Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Relevance of PGP?



On 06/10/2011 12:44 PM, Tom Metro wrote:
>
> Mark Woodward wrote:
>> I find that the notion of "trust" is completely broken with secure
>> communications. We've already seen that supposedly trusted certs gave
>> keys to china and the US government so that browsers would accept bogus
>> keys.
> Agreed. My trust in certificate authorities has been greatly diminished.
> Both due to reports of fraudulent certificates issued by legitimate CAs
> (or their subsidiaries), and due to the way our browsers (and email
> clients) are packed with hundreds of root certificates from shady CAs
> (some controlled by questionable foreign governments).
>
> The certificate issuing industry has substantial financial incentive to
> provide cheap certificates, and little incentive (in the short term) to
> do the necessary work to validate the authenticity of the applicant.

When you think about it, it is not about trust. It is about security. A 
over a hundred years ago, a sovereign would use a wax seal to ensure 
that documents we delivered unaltered.

That worked because the sovereign had his own seal. Today, we don't have 
our own seals (we trust corporations, not a good idea). What we need is 
a mechanism to distribute and verify public keys. We need a digital way 
of sending keys under separate cover. Like banks send pin numbers. 
Because, seriously, that's what it is.
>> The only way to "trust" a key, IMHO is to have each entity that
>> wishes to have private communication with you create their own cert
>> and send you, via an alternate "safer" transport, the public key.
>> Only that way can you be sure.
> It seems like cert fingerprints ought to be distributed via DNS(SEC),
> but even then, unless you've cached that, it could still be subject to
> man-in-the-middle exploits.
>
> I use the Certificate Patrol extension in Firefox to cache certificate
> fingerprints for the SSL sites I use regularly, so I can quickly spot
> when a cert changes unexpectedly.
>
> https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/
>
DNS is too easily hijacked. You need two things: (1) a VERY public key 
linked to your email address so that you can be sure that the mail you 
receive came from the person who's name is on it. That service has to be 
free and distributed. It could very well be a format where we send the 
public key with the mail, and cache the public key on your system. That 
way if the key is new or changes, you can decide if we wish to accept or 
reject the mail. (2) We need a very very secret methodology to send 
public keys under separate cover in order to keep anyone from 
intercepting our communications or data. None of this is particularly 
difficult, it is just that our corporate overlords will make it 
difficult for us to exercise our freedom.

>   -Tom
>






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org