On 24/03/15 06:21 PM, Ryan Sleevi wrote:
>
> It's difficult to have a discussion with you when you mount attacks ("This
> happened because of your negligence" / "Can you please stop pretending
> that the people involved in PKI are responsible")
I think most people would consider those to be statements of fact.
PKI is a complete joke and there's a whole lot that could be done to
improve it but most of it isn't being done. I'm not criticizing the
technical work but rather policy decisions. Many of us spoke out about
including this specific CA in the first place and are not surprised that
it handed out a certificate to be used for MITM attacks.
DNSSEC/DANE isn't perfect and we don't have it because you (browser
vendors) wanted to solve the problem in other ways. It's not a full
solution to the problem but at least only one TLD gets screwed over by
something like this. Everyone and their dog gets a TLD now anyway.
> and then change the
> goalposts and definition arbitrarily and capriciously ("That's not a zero
> tolerance policy", when Kai's proposal is just that)
I didn't say his proposal wasn't a zero tolerance policy. I said that
about removing a CA for egregarious policy violations like this, if they
don't implemented a mechanism like CT to provide proof that they're not
doing it on a broader scale. They could also open-source their
infrastructure's code to demonstrate that it enforces what it should and
promise that it's what they're really running. They have no shortage of
options here.
Anyway, you can remove the shiny green lock and treat it as an insecure
site without breaking HTTPS. Breaking stuff is not an excuse when you
have all of these options available.
> I can understand you're excited to discuss this topic, but it would be
> helpful to be more productive in the commentary, and recognize the
> messages being replied to.
It would be a lot more productive if there was less dismissal of the
people pointing out that things are not nearly as unfixable as they're
being portrayed. The situation is only this bad because there's an
unwillingness to take actions causing minor pain in the short term (i.e.
weeks).
I think "incompetent" and "negligence" are perfect words to describe
people who can't even keep an OCSP server running.
> As it stands, Kai's proposal is problematic, for the reasons I've
> addressed. There is still a service disruption for every CA, it's just a
> service disruption you view as acceptable because "They should have used
> CT". That doesn't make it not a service disruption, and it doesn't make it
> not zero-tolerance.
I'm not even stating that it would make sense to do that for this case,
only that this case is the latest one identifying the serious problem of
the browser / OS vendors being unwilling to remove CAs.
> Regardless of your feelings towards this particular incident, I think we
> can agree that a world where every domain holder could, in event of a CA
> compromise, validate that the compromised CA had not misissued
> certificates by examining the public logs, of which all certificates were
> required to be logged, is a good world. A world in which we can say "All
> currently disclosed certificates are and remain trusted; no new
> certificates are trusted" is also a world in which we can make more
> informed decisions regarding misissuance. Those are worlds we want to go
> to.
I certainly agree that CT is a major step forwards and everyone working
on implementing it is doing a great thing. It's mostly a political issue
rather than a technical one though, as are other improvements.
It's also not very useful if nothing is done in response to incidents it
uncovers...
IMO, the biggest positive would be an endless stream of these incidents
being discovered and erasing any trust left in the current PKI system
and the people responsible for it on both ends.
> But they're neither the end-state nor are they wholly sufficient. And
> while it's good to keep those potentialities in mind, it's also good to
> recognize there are some worlds that we wouldn't want. I don't think we'd
> want a world in which Let's Encrypt could not exist, or which would be
> functionally delayed for 10 years. That benefits no one. This proposal
> would require that - and even more, greater disruption for any CA that
> disagreed and tried to help make Let's Encrypt a reality.
>
> These are things we can discuss. Personal attacks? Those would best be
> left for another forum.
I'm not making personal attacks. I'm pointing out a pattern of
consistent negligence in enforcing the policy.
There's also a consistent pattern of rejecting solutions to the problem
like treating some uses of TLS as insecure (like this one) but not
breaking it completely without any clear response as to why. Most bugs
related to tuning things related to PKI are closed as WONTFIX with
little attempt to explain.
People who make policy decisions impacting the security of millions of
users are not above criticism, especially when they reject the stuff
other people come up with (like DANE, a soft-fail untrusted form of
HTTPS, and more).
I'd be happy to make a
mozilla-is-irresponsible-for-shipping-a-browser-with-no-sandbox-and-not-enforcing-CA-policy-and-more
mailing list but I'd still express my strong opinions here too.