[SSL Observatory] Witnessed Google certificate change again (includes details like certs, CRL...)

[Chris Palmer]

On Jan 19, 2011, at 11:05 PM, ArkanoiD wrote:

> I agree. So "volatile" certificates are evil, as it breaks any workaround we may design to move away from current flawed trust model.

I'm not willing to say "evil", for the valid reason Andy cites. We've got to be pragmatic about all this; strict adherence to ideology is what got us X.509 and look how that turned out. ;)

I do strongly, but not unbendingly, believe that:

1. Although it is imperfect, persistence of pseudonym is easier for everyone (technical and non-technical) to understand;

2. Therefore, we should prefer it until a better idea comes along;

3. Therefore, sites with less certificate volatility will be easier to trust;

4. Moreover, security should be available to everyone, not just people who can afford/suffer the certificate signing costs (everyone has SSH but almost no-one has HTTPS; the costs are not just monetary);

5. However, we still need to "smoothen" the volatility, such as by changing clients to allow or expect a new cert to be signed by the previous cert and/or the previous signer (perhaps in addition to a normal CA, if the previous signer was not a CA); and

6. Oh by the way, I wonder if that CurveCP thing is any good?

As for (5), you can imagine a DNSSEC-like situation in which signatures are short-lived and re-signing happens often. (And with all the advantages and disadvantages that entails.) Additionally, anecdotes suggest that low-volatility sites, at least among the set of important sites like wellsfargo.com, gmail.com, paypal.com, et al., are already the norm. We could use the Observatory to establish that for sure, or find out if my manual checking just got lucky.


-- 
Chris Palmer
Technology Director, Electronic Frontier Foundation