North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical THe Internet is Too Secure Already (was Re: Buying and selling rootcertificates)
On Wed, 28 Apr 2004, Steven M. Bellovin wrote: > Matt Blaze said it well: "A commercial CA will protect you from anyone > from whom they won't take money." With current SSL implementations, you have to rely on all of the commercial CAs not taking the money. Any match wins. > verification that the spoof was detected. Is this good enough? What's > your threat model...? My threat model was simple :-) I wanted to reduce the messages in my logs about certificate verification failures. I could load a few widely used CA's or I could just turn certificate verification off (the default) and the messages would stop. Eric Rescorla gave a good talk at USENIX Security last year called "The Internet is Too Secure Already" http://www.rtfm.com/TooSecure-usenix.pdf Part of his talk was the threat model mismatch on the Internet. - Excessive concern with active attacks - Taking cryptanalytic attacks too seriously - Forgetting about other threats
|