[SSL Observatory] Tangent - coercibility of different authority structures

Matt McCutchen matt at mattmccutchen.net
Sun Sep 25 23:22:54 PDT 2011 

On Thu, 2011-09-22 at 13:22 -0400, Phillip Hallam-Baker wrote:
> That is why I refuse to accept the US controlled DNSSEC hierarchy as
> the ultimate PKI authority. Whatever the claims to the contrary, the
> ICANN root CA is under defacto US government control.

Yes, absolutely; I pointed this out before
(http://www.ietf.org/mail-archive/web/keyassure/current/msg01179.html).
But DNSSEC is enough of an improvement over the current 100-odd-way
disjunction that I think I'll do more good by first pushing for DNSSEC
and then pursuing the deeper changes that will be necessary to
completely dispense with all-powerful third parties.

> Russia, China and Iran would be fools not to lobby for the DNSSEC
> scheme because once a single point of control is established it will
> be a trivial matter for them to usurp it within their own territories.

Huh?  If you have the real IANA public key, any attempted usurpation
outside the CCTLDs controlled by the respective countries is obvious.
Whereas with the disjunction of 100+ CAs, if Russia has one CA, it can
defraud users with respect to the entire namespace.  If you were
thinking of a different scenario, could you spell out the outcomes under
the two systems to help me understand?

I appreciate your intentions of providing distributed control through
multiple CAs.  But as long as the system is structured as a disjunction,
all it provides is increased attack surface, some of which may lie right
in the countries in question.  Do you propose to change that?

> The only way to control for the threat of government coercion is to
> ensure that there is transparency in the control mechanism so that a
> default can be detected and there is an alternative means of providing
> authentication in the case that a default occurs.

And if the alternative mechanism is weaker, the government will just
cause the main mechanism to default all the time, so you haven't really
explained how to reduce the problem.  Phill, if you're interested in
working on this seriously, please poke me and maybe I'll actually set up
a mailing list like I was thinking of before...

> What is (I think) at issue here is the question of whether a CA would
> be legally coerced to issue false credentials in order to enable a
> lawful intercept.

Agreed, that is what I am interested in.

-- 
Matt

More information about the Observatory mailing list