back to article Mozilla devs discuss ditching Dutch CA, because cryptowars

Concerns at the effect of The Netherlands' new security laws could result in the country's certificate authority being pulled from Mozilla's trust list. The nation's Information and Security Services Act will come into force in January 2018. The law includes metadata retention powers similar to those enacted in other countries …

  1. chuckufarley

    I was going to...

    ...write a witty comment here but they already know what I was going to say.

    1. David Roberts Silver badge

      Re: I was going to...

      Very cryptic.

    2. Forget It
      Big Brother

      Re: I was going to...

      Till I have the possession of everything she touches

      Till I step on the brakes to get out of her clutches

      Till I speak double dutch to a real double duchess…

      New Amsterdam, Elvis C.

  2. Anonymous Coward
    Anonymous Coward

    Isn't it about time...

    ... that national CAs were only authorized to sign certificates for their own national TLD ?

    1. G2

      Re: Isn't it about time...

      and they probably will do for *.google.nl, *.blogspot.nl, *.yahoo.nl.

      in fact, they will probably just skip to forcing PKIOverheid to issue them *.nl certificate(s) for MITM.

    2. K Silver badge
      Facepalm

      Re: Isn't it about time...

      That's a step backwards, the ideal of the internet were meant to be information with out borders.

      Besides, you'd just get some slimey backroom deal, with most of the EU, US, Japan and AU sharing their roots.

      I'm sure there's a good backdoor rooting joke in here somewhere.

      1. boltar Silver badge

        Re: Isn't it about time...

        "That's a step backwards, the ideal of the internet were meant to be information with out borders."

        Reality has this annoying habit of disappointing idealists.

    3. PyLETS

      Re: Isn't it about time...

      "national CAs were only authorized to sign certificates for their own national TLD" . That's called DNSSEC. See also RFC7671, otherwise known as DNS Authentication of Named Entities (DANE).

  3. Dan 55 Silver badge

    It's probably best to have state-backed certificates

    That was you can enable and disable them when you want.

    The alternative is some deal with a large commercial provider behind closed doors.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's probably best to have state-backed certificates

      Let us assume they're both equally corrupt, wouldn't that just open up corruption to even more players (ie. _ANY_ person/company that "funds" state politicians). But it doess fit the rule of government spending: Why buy one when you can have two at twice the price.

    2. alberto.it

      Re: It's probably best to have state-backed certificates

      Hey, I agree with both of your statements!

      - The meaning of what you wanted to tell...

      - The Freudian slip in what you actually say

      Nice one!

      ("way" and "was")

  4. Anonymous Coward
    Megaphone

    Advancing our civilization into less a democratic state...

    This law, in Dutch nicknamed the "sleepwet" (sleep = drag, wet = law, so the "dragging law" somewhat), has already triggered a protest in which several organizations filed a petition for a referendum. Probably not much to anyone's surprise the referendum easily reached the required thresholds and we're looking forward to a referendum in the making. Unfortunately not a binding referendum but only an advisory one.

    But during these times you really get to experience democracy at its finest. Because some of our politicians are already discussing the possibility to remove the right to petition for a referendum. Because it's obviously such a drag for our politicians to actually get confronted with the real opinion of its civilians.

    You can say about Russia what you want but at least they didn't try to uphold a facade by calling their country a democracy but kept calling it communism. Over here we're supposed to have a democracy, but every time the civilians call out for that they more than often get stonewalled. And maybe worse in the future.

    Such a wonderful world...

    1. Anonymous Coward
      Anonymous Coward

      Re: Advancing our civilization into less a democratic state...

      > Unfortunately not a binding referendum but only an advisory one.

      Be wary. The Brexit referendum was supposed to only be an advisory one too.

      In the wrong hands, it can be made into "a clear public mandate" against the actual public interest.

      1. Anonymous Coward
        Anonymous Coward

        Re: Advancing our civilization into less a democratic state...

        The public stated that more of us want to leave the EU than stay in it. Calling it an "advisory result" or "a mandate" is splitting hairs. Simply put, the people were asked a question and they answered. At that point you get to either do what the people said, or ignore them. Calling it "advisory" is just a way of saying that it would have been ok to ignore the will of the people, because you know, it was only advisory.

        1. Anonymous Coward
          Anonymous Coward

          Re: Advancing our civilization into less a democratic state...

          " Calling it "advisory" is just a way of saying that it would have been ok to ignore the will of the people, because you know, it was only advisory."

          Well, due the the voting structure in the UK, who people vote for often has no relevance to who gets into power.

        2. Dan 55 Silver badge

          Re: Advancing our civilization into less a democratic state...

          The will of 37% of the electorate should be advisory to future government policy but shouldn't be able to drive the country off a cliff.

          1. boltar Silver badge

            Re: Advancing our civilization into less a democratic state...

            "The will of 37% of the electorate should be advisory to future government policy but shouldn't be able to drive the country off a cliff."

            It was more than who voted against and the ones who didn't vote obviously didn't give a damn , so chucking 37% around as if its a minority opinion is disingenuous at best.

            1. Dan 55 Silver badge

              Re: Advancing our civilization into less a democratic state...

              Government is supposed to be for everybody. If it's only carrying out one policy to keep what 37% of the country wanted on referendum day happy it won't last very long.

              I notice you took no issue with the "drive the country off a cliff" bit.

              1. boltar Silver badge

                Re: Advancing our civilization into less a democratic state...

                "Government is supposed to be for everybody. If it's only carrying out one policy to keep what 37% of the country wanted on referendum day happy it won't last very long."

                Government goes on majority and if the number of opinions in question is more than 2 then a majority opinion may be less than 50%. This is basic maths, obviously something you have a problem with.

                "I notice you took no issue with the "drive the country off a cliff" bit."

                Because its nothing more than your opinion. State some facts and I'll discuss them.

              2. Kiwi Silver badge
                FAIL

                Re: Advancing our civilization into less a democratic state...

                If it's only carrying out one policy to keep what 37% of the country wanted on referendum day happy it won't last very long.

                So what you're saying is you shouldn't change the government at electrion, because if say 49.99% of the population vote for the opposition, 0.01% vote for the encumbants, and 50% don't vote then the government cannot chance because the opposition "didn't get a clear majority",

                And yes, that is exactly what you're saying. You cannot assume that of those who couldn't care enough to vote, enough would've voted "stay" to have changed the outcome. More likely the numbers (% voting for vs % voting against) would've still been largely the same.

                Governments are supposed to go the way the majority of the people want (and as someone from the "wrong side of the tracks" I'm glad they sometimes don't!), but often the only clear way for them to find out about that is via a referendum. Sure you can visit your MPs and express your views, but you might find your "no" is getting drowned out by someone who can hire 100 people to loudly demand "yes".

                A referendum was held, the majorty of those who could be bothered voting said "leave". The government acted in accordance with democratic practice, good or bad. If you wanted a different outcome you should've made more effort to educate your fellows and get them in to vote. Know anyone who wanted to vote "stay" but who couldn't get to a polling booth (or couldn't figure out a postal vote or whatever other options you have), or who thought their vote wouldn't count, or any of the other reasons/excuses people give for not voting? Did you help them to vote, or give them good reason to vote? If yes, good on you and at least you tried. If not, the loss is on your hands.

                (and yes, I did apply this to myself a few weeks back - and for the months leading up to our recent election - I almost got what I want and while not the clear victory I hoped for, a victory none-the-less (hopefully!)

            2. Anonymous Coward
              Anonymous Coward

              Re: Advancing our civilization into less a democratic state...

              "the ones who didn't vote obviously didn't give a damn"

              Maybe they were fooled by the claim that it was only "advisory".

              1. Kiwi Silver badge

                Re: Advancing our civilization into less a democratic state...

                "the ones who didn't vote obviously didn't give a damn"

                Maybe they were fooled by the claim that it was only "advisory".

                Then they should've gone out, voted, and advised the government on what their desire was.

                Simples, no?

          2. SImon Hobson Silver badge

            Re: Advancing our civilization into less a democratic state...

            The will of 37% of the electorate should be ...

            So you are arguing instead that the 34.7% who voted to remain should have a larger say ? Ie, the classic argument by the losing side that the 27.8% who didn't vote would all actually have voted for the losing side. Put another way, sore losers are usually quick to abuse any stats they can to try and "prove" that they have been wronged.

            It's more valid to suggest that those who didn't vote didn't care enough to express an opinion, or were simply happy to go with the majority result. Thus, up to 65.3% of the electorate wanted to leave - but not all of them got out and voted.

            But since no-one can accurately know the opinions of all those who didn't express it, we have the tried and tested method of looking at the opinions of those who did - the highest turnout for an election/referendum in living history IIRC. Of those that did vote, a very clear majority wanted to leave.

            If you have any complaint, and believe that the result should have been different with those missing votes - then your complaint should be against those who didn't get out and vote the way you wanted.

            1. Dan 55 Silver badge

              Re: Advancing our civilization into less a democratic state...

              If you have any complaint, and believe that the result should have been different with those missing votes - then your complaint should be against those who didn't get out and vote the way you wanted.

              No, my complaint is against the government. The referendum is advisory (legally, there's no way around that, it was stated in the Act and the HoC library, and backed up by the courts), and it's wrong for the government to take the actions which affect the future of the whole country basted on only 37% of the electorate.

              Government goes on majority and if the number of opinions in question is more than 2 then a majority opinion may be less than 50%. This is basic maths, obviously something you have a problem with.

              Most referendums which change the direction of an entire country require a supermajority and/or a minimum number of participants to stop this kind of incessant argument which has been going on for 16 months.

              1. boltar Silver badge

                Re: Advancing our civilization into less a democratic state...

                "The referendum is advisory (legally, there's no way around that, it was stated in the Act and the HoC library, and backed up by the courts),"

                Ah, the favourite word of the remoaner - "advisory". Yes , it was advisory and then there was then a vote in parliament that made the result mandatory. Which part of all that don't you grasp?

                Plus I bet you wouldn't be complaining about the government keeping us IN the EU if the vote had gone the other way would you? No, of course you wouldn't.

                I'll tell you something for free - you remoaners are just scared of change but you dress your opinions up as some considered economic or social argument to disguise the fact that you're pissing your pants in fear. The phrase "sore loser" doesn't even come close to doing you people justice. Whining pathetic twats who are scared to take risks would be much closer to the truth. Generation Snowflake at its finest.

                1. Dan 55 Silver badge

                  Re: Advancing our civilization into less a democratic state...

                  At the top:

                  State some facts and I'll discuss them.

                  Then we come to the discussion at the post above...

                  Well that was disappointing and expected. If the guy in charge of Vote Leave says it's going to be a disaster, all that are going to be left are the Brexit Taliban.

                2. HieronymusBloggs Silver badge

                  Re: Advancing our civilization into less a democratic state...

                  "...Whining pathetic twats...etc."

                  Have you ever considered a career in the diplomatic service?

              2. Kiwi Silver badge

                Re: Advancing our civilization into less a democratic state...

                Most referendums which change the direction of an entire country require a supermajority and/or a minimum number of participants

                [citation needed]

                (Seriously, I would love to see any reasonable reference to that (ie an opinion piece in the Mail won't count, but a reference to a couple of government's law sites that show this would be fine. I don't expect you to prove "most", I'm happy with a few countries having it codified into law that such an idea could exist - and yes I'll even allow places such as North Korea! (though getting a Nork "government online" site may be a bit of a challenge :) )

                1. Tom -1

                  Re: Advancing our civilization into less a democratic state...

                  Kiwi, you clearly don't know teh history or referenda in the UK in the 20th century.

                  Back when there was debate about devolution to Wales and to Scotland a number of eferenda were held. The laws enabling the referenda in the 1970s said explicitly that if fewer than 40% of eligible voters voted for change from the status quo, there would be no change. In the 1979 Scottish devolution referendum the devolve side took 52% of the vote, but as few meant fewer that 40% of the eligible votes were for devolve, devolution didn't happen. Those of us who were in favour of devollution didn't go round claiming that the government was denying the will of the people, we accepted it as just common sense that fewer than 40% didn't indicate a general desire in favour of what would be a fairly big change in the status quo. In 1997 a further Scottish devolution referendum was held, again a majority in favour and this time 45% of eligible voters (nearly 75% of actual voters) voted yes, resulting in the Scotland Act 1988 which set up a Scottish Parliament with substantial devolved powers. The Welsh referendum in the 1970s voted heavily against devolution, but in 1997 the Welsh voted in favour of limited devolution, and in another referendum in 2011 the Welsh voted in favour of increased powers for their devolved government.

                  1. Kiwi Silver badge
                    Pint

                    Re: Advancing our civilization into less a democratic state...

                    Kiwi, you clearly don't know teh history or referenda in the UK in the 20th century.

                    Back when there was debate about devolution to Wales and to Scotland a number of eferenda were held. The laws enabling the referenda in the 1970s said explicitly that if fewer than 40% of eligible voters voted for change from the status quo, there would be no change.

                    Correct. Back in '79 I was in my first full calender year in primary school.

                    Were such minimums written into the brexit laws? Maybe they should've been, but they weren't.

                    we accepted it as just common sense

                    Common sense isn't always that sensible. It's what said shellshocked soldiers should be executed, it's what said Aboriginals are a subhuman species, gays are a disease, men have the right to beat their wives, slavery is good for the economy, and so many other wonderful pieces of history. I'm not saying you're wrong, just that when I hear someone use the term to justify something I remember what it has justified in the past.

          3. Kiwi Silver badge

            Re: Advancing our civilization into less a democratic state...

            The will of 37% of the electorate should be advisory to future government policy but shouldn't be able to drive the country off a cliff.

            Also shows those who didn't vote clearly did not want to vote "stay" strongly enough to get off their arses and vote.

            Of those who voted, what were the numbers - for or against? That's your answer to what should be done, as that is how democracy is supposed to work.

            If you live in the UK you have 3 choices. 1) leave. 2) stay and make it work for you and yours, hard as that may be. Or 3, whine like a little girl.

            If those on the "stay" side had put as much effort into encouraging people to vote their way as they do into crying about the result, maybe they would've gotten their way. Instead so many of them throw tantrums after the fact.

            And yes, if it had gone the other way and it was the other side crying into their panties, I'd be saying much the same. I don't know if staying or leaving would be better for the UK, but as someone outside the UK I can say while I want what is best for the UK, I also feel the EU would be somewhat better with UK still involved. Now I just hope you get what is best for you.

        3. Tom -1

          Re: Advancing our civilization into less a democratic state...

          37% of eligible voters were in favour of Brexit. 35% were against it. 28% didn't vote. So we have no idea at all whether more people were for it or against it. Now we have a bunch of extremists insisting that we get out of the EU in as painful and damaging a way as possible and that any attempt to some to a sensible deal over the customs union and frontier controls is a denial of what people voted for - but the referendum didn't ask whether that sort of economically and socially disastrous sort of exit was wanted, and probably if it had asked that the answer would have been a resounding NO.

          Back in the late 70s we had a Scottish deveolution referendum in which it was an explicit requirement that at the votes of at least 40% of those eligible to vote would be required to vote for a change for there to be any, and that seemed to be a common sense rule. I was in favour of change then, as were the majority of those who actually voted, but fewer that 40% of eligible voters voted for change so we didn't get the change, and no-one then claimed that he will of the people was being denied, perhaps because people in those days had rather more common sense than the anonymous coward to whom I'm replying.

          1. Kiwi Silver badge

            Re: Advancing our civilization into less a democratic state...

            37% of eligible voters were in favour of Brexit. 35% were against it. 28% didn't vote. So we have no idea at all whether more people were for it or against it.

            A slim majority of those who voted - true. But a majority of those who voted say to leave. The government acted on that. That is how democracy works. If you'd had an election and you had 49.8% of the seats go to one party and 49.800001% go to the other party, the other party would win (under FPP).

            The 28% who didn't vote are irrelevant as you have no way of measuring their will. IIRC a number of the polls before the referendum actually claimed that a higher % were in favour of leaving, so if that's the case then you have an indication that their desire was to leave. ICBW.

            Now we have a bunch of extremists insisting that we get out of the EU in as painful and damaging a way as possible and that any attempt to some to a sensible deal over the customs union and frontier controls is a denial of what people voted for

            It could be interpreted by some (rightly or reading-into-it-what-they-want-only wrongly) that the vote to leave was a kind of "we hate the rest of Europe and want OUT!" statement. It is even a correct statement to make in some cases, and that is what these people may be on about.

            It could also be said that they believe the quickest possible exit is the best thing for the UK economically and politically (eg they buy into the "350mill/week for the NHS" stuff), and that's what they're acting on.

            If you disagree, then do what you can to get the other side heard. Make your views known to your local MP. Don't appear as a homeless conspiracy theorist with extra mouthy frothiness (even if you are one!), give the best presentation you can. You may not change much, but if 100,000 of you speak up (rather than giving the rubbish excuse of "they won't listen") they might listen. Your MP may even want to say "My constituents want..." but is waiting for even just one to come forward and make that request. You could be the difference.

            And if you have done that, then thanks for caring about your community and country enough to act.

            Back in the late 70s we had a Scottish deveolution referendum in which it was an explicit requirement that at the votes of at least 40% of those eligible to vote would be required to vote for a change for there to be any, and that seemed to be a common sense rule.

            I'm not entirely comfortable with minimal numbers (and I have seen some saying it should be a 75% minimum), but at least at 40% it appears to be encouraging stronger voter turnout.

            (I own a tiny % of a Shetland pony that's not in the race, not even in the same county, but whose owner has a 50p bet on a horse that's running - but I still want what's best for the UK. If a quick exit cutting as many ties to the EC is what is best then that's what I want. Likewise, if a drawn out 5 year exit strategy is best, then that's what I want.)

      2. Anonymous Coward
        Anonymous Coward

        Never do this

        The Dutch recently had another advisory referendum (on the Ukrainian matter). The referendum result was "No". The Dutch government went ahead and just ignored that. Doesn't bode well...

        Anyways, kudos to Mozilla for this move. Wish Microsoft and Google will follow suit, but I know it won't happen. They profit too much from the Dutch tax system to jeopardize that.

        The invisible hand of the market is too deep in the government money pocket.

      3. julian_n

        Re: Advancing our civilization into less a democratic state...

        Read the Conservative manifesto 2015 - nothing advisory about it.

        1. Dan 55 Silver badge

          Re: Advancing our civilization into less a democratic state...

          The Conservative manifesto doesn't matter (did they actually specify what kind of referendum it was going to be?), what matters is the EU Referendum Act 2015 and that did not make it legally binding.

    2. boltar Silver badge

      Re: Advancing our civilization into less a democratic state...

      "Because it's obviously such a drag for our politicians to actually get confronted with the real opinion of its civilians."

      For opinions of its civilians I assume you mean the opinions of Millennials who make a lot of noise about everything they don't like on social media and expect the rest of the population to agree with them?

    3. Daniel von Asmuth Bronze badge
      Go

      Re: Advancing our civilization into less a democratic state...

      What You Deserve Is What You Get.

      (The ruling Christian Democratic Alliance has already said that they will ignore the result of the March referendum, like Madrid ignores Catalonia's independence referendum).

    4. Nattrash

      Re: Advancing our civilization into less a democratic state...

      @ ShelLuser

      >Because some of our politicians are already discussing the possibility to remove the right to petition for a referendum.

      Indeed. I visited your country this week, and caught a rather remarkable quote on your local daily newsnight program (called News Uur?). There, one of the commentators stated, that there was only one country that first implemented the possibility to call for a referendum, and then later amputated its citizens rights by abolishing it.

      This was the DDR...

  5. This post has been deleted by its author

  6. Anonymous Coward
    Anonymous Coward

    I used to be proud of my passport..

    .. but it has been going downhill for quite a few years decades now. Idiotic right wingers and demagogues getting a seat in parliament where "behave normal, that's mad enough" is loosely translated what used to be the norm and national intelligence services having influence and access way beyond what should be permissible in a normal democratic society.

    What makes it worse it that it has not altered the position of the Netherlands as one of the main hubs for Internet crime, which suggests those arguments are merely excuses. Get local spam? If it has a number to call, it tends to be a Dutch cell (+31 6 ..). Trace down scams and spams? Well, if they're in the "developed" world (I used this word advisedly), chances are they're hosted in the Netherlands (there are also some small UK outfits in this game) - none of these so called "intelligence" service special privileges appears to be able to make a dent in them ..

    .. unless they are their main customers.

    Thank God for Kaspersky then.

  7. Anonymous Coward
    Anonymous Coward

    What's the point

    What exactly do people think that The Netherlands will be able to do with these new powers that dropping their CA will help with? It's not like they will suddenly get access to the private key part of any certificate that they sign. I mean, if the law makes it so that they can compel people to hand over the private key, then the CA used for signing is irrelevant.

    If the concern is that they will start creating fake certs for MITM purposes, then Certificate Transparency will solve that problem in April next year anyway. The browsers can just distrust whatever CT log they're publishing to. Any cert that they generate which isn't published to a CT log will not be trusted.

    The only thing they can really do is perform targeted attacks against machines to steal keys and once again, distrusting the CA does nothing to help against this.

    it seems like the only point to doing this would be to publicly shame them? In which case, why aren't we doing the same for all of the 5 eyes countries for a start?

    1. Rob D. Bronze badge

      Re: What's the point

      > In which case, why aren't we doing the same for all of the 5 eyes countries for a start?

      There's certainly an argument to be made that whatever The Netherlands might legislate for in the open, would be possible to do in the background under the guise of most 'national security' provisions of many countries.

  8. Frank Gerlach #2

    Let's Ditch TLS Alltogether

    TLS is

    -overly complex. Implementations take between 27k to 400k lines of code. Nobody bothered to seriously review OpenSSL for that reason for more than a decade.

    -security-wise wedded to the CAs. Several CAs have been hacked and bogus certificates issued.

    Here is my proposal for an alternative:

    https://github.com/DiplIngFrankGerlach/MST ("Minimal Secure Transport")

    MST is

    +small (less than 1k lines of code). Any competent security researcher can review the code, not just the concept

    +giving you all conceptual assurances TLS is giving you

    +only reliant on AES, no other ciphers/MACs

    +not using Public Key crypto. One potential weakness less.

    1. Dan 55 Silver badge

      Re: Let's Ditch TLS Alltogether

      But (I guess) this doesn't have any authentication though so it's not suitable for banks, payments, etc...

      1. Frank Gerlach #2

        MST Assurances

        Not correct, please refer to WhyMST.html, which states:

        <h1>Which Assurances Are Provided By MST ?</h1>

        Similar to SSL/TLS, MST assures that

        <list>

        <li>messages are obfuscated</li>

        <li>messages cannot be replayed by an attacker</li>

        <li>messages cannot be modified by an attacker</li>

        <li>messages cannot be constructed by an attacker</li>

        <li>identical messages do not encrypt to identical ciphertext</li>

        </list>

        MST contains an encrypted HMAC and an attacker will not be able to forge a message unless he is in possession of the AES key which encrypts the plaintext plus the HMAC. All bogus messages will be automatically discarded.

        1. Dan 55 Silver badge

          Re: MST Assurances

          I mean, it's an encrypted connection, but the client won't be clearly told in the URL bar if they're talking to hsbc.com (HSBC) or hbsc.com (Bank of Phish). There's nothing like Extended Validation.

          1. Frank Gerlach #2

            Re: MST Assurances /Authentication of Server

            A browser supporting MST would have a GUI where the user enters Name of Institution, server name plus key material. The source of that would be either a postal letter or a printout from the institutions branch office.

            That user supplied comment would then be displayed instead of the URL.

            1. Kiwi Silver badge

              Re: MST Assurances /Authentication of Server

              The source of that would be either a postal letter or a printout from the institutions branch office.

              Right.

              Because no one, and I mean no one would ever go through someone's mail and steal letters appearing to be from their banks!

              (and that's assuming your bank even does snailmail any more, many won't!)

              While I have you.. You say MST (pronounced "missed"?) doesn't do public key encryption and thus improves security as such.

              AIUI, when my browser talks HTTPS with a site, my browser sends it's public key to the site and they send their public key back, thus allowing the two to quickly establish a secure way to talk further.

              Without the exchange of public keys (and I understand in recent systems this is far from being cracked, hence (currently) very secure (assuming a proper implementation), how is a secure connection established?

              How long have you been doing encryption, and aside from MST what work of note have you done? No I'm not going to go check your site. You have a few moments here on El Reg to sell me, and anyone else reading, on your ideas.

              So. Convince us. At least convince me to take a further look into this. I may seem to be nothing of note today, but you never know where an inspiration particle will land tomorrow.

              And I am very much FOR improvements in security and efficiency (which comes first depends on the circumstances) - I wish you good luck and hope you do well if you have something worthwhile. I hope you find out sooner and move on to a better life if not. (not in the sense of death, more in the sense of leaving an abusive relationship)

              1. Frank Gerlach #2

                Re: MST Assurances /Authentication of Server

                1.) If you are paranoid about postal letter security, your scheme could involve picking up keys at the bank branch office, for example. The vast majority of mankind trusts quite a few financial and other secrets to the postal system, though.

                2.) I have been working on financial industry cryptography since the late 1990s and also then the problem was the implementations full of exploitable bugs.

                3.) Complex implementations and consequentially bugs are the big fat security hole which exists until the present day. Thats why I suggest to radically simplify things.

                4.) I refer your irrational arguments to the next toilet.

                1. Kiwi Silver badge
                  WTF?

                  Re: MST Assurances /Authentication of Server

                  1.) If you are paranoid about postal letter security, your scheme could involve picking up keys at the bank branch office, for example. The vast majority of mankind trusts quite a few financial and other secrets to the postal system, though.

                  Yeah, like no one ever commits identity fraud.

                  2.) I have been working on financial industry cryptography since the late 1990s and also then the problem was the implementations full of exploitable bugs.

                  I'm not going to call you a liar. I'll let your posts speak for you.

                  3.) Complex implementations and consequentially bugs are the big fat security hole which exists until the present day. Thats why I suggest to radically simplify things.

                  I like simplicity in security and the like, makes things easier. However, there is a level where things get too simple and you need other safeguards. A "please don't steal from us" sign is much simpler than a lock, and a lock is much simpler than an alarm, and an alarm is simpler than a safe, and a safe is simpler than a proper security system with perimeter guards, strong ID requirements, nuke-proof doors etc etc etc. But if you're protecting your grub in the fridge in the lunchroom a sign is about the best you can do and about all you need. If you're trying to protect your family and or other valuables though.

                  I can whip up a simple encryption scheme easily. It'll stop anyone lacking the level of skills and determination to bypass it. Get a skilled or determined hacker however.. That's why I'm not interested in "roll your own". I was in the early 90's when I was a lot more clueless and the world was a hell of a lot safer internet-wise, but now I'd rather leave encryption to a dedicated team, and let them make it as complex as they can. After all, the complex stuff is yet to be broken, whereas I am running entire solar systems through the holes in your plans!

                  4.) I refer your irrational arguments to the next toilet.

                  Riiight. Sure. You're the one saying "trust the postal service" and "no one ever commits ID fraud at a bank" and while we're at it "lets have a system that requires you to go to a physical location, prove your ID, and then collect new certificate data which you have to enter manually (and perfectly - how big are the keys you're talking about? Being keys they won't exactly be easy to read and easy to spellcheck!) each and every time the bank needs to revoke it's certification lists (oh sorry, you never thought of that did you despite all your years "working on financial industry cryptography"). Certificate revocations need to be able to be done quickly to keep things secure should a cert be compromised - but then you'd understand ALL about that right? Thought not. You say all this and yet claim I am being irrational?

                  Don't bother telling people to attack your arguments rather than you. You're an idiot and not worth listening to. Take some time to learn about security. Even someone as clueless as me can shoot planet-sized holes through your stuff without even bothering to look at a line of your code. Even a twit like me has destroyed the arguments you've presented here, and that's without even trying.

            2. Dan 55 Silver badge

              Re: MST Assurances /Authentication of Server

              But there's still the phishing problem. If the wrong server name is entered by accident and it leads to a phishing server, the false server will say, "yep, all that info you've given me is fine". And it can then act as a MITM.

              The most you can do is encrypt the connection, but not authenticate it.

              1. Frank Gerlach #2

                No

                "But there's still the phishing problem."

                No, I cannot see that, if we assume the key comes from a trusted source (e.g. from the Bank counter). The spammer cannot know proper symmetric keys from the bank which means he cannot access the bank systems. Symmetric ciphers are indeed stronger defense against MITM attacks.

    2. Anonymous Coward
      Anonymous Coward

      Re: Let's Ditch TLS Alltogether

      Downvote for snakeoil github repo, barely documented protocol, no cryptographic analysis, and the fact that it's useless in almost all practical applications (how are you going to exchange a shared secret with amazon.com ?)

      For a real "minimal" cryptosystem designed by a real cryptographer, please see NaCl.

      The only problem with DJB's work is that there's nothing which competes with it

      1. Frank Gerlach #2

        Sure, Mr Anonymous Coward

        MST is "snakeoil", but you do not dare to attach your name to this verdict. Again, attack my arguments, my design choices, the protocol, but please spare me your unfounded non-arguments.

        MST is designed to be efficient and as simple as possible. I am glad to answer any detailed, REAL questions which you can come up with.

        I could call NaCL "snakeoil", too. Without any arguments, just like you did with MST.

  9. Frank Gerlach #2

    About "Lawful Intercept"

    Instead of pursuing the Broken Approach of the Americans/NSA("backdoor the hell out of all operating systems"), I suggest the following approach:

    1.) Make a law which requires users to submit all their keys to National Police HQ (NPHQ).

    2.) To enforce the law, randomly check all users for compliance. If there exist encrypted transfers which cannot be deciphered from the NPHQ database, turn off all means of communication for this user except for voice phone and emergency calls. Enable after two months again,

    3.) Rinse, repeat.

    1. Fatman Silver badge
      FAIL

      Re: About "Lawful Intercept"

      <quote>

      1.) Make a law which requires users to submit all their keys to National Police HQ (NPHQ).

      </quote>

      With all due respect, are you out of your fucking mind???

      Should that database get hacked, then what???

      I strongly suggest that you rethink that suggestion.

    2. Anonymous Coward
      Anonymous Coward

      Re: About "Lawful Intercept"

      "Make a law which requires users to submit all their keys to National Police HQ (NPHQ)."

      And which government security service do you work for?

      1. Frank Gerlach #2

        Re: About "Lawful Intercept"

        Would it matter ? Please attack my arguments instead of me.

        1. Kiwi Silver badge

          Re: About "Lawful Intercept"

          Would it matter ? Please attack my arguments instead of me.

          Sure..

          1.) Make a law which requires users to submit all their keys to National Police HQ (NPHQ).

          Corrupt cops, lack of abilities of cops to keep systems secure (same for most government depts), corrupt civil employees within copshops, cops/civs+their families being targeted by crims/orgs wanting access (whether or not they can get such doesn't matter). How many ways is this a bad idea?

          Single failure - one bad implementation of any number of security protocols and the whole lot is stuffed. Snowden, Manning, those who've sent data to Assange - how many names in the last few years (let alone the thousands over the last decade, millions over the last century) - so many who've walked out of very secure places (some even facing a death penalty if caught - often facing instant execution without trial!) with very secure data.

          The cops have to keep out every hacker, every opportunist (look at the NZ Work and Income network failure from a few years back), every corrupt cop, every person who has their family threatened, everyone who wants to make an extra bit of cash by selling out - and they have to do this always. The attackers - of which there will be thousands, many internally, only have to succeed ONCE. Just one failure, and not only is the system compromised, but every citizen of a country that has such a law has to suffer through the pain of rebuilding their keys and online trust, the pain of the loss of money/jobs/businesses etc, and for far to many, the loss of loved ones as people (especially elderly or sick) see that their savings have been wiped, or someone else has the deed to their home (which was also their legacy), or their business has just gone under and have heart attacks/strokes etc from the shock, or simply take their own lives under the stress. Don't think it will happen? A breach like this could lead to stuff that would make the great depression look like a Christmas where the government announces all taxes are forever ended!

          2.) To enforce the law, randomly check all users for compliance. If there exist encrypted transfers which cannot be deciphered from the NPHQ database, turn off all means of communication for this user except for voice phone and emergency calls. Enable after two months again,

          Yeah, coz everyone reading this hasn't already come up with several ways in which both their private stuff will still be kept private and ways around the bans ("Hi mom, how are you. Hey while I'm here for dinner can I check my email? Thanks").

          Lemme see. I can put my hidden data on a microSD card. Do you know how small those things are? Do you know how easy they are to hide? Oh, we'll just make a law requiring they all be registered.. Well gee officer, I can't see that one anywhere. Have you got a few hours to help me look, I'm sure it's around here somewhere. Might've got stuck to my shoe though. Or maybe the dog swallowed it. Here's some gloves, his shit's all over the yard, make sure you do a thorough job. Besides, such a law would just open up a black market for unregistered storage devices.

          I live very close to a very large area of bush. Trivial for me to hide a few external drives should I desire. How many people are you going to assign to searching that for hidden treasures?

          As to traffic, NZ is very geographically isolated so it would be harder for me to set up a 2-way stream of data at reasonable speeds. I guess I could use something short-wave like, maybe with multiple transmitters and receivers to give extra channels and send the data in parallel chunks. Then again, maybe I'll be rich enough to get a fund under way for private satellite. Just has to be put into orbit high enough above the horizon but outside NZ's waters.

          Oh, and unless you have great patrols, getting other data into the country again would not be too hard. Any number of people willing to be paid to smuggle in small devices, and I hear you can get a couple of terabytes on a small external HDD now.

          So your #1 point places entire nations at risk of financial ruin, and your #2 wouldn't even be enforceable in the wildest dreams of the most fervent member of the Stasi at their best.

          I've attacked your arguments. Didn't take much I'm afraid. This stuff doesn't require a lot of thought to see how quickly it would fail. Please give it some more thought and try again. Hint - if a single failure would lead to a lot of misery, think more about how to stop that failure.

          1. Frank Gerlach #2

            Re: About "Lawful Intercept"

            Ok, let me try to explain this again:

            1.) Governments think they need to be able to look into all communications, because certain groups might use the telecom network to coordinate criminal activities up to and including armed action against other people.

            2.) The Status Quo is that governments obtain key material by means of covert hacking of "interesting" computers. The German government says so quite openly.Snowden documents also strongly hint towards this

            Governments make sure there will be exploitable bugs even in the latest OS versions.

            The downside of this is that all sorts of criminals can use the very same backdoors. And they do, to great loss of the affected banks and other corporations. Kaspersky reports of a bank in Ukraine which was completely penetrated. The SWIFT is also attacked daily, with some success on the side of the criminals.

            The largest ship operator, Maersk has recently been hacked with hundreds of millions of dollars in losses.

            A major American pharmaceutical company has been hit by a virus which shut down production of one of their drugs.

            British NHS is hit by attacks almost periodically with bad effects on their ability to treat patients.

            We do not need much imagination to see how much this hurts the real world economy.

            3.) To change the problem of 2.) I suggest laws mandating Key Escrow. I understand your concerns about a single, national electronic database of crypto keys. I do think it would be possible to create a system with acceptable risks by compartmentalizing the Key Store. There would be e.g. 10 departments handling/storing the keys sent in by postal letter. Each department would be responsible for a certain region of the nation. Initially, key letters would simply be stuffed into a locked paper file and only be scanned for law verification purposes. The key storage center would of course be tightly guarded like other high security facilities.

            1. Kiwi Silver badge
              FAIL

              Re: About "Lawful Intercept"

              There would be e.g. 10 departments handling/storing the keys sent in by postal letter.

              It just gets better and better with you doesn't it?

              I reckon you should apply for a job at Microsoft! Or maybe go and talk to Elmer FuddAmber Rudd! You clearly have the requisite skills to be a top security adviser with either!

              1. Frank Gerlach #2

                Re: About "Lawful Intercept"

                More irrational non-arguments...

                1. Kiwi Silver badge
                  Trollface

                  Re: About "Lawful Intercept"

                  More irrational non-arguments...

                  Well, if you were to stop posting the rest of us wouldn't have to read them from you.

                  And what was it about "attack the arguments, not the person" you were spouting off a wee while ago? Does that mean you cannot counter what was said?

    3. Kiwi Silver badge
      Facepalm

      Re: About "Lawful Intercept"

      1.) Make a law which requires users to submit all their keys to National Police HQ (NPHQ).

      Ah yes. The police are great at keeping things secure! We must trust them.

      Meanwhile, I'll continue thinking about ways to keep my data out of their hands come hell or high water unless I decide I wish them to have it.

      And if there are mandated keys, I'll make sure everyone I know has a few thousand new keys generated every could of hours, just to keep the government books busy.

      (This post could explain some of your other recent material - you're very much into sex with elongated yellow pieces of fruit, ie you're fucking bananas!)

  10. Frank Gerlach #2

    "are you out of your fucking mind"

    The status quo is that all major operating systems contain backdoors for the purpose of reading any possible key material. That is better ???

    1. Daniel von Asmuth Bronze badge

      Out-Of-Memory

      Frank Gerlach II wrote: "The status quo is that all major operating systems contain backdoors for the purpose of reading any possible key material."

      Do you have proof for your claim?

      1. Frank Gerlach #2

        Proof of Backdoors

        If you

        +carefully read the Snowden documents

        +carefully parse what the German minister of the interior says about "Bürgerschutz" and their strategy of obtaining key material ("Quellen-TK-Überwachung") using exploits

        +follow the CVE database for operating system bugs

        it is becoming quite obvious that NSA and friends (JCS, CC, whatnot) have backdoors for Linux, Solaris, MacOS and of course also Windows.

        See also https://de.wikipedia.org/wiki/Telekommunikations%C3%BCberwachung#Quellen-Telekommunikations.C3.BCberwachung

  11. ma1010 Silver badge
    Trollface

    Thank God we're in the USA...

    ...where, of course, the CIA/NSA/FBI (and my employer, too) would never do anything tricksy with certificates to try to break that encrypted chain of trust!

    Why is everyone out there laughing at me?

    1. Frank Gerlach #2

      Re: Thank God we're in the USA...

      Until very recently they simply touched your OpenSSL or gnuTLS library in your server with their exploit code and retrieved your private key. It must be assumed they had an automated system in place which would do this millions of times without much manual intervention.

      From that point on, they never touched your server for months or years, because they could decrypt your data in the main internet exchange points.

      So talking of "Snake Oil" - it was OpenSSL and experts telling people to use it "instead of rolling your own insecure library".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019