Re: HTTPS everywhere!
On 12/06/14 19:16, Tollef Fog Heen wrote:
> ]] Christoph Anton Mitterer
>> Supplying the Debian Root CA to people not using Debian could have been
>> easily done by a *single* site that uses a cert available in all
>> browsers... which offers the Debian Root CA for secure and "trusted"
> That's a nice theory. It does not align particularly well with what
> happens in the real world.
Expanding on that a little, for non-experts there are only two trust
levels for CAs:
* my browser vendor doesn't trust this CA at all, and indeed my browser
will not let me access https sites secured with it, even though it
will let me access an equally MITM-prone http version of the same
* my browser vendor trusts this CA completely, and if it signs a
certificate that claims to be for paypal.com, my bank, my employer's
commercially confidential servers, a server with my private medical
information, etc. then that certificate is assumed to be genuine
It should be possible to make a CA certificate that is only considered
to be valid for the spi-inc.org and debian.org subtrees, and then trust
the assertion that SPI control that certificate - but in widely-used
applications, that isn't possible. If SPI can sign certificates for
debian.org, then they can also sign certificates for my bank, and my
browser will think those are just as valid.
For less technical users who are only dimly aware of the existence of a
thing called a certificate at all, giving SPI the technical capability
to impersonate their bank seems an unacceptable risk.
If widely-deployed TLS implementations had the ability for a server to
offer more than one certificate, there'd be no problem -
https://security.debian.org/ could present a Gandi certificate, a SPI
certificate and a cacert.org certificate, signed by different CAs but
based on the same key material (and particularly paranoid browsers could
insist on more than one being valid). That capability does not currently
exist in practice, though.
 experts can maybe use things like Certificate Patrol, although CP
suffers from the fact that most browsers do not warn about use of
multiple certificates like it does, which means large sites like Twitter
assume they can deploy multiple certificates without any user-visible
problems, which means CP has so many false positives on some sites that
it approaches unusable