[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail

[Peter Gutmann]

Rob Stradling <rob.stradling at comodo.com> writes:

>> What are we defending against?
>
>State-level attackers.  And we should expect them to persist in their
>efforts.

That wasn't quite what I meant.  What measures, whether they're coming from
VEVAK or an Iranian script kiddie, do our technical countermeasures need to
defend against?  Without a specific threat model, we can't define success
criteria, and without those, absolutely anything goes.  If I propose praying
to trees as a security measure and you propose eating more roughage (and I
suspect that to be at least as beneficial as, if not more so, than some ideas
that have been proposed) then without a threat model and success criteria we
have no way to determine whether one is more useful than the other.

So far of the entire mass of ideas being tossed out, I don't recall a single
one that had any kind of threat model or success criteria.  This means that so
far all anyone has been doing is, to quote Linus, "wanking around with their
opinions".

Lowering the bar even further from my previous success-criteria proposal,
might I suggest that we don't consider any new technical measure unless the
proposer provides at least some evidence that it will reduce phishing (or more
generally going to site A thinking you're at site B) by five percent.  "At
least some evidence of a 5% improvement", that's really not too much to ask.

Just to put my money where my mouth is (and to throw down a bit of a
gauntlet), the material in the PKI risk talk that I keep referencing is backed
up by substantial real-world research results.  For pretty much everything in
there I can point to peer-reviewed, refereed research showing the effects of
doing that.  Can anyone else do this?

Peter.