[SSL Observatory] SSL CA compromise in the wild
Steve Schultze
sjs at Princeton.EDU
Wed Mar 23 10:57:49 PDT 2011
On Mar 23, 2011, at 1:54 PM, Chris Palmer wrote:
> On 03/23/2011 10:49 AM, Steve Schultze wrote:
>
>> "By standard security theory, bits are cheap, so if you have a
>> hundred TLS accelerators, you should never move one private key into
>> all of them. Instead, you should make a hundred different keys, and
>> sign them all with the same Certificate Authority."
>
> By standard security theory, identities are expensive. If you have 500
> identities, you don't have an identity. (This is The Citibank Problem,
> as discussed in my slides. Not all banks have this problem.)
>
>> Supposedly there are some prominent examples of this on banking
>> sites. Supposedly the hardware actually makes it hard or impossible
>> to import your own private key.
>
> I wouldn't buy that hardware, because it's broken. As Adam Langley
> explains, you don't really need accelerators — even for a deployment as
> large as Gmail, anyway.
While I agree with you, evidently large popular sites still do it... so a proposal to not support those sites is unlikely to win. That's why Kaminsky dealt with it in his keys-in-DNSSEC proposal, and why DANE is dealing with it as well.
I also wish people didn't use IE, but I still have to design sites to support it.
More information about the Observatory
mailing list