[SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA

[Jacob Appelbaum]

On 11/03/2011 09:47 PM, Phillip Hallam-Baker wrote:
> On Thu, Nov 3, 2011 at 10:29 PM, Jacob Appelbaum <jacob at appelbaum.net>wrote:
> 
>> On 11/03/2011 07:16 PM, Phillip Hallam-Baker wrote:
>>> On Thu, Nov 3, 2011 at 9:35 PM, Jacob Appelbaum <jacob at appelbaum.net>
>> wrote:
>>>
>>>> On 11/03/2011 05:27 PM, Phillip Hallam-Baker wrote:
>>>>> People who throw stones...
>>>>>
>>>>> Seems to me that EFF and Moxie have been holding everyone else to a
>>>> certain
>>>>> standard these past few months.
>>>>>
>>>>> I don't think that either would accept 'recognized and acknowledged' as
>>>> an
>>>>> excuse.
>>>>>
>>>>>
>>>>> In the case of Convergence the site does not say a blessed thing about
>>>> the
>>>>> proposal. Not a squeak, not a sausage. It is pure marketing glitz with
>>>>> fancy graphics but no substance.
>>>>>
>>>>
>>>> If someone is going to accuse an open source project of being a backdoor
>>>> they could at least link to the offending code.
>>>>
>>>
>>> If someone is going to claim that there are '650 CAs' then they could at
>>> least ask why the DFN root has 200 intermediates chained and if they are
>>> actually CAs as being claimed.
>>>
>>
>> This is a pretty conservative number - consider that Dan Kaminsky often
>> says the number is around ~1600 - what's the correct number?
>>
> 
> What makes either of them able to provide an accurate figure?

The same thing that would allow you to provide an accurate figure - a
hypothesis, a methodology for collection of evidence, analysis of
evidence and well - peer review of the results?

They have served up the goods, they explained the way they came to their
conclusions, they've given talks, they've showed the data, etc.

Did I miss your version of that? I guess so. Could you show me?

> 
> In the case of the EFF study the methodology is flawed, they have been
> advised of the issue, they accept that they cannot tell if an intermediate
> cert is a public CA or not. Yet they keep making the claim.
> 

How is the methodology flawed? This is news to me, I'd love to hear more
about it? Who at the EFF has been advised of the issue? Is there just a
thread that I'm missing here?

> The number of WebTrust audits of CAs would probably be the place to start
> since anything that is acting as a public CA that is not being audited
> should not be.
> 

Is that public information that you can link to?

> 
> Additionally, I believe you are mistaken about such a quote from me. I
>> did a quick search and found articles that cite the EFF and also quote
>> me - the EFF citation is not a quote from me - I don't work for the EFF.
> 
> 
> The parent post was attacking the EFF and in particular one of the authors
> of the claim.
> 

That was rather unclear as I am neither the EFF nor making that claim.

> 
> 
> 
> 
>>> EFF has been mighty economical with the truth of late. I have been pretty
>>> sick of it to tell the truth. The 650 CAs claim was garbage, they know it
>>> is garbage but you keep on repeating it to the press as fact.
>>>
>>
>> How many CAs exist today that can sign a certificate and then that
>> certificate will be accepted as valid?
> 
> 
> I can't give a figure right now. But we should be able to get a figure once
> the minimum criteria for DV issue are applied.

If you can't give a figure, why do you dispute their figure? You don't
have a figure but you're sure it's way off? Huh. Ok...

> 
> It should be somewhere between 30 and 50 entities performing the domain
> validation part of the criteria after the dust settles.
> 

How do you count sub-CAs under large educational institutions in Europe
that are the subordinate of say, Comodo?

> Then there is a much larger number of resellers some of which perform some
> validation steps for OV validation but do not have keys and do not perform
> the domain name checking.
> 

If one of these signs a cert with 'CA = True' - what just happened?

Does that increase your number? I have a few of those from various
research projects - will you discount them?

> 
> It wasn't my idea to let all those roots into the browsers in the first
> place. My idea for minimum standards for SSL cert issue was pretty much EV.
> 

Huh. I think well beyond the browser here - are you limiting the CA
count simply to the browser?

> 
> 
>>> Well now they are having problems being believed and I am afraid that I
>>> can't actually vouch for their honesty any more.
>>>
>>
>> This is a diversion. The person behind this slander says that they're
>> writing backdoors - it's a pretty different thing from what you're
>> saying, which is that you disagree with their counting methods.
>>
>> One is a matter of methodology and the other integrity. I'm sure someone
>> from the EFF will chime in here and I welcome that discussion.
> 
> 
> No, they both turn into matters of integrity when a half truth is
> intentionally used to advance a political agenda. Gilmore has repeatedly
> used the 650 figure as evidence in his attacks on the CA model. He does not
> put in the caveats that the authors used in the paper, nor does the EFF in
> their press releases.
> 

You're quoted above as saying that you can't publish a number but you
think their methodology for arriving at a number is flawed. It seems
like the thing thing to do is to publish about the correct methodology
and also publish some numbers derived from that methodology.

There is a very serious difference between an intentional backdoor and a
methodology that you claim is flawed with some un-cited facts. The
former is a matter of actively harming your users. The latter is at
worst, a crappy scientific paper with. More likely with the latter case,
it's a good piece of research that moved the public field forward and
it's imperfect.

As far as the politics angle, you're a self professed benefactor and
proponent of the CA model. Do you claim that you're free of a political
agenda? That seems like an odd stone to throw...

So, I'd like to dismiss with the politics and simply see your numbers.
Also a clear and concise methodology would be helpful.

> So its kind of a Fox News type approach of introducing a report that makes
> a misleading claim and then repeat the headline constantly. When challenged
> go running back to the report and say 'hey look, we did put a caveat'.
> 

Again, where are your numbers? What is the better methodology?

>From where I'm standing, I see a less than Fox News approach from your
side of the table. It's pretty astounding, honestly.

> Sorry, that is a dishonest way to conduct a debate.

It is far more dishonest to try to argue from authority and to accuse
rather than disprove. You do not assume good faith and well, huh, I
wonder why that is?

> 
> 
>>> This rumor is a bunch of bullshit and I can't believe it spilled onto
>>>> this list too.
>>>>
>>>
>>> The Iranian government runs a Warez site filled with all sorts of
>> software
>>> that is not legally for sale in Iran.
>>
>> Citation please.
> 
> 
> Personal conversation with US intelligence.`

Which branch? Do you have a clearance? If so... is it TS-SCI? If so, did
you just lose it? If not, who are you kidding?

> 
> Feel free to discount the source if you like. But I somehow doubt that they
> would be wanting to give the Iranian regime ideas. If they were not doing
> it earlier they are quite definitely aware of the tactic since I talked
> about it on the VoA and BBC World Service Persian editions.
> 

Cool, I was at VoA/BBG headquarters the other day - who were you
speaking with at VoA? Perhaps we can have a coffee the next time we're
both in DC and you can explain this better in person?

> 
> 
>>> So I would not discount the possibility of there being IRG versions of
>> Tor
>>> in circulation. In fact it seems rather likely that they have done that
>>> already.
>>
>> What do you base this on? We'd love to see a sample - feel free to send
>> us some evidence.
>>
> 
> Well it should be quite easy to duplicate the work. We know that it is
> imposible to buy Microsoft Windows legally in Iran. Ergo there must be some
> alternative distribution system.

It's easy to duplicate something without having a sample or only a high
level overview. It's hard to do it right and to really understand the
threat.

Interestingly, I know for a fact that some people in Iran use Free
Software whenever possible because of the sanctions that make purchasing
Windows illegal. So is your rumor platform specific?

> 
> Why wouldn't they try to compromise the machines? Seems like an obvious
> attack for them to do. If the US government tells me that Iran is following
> a course of action that is obvious to me I tend to believe them unless
> proven otherwise.
> 

Compromise which machines? End user machines? Yeah, of course.

> 
> In any case, I hardly see what any of this has to do with the
>> allegations from the parent post. It appears to be slander with
>> absolutely no factual backing.
>>
> 
> The connection is that none of us can simply assume that others will
> believe us when we claim to be acting in good faith.
> 

Even when you're acting in good faith, I do not believe your systems are
always under your control. Example: Comodogate

> The standard here is not 'prove that I am a liar'. As a CA I have to
> convince people that they can trust me. And that is the standard that you
> will have to try to meet if you ever want to replace me. It is not a fair
> standard at all. But it is the standard that rules.
> 

Ok, I admit, I had to look you up. You work at Comodo and you're
seriously making this argument?

You ask people to buy into a model which relies on people,
organisations, even countries where you have no relationship whatsoever.
This is the browser certificate trust model in a nutshell. This is not a
model that can be trusted. This kind of design is pretty much a failure
and it's why people are working on alternatives.

So, how are you convincing people that they can trust you? I don't know!
I'm not buying it at all. I am however working pretty hard to prove that
the CA model is a failure. Lots of people are working a lot harder than
I am and the reasons for such work are everywhere.

At ISS world in DC a few weeks ago, I heard an SS8 shill discuss their
SSL interception gear. He said that people in the audience should a CA
cert for use with their product. Huh, how would they... oh, right. I
asked which one and he declined to answer because they didn't want a big
story in the press. Huh, how about that.

> 
> All these systems are turtles stacked on turtles. It is really easy to
> design a system that works if you are allowed to insert a single magic
> turtle that is absolutely trustworthy into the stack.
> 
> And is it really easy to collapse someone else's stack by pointing out that
> their turtle may not be trustworthy after all.
> 
> If you want to go round pointing at other people's magic turtles and point
> out that they are not so magic then they get to point out your magic
> turtles.
> 

There are no magic turtles in Tor or in open data sets or in published
work about your magic turtle industry. Your analogy requires the use of
magic turtles and thus, well, I'm sorry to say that your analogy is
totally bogus.

Imperfection does not mean that things are magic turtles.

> 
> DANE has a magic turtle called ICANN. In the case of Convergence the
> description does not even begin to explain what the turtle is let alone why
> it could be magic.

DANE is compatible with the CA model and augments it with DNSSEC. DANE
like Convergence is totally complementary to the CA model.

DANE and Convergence have potential problems. The trade-off is that they
both realistically help alleviate the actual problems with the CA only
model. None of these weaknesses are magic turtles. They're designs with
strengths and weaknesses. The notion that we should trust a single
entity and never verify things is a dead path for trust.

> 
> The solution in my view is to move from relying on a single turtle to a
> system where more than one turtle has to break.
> 

Yep. I hope we kill the CA (only) model along the way while we're at it.
That's a turtle that I won't mind watching go extinct. It lived a good
life, let it die already.

( Whew - quite a discussion )

All the best,
Jacob