[SSL Observatory] SSL CA compromise in the wild

Steve Schultze sjs at princeton.edu
Wed Mar 23 10:33:05 PDT 2011


On Mar 23, 2011, at 12:57 PM, Daniel Kahn Gillmor wrote:
> On 03/23/2011 12:48 PM, Steve Schultze wrote:
>> SSH is just TOFU.  So, the current CA model with HSTS is at least as good as SSH, and probably better because at least you first have to compromise a CA.  Mozilla and Chrome implement HSTS.
> 
> HSTS has nothing to say about certificate verification, afaict.

You and Matt are right, of course.  Brain fart on my part.

I do wonder whether there has been any work on TOFU for SSL cert verification other than the existing Firefox plugins like Cert Patrol... of course cert rollover and accelerators probably make that hard to do well.  Maybe TOFU of the CA rather than the leaf would be viable.

Anyway, I stand by the first part of my email fwiw... SSH is just TOFU.


More information about the Observatory mailing list