[Gpg4win-devel] Strength of X509 (Re: Sicherheit der Downloads von der Website http://www.gpg4win.de/ )

Thu Apr 22 08:56:34 CEST 2010

Am Dienstag, 20. April 2010 14:03:04 schrieb Marcus Brinkmann:
> 4) The web of trust based on OpenPGP is much more reliable and resilient
> than X.509 certificates and certificate authorities.

I doubt that statement holds for the average case, though I agree with your 
general assessment that the strength https is weak in the average use case
and it would not add a lot to our security. (I came to the same conclusion in 
my post that I did write without seeing Werner's reply.)

> You say you need 4 eyes to trust an OpenPGP signature by Werner Koch, but
> you are willing to trust signatures made by CAcert?  Makes no sense to me.

I agree that Werner Koch's OpenPGP key provides the stronger authentification 
and trust level here.

>  You are probably underestimating the strength of OpenPGP and
> overestimating the strength of X.509 certificates for HTTPS.
>
> Even more bluntly: HTTPS is a *joke*. [1]
>
> 5) In response to Bernhard, who said that we will sign the exe file:  In
> the light of how broken HTTPS is, I would be extremely reluctant to assign
> any security value to signed exe files.
>
> Chance is that the implementation is as buggy as for web browsers, and of
> course all criticism of the public CA system apply here as well.  I
> consider signing exe files a usability measure, not a security measure (it
> get rids of a warning).

You are right in that we will sign it because of the usability problem the 
current warning gives us.

In the general case, if the operating system has a general x509 certificate 
store which is well maintained by an administrator, I believe this can turn 
into a more security and an easier solution for users. For the x509 
certificates used by S/MIME we can do so. I have seen applications where 
https was only allowed by client certificates coming out of a few selected 
certificiates authorities. Overall I believe this beats OpenPGP, because most 
users really have a hard time to evaluate the trust situation with OpenPGP 
and for many use cases they will not be able to find a trust chain within a 
reasonable time frame. Also OpenPGP implementations are not as good on 
checking the current validity like getting uptodate information if a 
certificate is revoked.

> [1] This deserves an explanation.  If you think that X.509 certificates
> provide a value for HTTPS, then please answer a simple question for me:
> When is a X.509 certificate valid for a given domain?  See the SSL attacks
> by Dan Kaminsky and Moxie Marlinspike from last year for details.

You accept the certificate if you have unbroken implementations on ca and 
browser level and successfully getting current revokation information that 
indicated that the certificate chain is in good order. 
To my knowledge the researchers you mention have mainly discovered 
implementation and maintenance flaws. Both type of flaws will be there with 
OpenPGP or any other system as well. Maybe PKI just attracts more research
to unveil them. So the main criticism to X509 probably is that it is not 
simple enough to be easily implemented.  I am no real expert, though.

Bernhard

-- 
Managing Director - Owner: www.intevation.net       (Free Software Company)
Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2620 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20100422/8c587b3a/smime.bin