trying to escape from.

It might happen that someday ICANN will create some of these TLDs. There is even talk that they might allow people to register (at a high cost) arbitrary TLDs like .milk or .cookies. In that case, these currently-invalid certificates will become valid because they will suddenly refer to usable internet names. For example, imagine if Microsoft were able to, in the future, register the .microsoft TLD so that they could have www.microsoft for their web site address. As the Observatory shows, an attacker can probably get a CA to sign that name today. Such an attacker would be able to hijack Microsoft's web site on the very minute the new name goes live.