On Wed, Jul 22, 2009 at 03:09:25PM +0200, André Warnier wrote: > While not contradicting the essence of the above, I would like to know > something for my own edification, if some expert could comment. I don't think of myself as an expert, but I'm free with my opinions. :-) [a desire to secure communication among a small, select group using SSL] > It is my understanding that we could set up our own "certificate authority" > (CA) and create our own server certificates. A customer browser, upon the > first connection, would pop up some message indicating that it cannot verify > this certificate, and offering maybe to "authorise" our own CA as a valid > one. Once they did this, the popup would not happen again, and their > communications with the website would be encrypted (which is the main point > of the exercise). > > I understand that, in case their DNS system is compromised, they could land > onto another website pretending to be ours, and thus accept this other > website certificate and CA. > But I consider this possibility as relatively unlikely, and easily detected > by the customers themselves once they proceed. (*) > > Is anything wrong with the above thinking ? I don't think there's anything wrong, since your judgment of your risk is your own to make, but I do want to suggest that you might consider delivering your CA certificate in advance by other means. A CA certificate, in isolation, is an *unsubstantiated*, *untestable* assertion of identity and authority. It should be delivered either directly from the CA to the trusting party, or via a mutually trusted third party. (If you have a site which is secured by a commercial certificate that your partners can verify, that might qualify as a trusted mechanism.) I dislike the idea of training people to accept identity "proofs" from sources that could turn out to be random strangers, or to bypass warnings. Unlikely though such an attack may be, such training sets people up to think in ways that tend to compromise security. It should be the norm to expect a verifiable exchange when agreeing to trust. I do think it is quite sensible to set up a private CA for the purpose you describe, and to rely on its certificates for privacy. I only think that the distribution of the CA's own certificate should be done very carefully, since it is the key to the whole security infrastructure that you want to build. -- Mark H. Wood, Lead System Programmer mwood@xxxxxxxxx Friends don't let friends publish revisable-form documents.
Attachment:
pgphlMWUuf3Wc.pgp
Description: PGP signature
|