[SSL Observatory] Invitation: Help rearchitect PKIX and Internet cryptographic security

[Kyle Hamilton]

(originally posted to mozilla.dev.security.policy)
[tl;dr]
This forum isn't the place to discuss infrastructure improvements, so I'm creating one.  Regarding the DigiNotar fiasco, we need to accept that the current model doesn't work.  If you really want to be involved in the design and implementation of a workable security system for data storage and communication, let me know and I'll add you to the mailing list I've got set up.  The bulk of this mail is an attempt to outline a plan to address the important aspects of information security in the real world.  I have my own ideas and my own plans to make it all happen if this attempt to mind-meld fails, but I wish to ensure that as many viewpoints as possible are represented.
[/tl;dr]

Are you interested in discussing ways to improve the state of the cryptographic data storage and communications art for end-entity subjects of repressive governments (as well as non-repressive governments)?  I've set up a mailing list (commsec at kyanha.net), just let me know and I'll add you.  I have a vision, a dream of secure communications and how to get there, and I’m working to make it real.

The challenge:

Assume that there exist:
1) no installed base of individual computers
2) no installed base of pre-existing cryptographic software
3) no backward-compatibility concerns
4) no mandates to use standards or paradigms in ways which are fundamentally broken in any manner
5) the capacity to create and use absolutely any and every tool necessary
6) no mandate to use any preexisting component (but a willingness to, if the component can be made to work cleanly)
7) all current CAs and services offered by them
8) all current Payment Card Industry and other regulatory requirements
9) all current laws and regulations (i.e., no political or legal change in climate)
10) realistically secure key management and storage [*]

- Conduct a realistic threat assessment from the consumer's point of view, addressing minimally the issues of identity theft and payment methods. (m1)
- Conduct a realistic threat assessment from the B2C business's point of view (including "bank", "insurance company", "grocery store", "internet retailer", and others).  (m1)
- Conduct a realistic threat assessment from the B2B business's point of view.  (m1)
- Conduct a realistic threat assessment from the POV of state agencies which could consume these services.  (m1+)
- Create a communications model which is comprehensive, pervasive, extensible and defensible, which is minimally required to securely and confidentially exchange private messages in a manner which leaks no information to an eavesdropper or malicious actor other than the time, source location, destination location, size, and format.  (m2)
- Provide examples of planned interactions with this model, to validate it.  (m2)
- Sanity-check the model by producing mock-ups and conducting user testing.  (m2+)
- Design any and all systems and processes necessary to get from m1 to m2. (m3)
- Implement said systems and processes. (m4)
- Lobby for law and regulation changes as appropriate to facilitate adoption. (m4+)

The rules:
- Believe that the challenge can be met, and check your pessimism at the door.  If you assume, believe, and act as though it can't be done because the barriers are too huge, you ensure that it never will be.
- Utilize and leverage all existing state services, including but not limited to attestation (notaries public) and dispute resolution (judiciary).
- Identify places where the current service offerings of the state may be inadequate (such as "recovery from notaries public bonds" and "small-claims dispute resolution").
- Reuse as much technology as possible and necessary (X.509, PKIX, TSP, OCSP).  If any standardized policy mandates conflict with the goal, ignore them.
- Existing systems shall handle new-form credentials as a normal error condition.  New-form systems shall handle existing credentials as assertable.
- Do not think, worry, or try to prematurely optimize migration from existing systems until after m2 is complete (backward-compatibility is not a concern).  We must know our ideals before we can compromise.
- Identify what services must be consumed by various parties and roles.  Assume that all necessary but currently non-existent services do in fact exist.  Assume that all necessary but currently non-existent hardware can be emulated in software until the hardware can be created.
- Minimize reliance upon single points of failure (single digest, single CA, single asymmetric key, single cipher, single certificate chain, etc).
- Realizing that each application vendor is its currently its own uber-CA, explore ways to create uniformity between CA offerings and application-user expectations using the payment card industry model (which has been proven to work, unlike the current model).

Victory Conditions/milestones:
m1) Determine where we are, from the security theory point of view.  (5%)
m2) Determine where we want to be, given what we have learned about what the consumer will and will not accept. (10%)
m3) Determine how to get from m1 to m2. (25%)
[...additional milestones here...]
m4) Make it happen. (100%)
m5) Lobby for political, legal, and/or regulatory changes to make things easier, but don't expect anything at all to happen. (100+%)

The aim: Create something that's universal, ubiquitous, invisible, and a no-brainer to use, something that's clearly specified and effectively interoperable, something that's easy to implement and is secure against data mining by default.

The ultimate goal: Secure the technological world in ways that permit the individual to protect himself and his multiple discrete reputations from being the victim of identity theft, that permit the individual, the business, and the state to protect themselves from being the victims of impersonation fraud, and that permit the individual to assert his own privacy in his own communications.

Nobody has ever looked at how the individual consumer would need to interact with a secure system that implements the best features of the current technical standard policy mandate quagmire.  Nobody has ever seen the individual as an independent state, sovereign over his own affairs, with no mandates upon his behavior other than those specified by contract (treaty) or law (especially no mandate to share his personal information).  Nobody has ever asked a privacy advocate "if you were designing a system from scratch to jealously protect your own privacy and the privacy of those you communicate with, as though your information were your own to dole out and share on your own terms, how would you go about it, and why?"  Nobody, that is, until now.

If we don't step up to do it, nobody else will -- and we will have (as now) failed to provide the security our users require.

-Kyle H

[*] If we do not design systems which assume key storage and management to be a solved problem, it never will be.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Verify This Message with Penango.p7s
Type: application/pkcs7-signature
Size: 4030 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110905/775c3200/attachment.bin>