[SSL Observatory] SSL CA compromise in the wild

Steve Schultze sjs at princeton.edu
Wed Mar 23 09:48:51 PDT 2011


SSH is just TOFU.  So, the current CA model with HSTS is at least as good as SSH, and probably better because at least you first have to compromise a CA.  Mozilla and Chrome implement HSTS.

http://en.wikipedia.org/wiki/User:Dotdotike/Trust_Upon_First_Use
http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
http://blog.sidstamm.com/2010/08/http-strict-transport-security-has.html

On Mar 23, 2011, at 12:28 PM, Chris Palmer wrote:
> On 03/23/2011 08:52 AM, Matt McCutchen wrote:
> 
>> The SSH "model" is a cop-out.
> 
> Its problems are significantly less bad than the status quo. Right now,
> anyone who controls any one of the 1,400+ signing certificates (~650
> organizations, many of them proven not to practice even basic sanity
> checking on what they sign, and now at least one affirmatively pwned)
> can own the entire internet.
> 
> Obviously, The True Internet Authentication Scheme will be better than
> SSH. But we could do a lot worse than adopting the SSH model in the
> medium term.
> 
> 
> -- 
> Chris Palmer
> Technology Director, Electronic Frontier Foundation
> https://www.eff.org/code




More information about the Observatory mailing list