Date: Mon, 9 Sep 2013 22:14:17 -0400 From: Garrett Wollman <wollman@bimajority.org> To: "Poul-Henning Kamp" <phk@phk.freebsd.dk> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: Anything in this story of concern? Message-ID: <21038.32889.46054.73649@hergotha.csail.mit.edu> In-Reply-To: <95933.1378712057@critter.freebsd.dk> References: <20130909144142.J99094@sola.nimnet.asn.au> <94943.1378706943@critter.freebsd.dk> <0EEF6678B3EEC94B9AE44705DF224D023D48BF92@G9W0725.americas.hpqcorp.net> <95933.1378712057@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 09 Sep 2013 07:34:17 +0000, "Poul-Henning Kamp" <phk@phk.freebsd.dk> said: > And as Garrett Wollman correctly pointed out on twitter: It remains > yet to be seen if any implementation of SSL/TLS can be non-crap, > given that they are stuck with X.509. I should say, by the way, that X.509 is not an inherent requirement of SSL/TLS, *but* it's what the clients implement. You can do GSSAPI authentication for the TLS key exchange, but there's little benefit in doing that versus just doing straight GSSAPI sign/seal and leaving TLS out of it completely. (Plus, there are only two options for GSSAPI; one of them doesn't work at Internet scale and the other is back to X.509 again.) You can also do OpenPGP-style Web of Trust authentication for the TLS key exchange, but that doesn't work at Internet scale either. GnuTLS supports both, however. What would work, would be better than the X.509 CA infrastructure we have now, and has been demonstrated experimentally, is using DNSsec to publish server public keys -- but that's hardly reducing the size of the TCB, and it would significantly worsen the impact of bugs in validating DNSsec implementations. The likely result, if browsers and servers began to support this as a legitimate option, would be that the existing rents collected by X.509 CAs would instead by paid to domain registries and registrars instead. (On the other hand, it seems unlikely that registries could get away with charging the same premium for a secure delegation as CAs now do for a wildcard certificate -- and the latter is a horrible idea anyway.) -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21038.32889.46054.73649>