- From: John Kemp <john@jkemp.net>
- Date: Fri, 22 Aug 2014 17:06:27 -0400
- To: Chris Palmer <palmer@google.com>
- CC: Jeffrey Yasskin <jyasskin@google.com>, Adam Langley <agl@google.com>, Eduardo' Vela <evn@google.com>, Mark Watson <watsonm@netflix.com>, Jim Manico <jim.manico@owasp.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
HI Chris, On 08/22/2014 04:31 PM, Chris Palmer wrote: > On Fri, Aug 22, 2014 at 12:44 PM, John Kemp <john@jkemp.net> wrote: > >> What can a browser tell you >> about an essentially unknown web server? > > It can tell you whether or not the server's cryptographic identity was > vouched-for in public by a known trusted third party. (Certificate > Transparency.) It can tell you whether or not the identity is > computationally infeasible to forge. (Run-time checks on the > negotiated cryptographic parameters and the key material.) It can tell > you whether or not the identity is in a small set of > previously-known-good key <-> DNS name mappings. (Key pinning, > including pre-loaded key pinning.) It can tell you whether or not the > server refers to resources and code that are also authenticated. > (Mixed-mode content checking.) > > If that's not good enough for you, well, I'm sorry. It's the state of > the art in 2014. If you have some ideas to advance the state of the > art, we'd all love to hear them. > > If your point is that the state of the art will never be good enough > to satisfy you, then I'll stop responding. I'm not interested in > security nihilism. Heh :) But seriously, characterizing the argument this way minimizes both your achievements, and my argument. The technology has certainly improved. And the problem is a hard one. But I am not a "security nihilist", and my argument shouldn't be seen that way. I simply think access to web platform features should not be limited to those servers who have paid some (pretty small) amount of money to someone else the user doesn't actually know to vouch for them that they should have the user's trust in these matters using a technology (with all due respect to your work, and others) that _outside of additional non-technical context_ does not provide enough of a guarantee of secure mutual authentication. Reasonable people can still disagree with you without being nihilists. Regards, - johnk
Received on Friday, 22 August 2014 21:07:03 UTC