[tor-talk] X509 S/MIME certificate. Was: Another fake key for my email address

Guido Witmond guido at witmond.nl
Tue Mar 11 20:52:49 UTC 2014

Public response to a private message

On 03/11/14 16:35, (..xxx..) wrote:
> On Tue, 2014-03-11 at 13:30 +0100, Guido Witmond wrote:
>> With DNSSEC and DANE, we have that missing link. DANE allows site 
>> operators to specify what CA they use for their site. It could be 
>> allows to set up your own CA and specify that.
> Hey Guido, I think this idea is interesting, but I thought that
> DNSSEC was just as centralized as the CA infrastructure. What
> prevents the DNS authorities from acting in the same manner as the CA
> cartel?

Hi, (xxx)

DNSSEC and DANE change the landscape.

1. With DNSSEC and DANE you don't need one of the global CA certificates
anymore; You can run your own CA. If that proves too difficult , you
might outsource it to one. This puts the global CA in a position where
they have to provide value for service, instead of just rent-collecting
for a green url-bar.

If these global CA's are smart they would offer services where they will
guard your own Root CA key. But I can dream...

2. DNSSEC itself is quite a hassle to set up and run correctly too. It's
best to outsource that to a DNS-registrar. Although this is still a
niche market for DANE records in DNSSEC, the same market forces apply.
If not satisfied with one registrar, take your domain name and shop for
another registrar.

3. The registrars in the DNS-hierarchy can still be persuaded to delete
your certain domain name. (censorship.) Or point it towards a different
server (hijacking). I'll show later how to protect against that.

When everyone can run their own Root CA, all sorts of new avenues open up.

With their own Root CA, companies can provide certificates for their
spokespeople. Or they can sign certificates for clients (at a slightly
different domain name). This way, banks can send out encrypted
statements directly to customers. No more emails asking you to log in
with a username and password. This reduces MitM attacks drastically.

It increases privacy, I would have a certificate for each of my banks,
one for my pension fund. Another at this mailing list and yet another at
another mailing list. My browser would keep them apart.

With a small addition to the browser, it can make sure that it only
offers me client certificates to log in at the server whose server
certificate has been signed by the same Root CA. This makes logging in
even easier for the end user. And it really eliminates MitM-attacks.
While crooks can create a pixel-perfect copy of a banks' site, the
crooks cannot impersonate the Root certificate of the bank, so the
browser will correctly identify the crooks' site as a different site and
not offer my banks' client certificate to log in. My browser protects me
against phishing.

We can go one step further. It is the Root CA of a site that is used to
select the client certificates that the browser offers the user to log
with. The domain name is not used in the selection. It means that the
site owners (who own their own Root CA) can create a new domain name,
sign a server certificate using their root CA and point these new
DNS-records to their server. The site has changed domain name but the
client certificates stay valid. How's that for censorship resistance?

But that is the realm of what I call Eccentric Authentication.

With regards, Guido Witmond.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140311/a7fa1152/attachment.sig>

More information about the tor-talk mailing list