[Sovereign Keys] Evidence for claim - CA-signed certificate

[Brad Templeton]

> That attack, and proposed protections, are discussed in this file:
> 
> https://git.eff.org/?p=sovereign-keys.git;a=blob;f=issues/transitional-considerations.txt;h=fa3b1591820baf1f2f62740f1f0e8b7998c29174;hb=HEAD
> 
> But as Brad points out, there may be other precautions and procedures that
> should be added to that file.
>>

More to the point, I think it's vital the key for any established web
site be verified through some sort of out of band channel, one that is
not readily available to somebody who has pwned the server.    I see two
such channels.

a) The whois record or other records at the domain registrar.  To
compromise this you would tend to need to have done things like
intercept or keylog a login session there -- not impossible, but harder.
 A magic string could be inserted in the whois, even temporarily.  For
example changing an admin contact to somelongalias at yourdomain.com where
the alias also is a hash of the key.
This is not trivial to automate, of course.

b) DNS records for the domain, if and only if we can verify that the DNS
server is on an independent machine.  This is non-trivial, but if we
can, a new DNS record for the domain can be added verifying the key.

c) A phone call to the number in a whois record.


Alas, email and anything that is verified with email are not out of
band.  A scripted attack would possibly get them all.

It's a valuable attack.  Find a valuable site with no SK.  Create an SK
for it.  Contact the owner and say, "Pay us $$$$ and we'll give you the
private key, otherwise your domain is toast."   Well worth scripting and
doing again and again.