As you undoubtedly know, the chain of trust only helps the browser and the user (assuming they even look at it, which is doubtful) decide whether or not they can trust the certificate. If a key in the chain of trust is compromised, this only gives an attacker the ability to create a fake certificate from the gutenberg.org domain which they could use in a man in the middle attack. It would not give them the ability to decrypt the traffic on a direct connection between the user and gutenberg.org. In order to do that, they would need to compromise the secret key installed on the ibiblio server. If a user doesn't check the chaine of trust, all that is needed to launch a successfull man in the middle attack is to compromise any level of any chaine of trust that the user browser recognizes as trustworthy. However, what I'm saying is that most users wouldn't detect either sort of attack because most users don't look at the chain of trust. Even if they did look at the chaine of trust, how would they know what the correct chaine of trust should be for gutenberg.org? IMHO, the only value in having a certificate that is signed by a recognize CA is that it prevents the browser from scaring the user, and it does make it non-trivial to create a forged certificate. Would you consider it a reasonable compromise to install a cheap SSL cert on gutenberg.org and to provide a security notice to the user to the effect that while the connection is encrypted, it shouldn't be relied upon for protection against sophisticated attackers. We could even suggest some more secure alternatives like TOR for folks with higher security concerns. Aaron On 1/1/12, Marcello Perathoner <marcello@perathoner.de> wrote:
On 01/01/2012 09:09 PM, Aaron Cannon wrote:
If a government agency wanted to read the encrypted traffic to and from gutenberg.org, would an EV certificate be significantly harder to compromise than a cheap domain verified cert? As far as I know, there is no cryptographic difference between the two types of certs. The only difference is in the price and the steps you have to go through to prove your identity when acquiring the certificate.
The difference is in the chain of trust. While there never can be 100% certainty, the shorter the chain is, and the stronger the links are, the greater the chance you will get away with it. And that can be a matter of live and death in some jurisdictions.
If you need a high degree of certainty that you are indeed connected to the real PG site, you should not trust any browser bar colors, you should examine the certificate's chain of trust.
Now if we get a certificate from Verisign the chain will be:
- browser-installed Verisign certificate - Verisign Inc. - Project Gutenberg
A user in (let's say) Iran, will have the certainty that no authority outside the US is in the chain of trust. That's enough security for an Iranian that wants to download Karl Marx.
(It may not be enough for an US citizen wanting to download Karl Marx because US officials may very well have colluded with Verisign and tampered with the DNS system.)
If instead we buy a certificate from discounter X:
- the chain will be longer and contain unknown CA names, thus will be much harder to scrutinize for security
- any CA on the chain of trust may have been tampered with with catastrophic consequences.
Ironically the very CA that issues those cheap $9 `certificates´ has been tampered with, probably by the Iranian government:
http://en.wikipedia.org/wiki/Comodo_Group#Breach_of_security
-- Marcello Perathoner webmaster@gutenberg.org _______________________________________________ gutvol-d mailing list gutvol-d@lists.pglaf.org http://lists.pglaf.org/mailman/listinfo/gutvol-d