--On Friday, September 06, 2013 19:50 -0800 Melinda Shore
<melinda.shore@xxxxxxxxx> wrote:
> On 9/6/13 7:45 PM, Scott Kitterman wrote:
>> They have different problems, but are inherently less
>> reliable than web of trust GPG signing. It doesn't scale
>> well, but when done in a defined context for defined
>> purposes it works quite well. With external CAs you never
>> know what you get.
>
> Vast numbers of bits can be and have been spent on the problems
> with PKI and on vulnerabilities around CAs (and the trust
> model). I am not arguing that PKI is awesome. What I *am*
> arguing is that the semantics of the trust assertions are
> pretty well-understood and agreed-upon, which is not the case
> with pgp. When someone signs someone else's pgp key you
> really don't know why, what the relationship is, what they
> thought they were attesting to, etc.
I think you are both making more of a distinction than exists,
modulo the scaling problem with web of trust and something the
community has done to itself with CAs.
The web of trust scaling issue is well-known and has been
discussed repetitively.
But the assumption about CAs has always been, more or less, that
they can all be trusted equally and that one that couldn't be
trusted would and could be held accountable. Things just
haven't worked out that way with the net result that, as with
PGP, it is hard to deduce "why, what the relationship is, what
they thought they were attesting to", and so on. While those
statements are in the certs or pointed to from them in many
cases, there is the immediate second-level problem of whether
those assertions can be trusted and what they mean. For
example, if what a cert means is "passed some test for owning a
domain name", it and DANE are, as far as I can tell, identical
except for the details of the test ... and some are going to be
a lot better for some domains and registrars than others.
Assorted vendors have certainly made the situation worse by
incorporating CA root certificates in systems based on business
relationships (or worse) rather than on well-founded beliefs
about trust.
On the CA side, one of the things I think is needed is a rating
system (or collection of them on a "pick the rating service you
trust" basis) for CAs, with an obvious extension to PGP-ish key
signers. In itself, that isn't a problem with which the IETF
can help.
Where I think the IETF and implementer communities have fallen
down is in not providing a framework that would both encourage
rating systems and tools and make them accessible to users. In
our current environment, everything is binary in a world in
which issues like trust in a certifier is scaled and
multidimensional. As Joe pointed out, we don't use even what
information is available in PGP levels of confidence and X.509
assertions about strength. In the real world, we trust people
and institutions in different ways for different purposes --
I'll trust someone to work on my car, even the safety systems,
whom I wouldn't trust to do my banking... and I wouldn't want my
banker anywhere near my brakes. In both cases, I'm probably
more interested in institutional roles and experience than I am
in whether a key (or signature on paper) binds to a hard
identity. In some cases, binding a key to persistence is more
important than binding it to actual identity; in others, not. I
trust my sister in most things, but wouldn't want her as a
certifier because I know she don't have sufficient clues about
managing keys. And the amount of authentication of identity I
think I need differs with circumstances and uses too. We
haven't designed the data structures and interfaces to make it
feasible for a casual user to incorporate judgments --her own or
those of someone she trusts -- to edit the CA lists that are
handed to her, or a PGP keyring she has constructed, and assign
conditions to them. Nor have we specified the interface support
that would make it easy for a user to set up and get, e.g.,
warnings about low-quality certification (or keys linked to
domains or registrars that are known to be sloppy or worse) when
one is about to use them for some high-value purpose. We have
web of trust and rating models (including PICS, which
illustrates some of difficulties with these sorts of things)
models for web pages and the like, but can't manage them for the
keys and certs that are arguably more important.
So, anyone ready to step up rather than just lamenting the state
of the world?
best,
john