On Sun, Nov 17, 2013 at 07:05:04PM -0500, Phillip Hallam-Baker wrote: > > That being said, the problem for PKI is that, assuming active > > MITM attacks both on ISP chains and CA chains, it offer no > > better security than DH, > > > > As DH involves end systems only, there is no point of deploying > > PKI with no additional benefits. > > If we assume that the attack model is flying horses armed with lasers there > is no additional benefit. > > The point is not what the consequences of the assumptions are, the question > is how likely the assumptions are. If you leave that out of the equation > then the result is nonsense. Actually, the attack was called "FLYING PIG" --- that was the GHCQ code name, per the Snowden leaks[1]. Some have speculated that Diginotar was so badly penetrated that it wasn't just the Iranians which penetrated it, but the NSA/GHCQ as well. One of the reasons why the bogus Diginotar certificates were detected was because Google Chrome had a feature called "certificate pinning" --- which is not a feature normally associated with PKI's. It's unfortunately not all that scalable, since it involved hard-coding certificates, or their hashes, in the browser binary. The challenge is coming up with a solution that *is* more scalable, and less dependent on trusting that CA's are competently run. - Ted [1] http://www.techdirt.com/articles/20130910/10470024468/