On 1/1/2012 12:57 PM, Alex Buie wrote:
Also, pretty sure this is the only time I've ever mentioned anything security related on the list, so I won't, in fact, stop "spamming" the list, because I never was.
You have to cut Marcello some slack; while he is technically very astute, he has pretty much the same social skills as BowerBird.
There is absolutely no need for an EV cert for a _book downloading_ website. Maybe the entry level comodo cert isn't good enough in your opinion, but you certainly don't need anything more than a domain validated cert.
No, not even a domain validate cert is necessary. This is not a case where we want to assure people that they have arrived at the "true" Project Gutenberg web site. So long as PG does not ask for e-mail addresses, Social Security Numbers, credit card numbers or other forms of personally identifying information, no one should really care if the PG web site is spoofed. Sure, you could mount a denial of service attack that way, but there are other, much easier ways to do it. The problem presented here is that we want to protect people from eavesdroppers who are interested in knowing if you are downloading the Koran, the Bible, Mein Kampf, the Universal Declaration of the Rights of Man, or any other "subversive" material. In order to protect a public network connection from eavesdropping you need an encrypted channel typically using an uncompromised synchronous session key. It's hard to keep a synchronous key uncompromised, so the standard method is to generate a random, ephemeral session key, and deliver that session key using an asynchronous key exchange, which only requires that one party (in this case, the web server) maintain an uncompromised private key. A public key certificate is the standard way of distributing the public key associated with a private key. A /signed/ public key certificate is a way for some third party (the Certificate Authority) to say, "I stake my reputation on the fact that the assertions of fact contained in this certificate are true and have not been altered since I saw them." This certification depends entirely on the trustworthiness of the Certificate Authority. If the Certificate Authority cannot be trusted, while the certificate can still be used to encrypt the communication channel, the certification of other data in the certificate has virtually no worth. In fact, certification by a untrustworthy Certificate Authority may be worse than a self-signed certificate because it conveys a false sense of security. If you were to look at the contents of any of the really cheap certificates out there, I think you would find that every one of them contains a disclaimer to the effect that "FBN Security company makes no representations as to the validity of the data contained in this certificate. Proceed at your own risk." Government security organs are really good at compromising encrypted channels when they put their minds to it. If you /really/ wanted to be protected against government eavesdropping, you need a certificate signed by a company that goes to great lengths to protect its signing private key from any disclosure, including disclosure to /any/ government agency. Then, if you look at the certificate for the PG web site and it says "signed by the most ultra secure private key in the business," you can be pretty sure that the public key in the certificate belongs to PG -- assuming, of course, that /Project Gutenberg/ has gone to great lengths to protect /its/ private key. This kind of vigilance costs money. An alternative to a costly certificate might be a universally available CA certificate. This is what I mean: Project Gutenberg mints two certificates; one is a self-signed certificate whose Key Use is listed as Certificate Signer, the other is a certificate signed by the self-signed certificate, whose Key Use is for a web server. Every time you connect to the PG web site using https, you are presented with the second certificate. To make the browser's "Scary Message" go away, you would have to find and install the Project Gutenberg signing certificate. This certificate would be available from the Project Gutenberg web site, but it would also be "sowed" as widely as possible across the internet. Users concerned about surveillance would download the signing certificate from Project Gutenberg, but would also Google around for the certificate, and perhaps obtain it as well from peer-to-peer sites or social media. Only when you get five (or ten or fifteen...) matching certificates do you actually install it. This is very similar to the PGP trust model. Of course, it does rely on PG to be vigilant in protecting it's own private keys. I'd take the private key for the signing cert and put it in escrow in a Swiss bank vault, deleting it from all PG-controlled computers. Were I under surveillance by a hostile government (and I do not exclude my own) I would trust a cloud-based certificate chain far more than any inexpensive certificate, and perhaps even more than a Verisign Extended Validation certificate, which only requires that Verisign authenticate the certificate applicant’s domain ownership and organizational identity. What I really want to know is that Project Gutenberg is not going to hand over its private key when presented with a writ or subpoena.