<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I suspect that the answer is “almost everybody”.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The related question would also he “how many people review their installed root certificates after windows updates?” and the answer to that is probably “almost nobody”.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>And it wouldn’t necessarily have helped at various times if you did – XP at one point had as default a feature that automatically and silently reinstated them. [ <a href="http://www.proper.com/root-cert-problem/">http://www.proper.com/root-cert-problem/</a> ]<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>D.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> ukcrypto-bounces@chiark.greenend.org.uk [mailto:ukcrypto-bounces@chiark.greenend.org.uk] <b>On Behalf Of </b>Mark Lomas<br><b>Sent:</b> 23 March 2011 9:05 PM<br><b>To:</b> UK Cryptography Policy Discussion Group<br><b>Subject:</b> Re: nationwide interception of Facebook & webmail login credentialsin Tunisia<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>This story reminds me of something I said in January (and in about 2000):<o:p></o:p></p><div><p class=MsoNormal><a href="http://www.theregister.co.uk/2011/03/23/gmail_microsoft_web_credential_forgeries/">http://www.theregister.co.uk/2011/03/23/gmail_microsoft_web_credential_forgeries/</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal> Mark<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On 26 January 2011 09:18, Mark Lomas <<a href="mailto:ukcrypto@absent-minded.com">ukcrypto@absent-minded.com</a>> wrote:<o:p></o:p></p><p class=MsoNormal>Some years ago (probably in 2000) I persuaded a major bank to remove the majority of CA certificates from the key store of the browser they had deployed.<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>The IT department regarded the change as a nuisance, but the Legal department understood the problem as soon as I showed them the list of CAs.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>May I conduct an informal survey? Who on this mailing list has not removed any of the CA certificates that were pre-installed by whoever supplied your browser?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='color:#888888'> Mark<o:p></o:p></span></p></div><div><div><div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On 25 January 2011 20:24, Ian Batten <<a href="mailto:igb@batten.eu.org" target="_blank">igb@batten.eu.org</a>> wrote:<o:p></o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'><br>On 25 Jan 2011, at 16:18, Passive PROFITS wrote:<br><br>> That would not deal with the falsifying of certificates. Assuming the code-base of this is not intentional corrupt, the addition of an extension such as certpatrol is also required (a firefox extension), to notify one when the SSL cert swap by the government/ISP (using the browser accepted as 'true' passported C.A.(s) under their control) has taken place (a MiTM is in progress notification function). The other known way would be manual/local (each time) inspection of the cert fingerprint(s). e.g. you note Facebook's fingerprint then check each time it's got the same 'print. Then (once under notice the hack is under progress) you could retreat, or start playing your own pre-planned counter-measures ... depending on the peril of the situation, tactics, etc, call the government, depending on the nature of your business, etc.<o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'>There's been some recent, if un-startling, discussion of this: <a href="http://www.freedom-to-tinker.com/blog/sroosa/flawed-legal-architecture-certificate-authority-trust-model" target="_blank">http://www.freedom-to-tinker.com/blog/sroosa/flawed-legal-architecture-certificate-authority-trust-model</a><br><br>I suspect that once you have more than a handful of CAs, it's for practical purposes impossible to get any meaningful assurance that they are all legitimate. If CAs delegate their authority, it's difficult to even know that certificates whose chain of trust goes back to a CA you trust was actually issued by that CA. And for as long as any CA can issue a certificate in any name, any domain can be subverted by any one of the CAs.<br><br>Which means that certificates are as weak as the weakest CA you trust, unless that CA in turn trusts a yet weaker CA.<br><br>I've not looked at this in detail (perhaps I should) but I think it's possible in most browsers to trust _no_ CAs and yet trust individual certificates, which might have the required semantics: when a certificate is encountered, you check it (by whatever out of band mechanism you deem appropriate) and then add it to your certificate store, but you do not add its certifying keys.<br><span style='color:#888888'><br>ian<br><br></span><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></div></div></div><p class=MsoNormal><o:p> </o:p></p></div></div></div></body></html>