Hacker News new | ask | show | jobs
by e12e 4004 days ago
But there are different degrees of paranoia. I'm fine(ish) with trusting Microsoft to sign drivers, updates and applications.

I'm also fine with them signing for outlook.com, microsoft.com etc.

I'm not fine with them signing for wikileaks -- but I also am not really worried about that. I'm worried that some fly-by-night CA will loose their keys, get hacked, etc. So I don't want any more than a minimum of CAs on my system, and I'd like to approve them on a domain-by-domain basis.

Even with good UX, that'd bee way more hassle than most people want -- I know that. But it would've been nice to have a sane option for it.

And also some special control over updates/upgrades to the CA-cert store.

In short, I trust Microsoft to write software, I don't trust them to delegate trust, because they're trapped in the CA racket.
1 comments
jsprogrammer 4004 days ago
How can you trust wikileaks on a non-MS CA if you are viewing wikileaks on MS software?

CA protects nothing from the underlying application, operating system, and device drivers.

link
e12e 4004 days ago
I trust MS software. I don't trust MS to select which CA to trust. Sure, MS could backdoor my os/browser. I don't think that's very likely.

If MS force me to trust, say 800 CA certs, and all of them can mitm wikileaks, the likelihood that one of them could be penetrated by a hacker or a state actor is much higher.

Sure, it's not "absolute security", but nothing is.

There are different concept that one trusts, or not trust:

The os, drivers, bios, hardware. I generally trust that. It may be naive, but I do. However, even if I'm right in trusting that, that doesn't matter if I can't trust all the CAs. Not just from the point of malicious actions by the CAs, but from incompetence by them.

link
im3w1l 4004 days ago
The sensible assumption is that os, browser, drivers, bios, hardware; everything is backdoored. But, and it's a very important but... But, they wont use those backdoors on you. Because everytime they use the backdoors they risk detection, and you are not a sufficiently high value target. The guy looking at your case is not cleared to know about them.
link
e12e 4003 days ago
No, the paranoid assumption is that everything is backdoored. The reasonable assumption is that everything is flawed, and that for some of those flaws, certain groups have exploits.

It's bordering on crazy to assume that Microsoft has backdoored all of windows on the behest of the shadow intelligence monster ruling our world from behind the curtain.

While some have found many of the NSA revelations shocking, there's really been only a handful of new things: audacity, and a surprising (but small) violation of the NSA mission (to keep USA safe).

The former comes down to crudely monitoring elected officials from allied countries, the second the assumption that NSA might have intentionally weakened crypto (and by so doing hurt the US, and the US Military, US companies). Many veterans from the cryptowars of the 90s were surprised by that.

Now, just because a spy agency is good at its job, doesn't mean that no-one else is. I have little love for MS, Intel, AMD (actually I do love AMD. Who doesn't love an underdog? ;-) -- but I very much doubt they are complicit in some kind of grand Clipper chip scheme. They all want to sell to both the US, Chinese and Russian military, for one -- you can't do that if the equipment/software is useless.

Now, Siemens (and perhaps MS) might have helped the US with the operation against Iran. That's nice and patriotic, and probably paid well (if not in money, with contacts, further government contracts etc). That doesn't mean Siemens intentionally sabotaged the development of the stuff they sold Iran -- it just means Siemens is as incompetent and rushed as the rest of the tech industry. It's not quite the same as being malicious. Well, not the same as doing "malicious engineering/product development".

Did the US Navy sabotage Tor? Unlikely. If they did, it was masterful subterfuge. If the "great conspiracy" can't get it's act together in sabotaging the armoured humvee's they've left to an actual enemy [1,2] -- do we really think they manage to organize around the long game of deploying secure, hidden backdoors in windows, years ahead of their use?

No, I don't think windows have hidden backdoors. It might have more security holes than a swiss cheese, and I generally run GNU/Debian anyway.

I'm open to being completely wrong though. Show me that a typical mainboard+ram+cpu combination is open to a hidden, intentional (even if masqueraded as accidental) backdoor, and I stand corrected.

In the mean time, lets just try and make stuff that works half-way the way we intend it to, and that includes the whole system. In this particular case, it means that we throw out CAs that we have no reason to trust (that reason being a) we don't need them, they don't currently certify anything we need to trust b) They're incompetent, c) they're hostile (eg: foreign government front/owned) -- and we reduce our attack surface.

Add a meaningful capability system "NORID can only sign .no-domains", pinning and some other stuff to reduce the scope of CA power (now everyone is critical, because if someone has any one key, they can mitm everything. That's just nuts).

Basically, I think the NSA is mostly a bunch of useless muppets, and I don't see why we should keep making their job easy. Especially as I'm in Norway, and so, while technically in an allied state, we've seen that that means fuck all. I'm not part of the scandal in the US, I'm not a US citizen. It's part of the above-board, initial brief of the NSA that they're right to try and steal all my data. And that hasn't changed.

[1] http://www.lobelog.com/down-the-iraqi-rabbit-hole-again/

[2] http://www.businessinsider.com/isis-turning-us-humvees-into-...

link