undefined | Better HN

0 pointswyager11y ago0 comments

>The migration away from the CA model is called "certificate pinning".

TOFU/POP is not an effective model for the web. There are simply too many sites for it to be useful. It's pretty much an everyday occurrence that I go to a site I've never been to before, and certificate pinning won't help at all there.

0 comments

tptacek11y ago

First, "TOFU/POP" has a real name; it's "key continuity". Second, certificate pinning as implemented in Chrome doesn't depend directly on key continuity. Third, key continuity destroys the incentive to attack sites by compromising CAs, because even if you're hitting a site for the first time, many of the 10,000 other people hitting it from the same browser at around the same time aren't, and they'll detect the bogus cert. That only has to happen once for Google to put a gun to the rogue CA's temple.

wyagerOP11y ago

>First, "TOFU/POP" has a real name; it's "key continuity".

I am aware of both names, thank you.

>That only has to happen once for Google to put a gun to the rogue CA's temple.

Google can't really help in every single case. There are many situations where Google's revocation scheme can't keep up.

You also have to put a lot of trust in Google. You think Google is going to issue a revocation if they're under legal pressure not to?

As you are aware, human factors are frequently the weakest parts in a cryptosystem.

tptacek11y ago

I don't understand your comment. Google doesn't revoke keys. It revokes whole CAs.

1 more reply

y0ghur7_xxx11y ago

> certificate pinning as implemented in Chrome doesn't depend directly on key continuity.

But it's unsuitable for the entirety of the web. You can't hardcode all certificate fingerprints of the whole internet inside the browser.

>> The migration away from the CA model is called "certificate pinning".

> key continuity destroys the incentive to attack sites by compromising CAs

We need to ELIMINATE CAs (CA as in some third party (google, Verysign, GoDaddy, ...) who you have to trust). The whole concept of trusting a CA is broken, and pinning does nothing to address that, at least not in the proposed TACK implementation.

tptacek11y ago

That's true, you can't hardcode certificate fingerprints for every site. Hence, TACK.

1 more reply

j / k navigate · click thread line to collapse

0 comments

tptacek11y ago

wyagerOP11y ago

>First, "TOFU/POP" has a real name; it's "key continuity".

I am aware of both names, thank you.

>That only has to happen once for Google to put a gun to the rogue CA's temple.

Google can't really help in every single case. There are many situations where Google's revocation scheme can't keep up.

You also have to put a lot of trust in Google. You think Google is going to issue a revocation if they're under legal pressure not to?

As you are aware, human factors are frequently the weakest parts in a cryptosystem.

tptacek11y ago

I don't understand your comment. Google doesn't revoke keys. It revokes whole CAs.

1 more reply

y0ghur7_xxx11y ago

> certificate pinning as implemented in Chrome doesn't depend directly on key continuity.

But it's unsuitable for the entirety of the web. You can't hardcode all certificate fingerprints of the whole internet inside the browser.

>> The migration away from the CA model is called "certificate pinning".

> key continuity destroys the incentive to attack sites by compromising CAs

tptacek11y ago

That's true, you can't hardcode certificate fingerprints for every site. Hence, TACK.

1 more reply

j / k navigate · click thread line to collapse