[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Pen register request used to force disclosure of SSL private keys - LavaBit hearings
- To: coderman <[email protected]>
- Subject: Pen register request used to force disclosure of SSL private keys - LavaBit hearings
- From: [email protected] (CodesInChaos)
- Date: Thu, 3 Oct 2013 21:24:09 +0200
- Cc: cpunks <[email protected]>
- In-reply-to: <CAJVRA1R5E71D6mAN4zPivMK_KHeFPuZQ-=dCidMhF8wJb=-qUA@mail.gmail.com>
- References: <CAJVRA1S4SagR+=JHrJDsQ_UGGksm0GKEu-XQ=t-HXn9_oKhjig@mail.gmail.com> <[email protected]> <CAJVRA1R5E71D6mAN4zPivMK_KHeFPuZQ-=dCidMhF8wJb=-qUA@mail.gmail.com>
> This, in my opinion, can make all US encryption, even US-based
> certificate authorities really untrustworthy. What is to stop them from
> getting GoDaddy to give up their root certificates with a NSL and a
> small legal justification?
We need to catch a CA which does this, for example using Certificate
Transparency.
Then handing over the CA private key is equivalent to committing company
suicide.
This means that
1. CAs will fight with all they've got
2. If corruption is successful, eliminates US CAs one by one until there
are none left to compel.
> some have suggested a rule #5: don't distribute updates automatically
> to your users and don't implement security critical functions in code
> that is delivered to the client via the server.
I don't think disabling auto-update is a good idea. What we need is secure
auto update.
This involves:
1) requiring multiple signatures on the update by people in different
jurisdictions
2) Reproducible builds
3) A Certificate Transparency like log of all updates.
I believe TOR is doing some work on points 1) and 2).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20131003/16c3a0c9/attachment.html>