RE: [TLS] Record layer corner cases

[pgut001 at cs.auckland.ac.nz (Peter Gutmann)]

Peter Williams <home_pw at msn.com> writes:

>Netscape's browser team did have access to, but never applied, the results of
>a DARPA project that locally constructed trust paths according to various
>metrics concerning the "bestness" of paths through a semi-organized
>certification mesh, built from certs obtained from any source, and qualified
>for storage in a local MIB (close to MSFT trust stores, today). 

That's because using the strict hierarchical X.509 with a spaghetti PKI
requires solving NP-complete graph theory problems, which (AFAIK) only the USG
is currently attempting to do (I went to a scary talk some years ago where
someone was talking about their spaghetti PKI experience and mentioned that
their path construction algorithm ran for three days without terminating,
whereupon they had to kill the process.  Instead of taking this as some sort
of hint, they simply continued with another approach.  It was almost surreal,
like watching a bunch of people talking about their different approaches to
building perpetual-motion machines).

>The https industry enforcement practice followed what Netscape did,
>minimally, with whatever time was left in the schedule for parsing and
>handling certs, after doing SSL: let the local trust store dominate the trust
>information signaled by the authentication peer. 

Given that the (obvious with 20/20 hindsight) failures in the browser security
model that we're now seeing have very little to do with certs, this approach
wasn't so bad in the long run.

(This may now be officially off-topic for ietf-tls :-).  security-usability is
probably a better list for this).

Peter.

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls