[SSL Observatory] SSL CA compromise in the wild
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Mar 23 09:57:36 PDT 2011
On 03/23/2011 12:48 PM, Steve Schultze wrote:
> SSH is just TOFU. So, the current CA model with HSTS is at least as good as SSH, and probably better because at least you first have to compromise a CA. Mozilla and Chrome implement HSTS.
TOFU addresses the problem of certificate verification. It says "trust
a given public key on first use".
I think HSTS addresses a different problem than certificate verification.
HSTS addresses a historical accident of a trivial downgrade attack in
HTTPS. In particular, it addresses the fact that most browsers default
to cleartext HTTP, and most site operators try to force an upgrade with
an HTTP 3xx redirect to HTTPS.
Any MITM can deny this upgrade (or, viewed from a different angle, can
"force downgrade" a connection that server operators expect to be
encrypted). HSTS addresses that problem.
HSTS has nothing to say about certificate verification, afaict.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110323/68aea843/attachment.sig>
More information about the Observatory
mailing list