
On 01/02/2012 07:07 PM, Aaron Cannon wrote:
If a key in the chain of trust is compromised, this only gives an attacker the ability to create a fake certificate from the gutenberg.org domain which they could use in a man in the middle attack.
`Only´ in this case means that if you also control DNS you can set up a site that is cryptographically indistinguishable from gutenberg.org. As most DNS servers are in the same jurisdiction as the user, all a government needs is a credible fake certificate.
If a user doesn't check the chaine of trust, all that is needed to launch a successfull man in the middle attack is to compromise any level of any chaine of trust that the user browser recognizes as trustworthy.
If a user doesn't check, its his fault. If we use a chain of trust that is hard to check, its our fault.
However, what I'm saying is that most users wouldn't detect either sort of attack because most users don't look at the chain of trust. Even if they did look at the chaine of trust, how would they know what the correct chaine of trust should be for gutenberg.org?
They don't have to know. They only look at each link and decide if they can trust it. If one of the certificates is signed by "Iranian Secret Service LLC", they just download the Koran and go away.
IMHO, the only value in having a certificate that is signed by a recognize CA is that it prevents the browser from scaring the user, and it does make it non-trivial to create a forged certificate.
The only raison d'etre of a certificate is that it is hard to spoof.
Would you consider it a reasonable compromise to install a cheap SSL cert on gutenberg.org and to provide a security notice to the user to the effect that while the connection is encrypted, it shouldn't be relied upon for protection against sophisticated attackers. We could even suggest some more secure alternatives like TOR for folks with higher security concerns.
No. "Compromise" and "security" don't mix at all. A user sophisticated enough to know about TOR doesn't need PG to have SSL anyway. SSL is appropriate for protecting your credit card number from a rogue user of the same hotspot, it is not appropriate for protecting your private sphere from your government. Assuming it is the latter you had in mind, I don't see SSL helping us at all, it will only throw in a lot of confusion. -- Marcello Perathoner webmaster@gutenberg.org