> On Oct 6, 2013, at 5:23 PM, exar...@twistedmatrix.com wrote: > > On 6 Oct, 11:02 pm, tobias.oberst...@tavendo.de wrote: >>>> Personally, I assume root CA private keys of any CA vendor are owned by >>>> the NSA anyway. >>> >>> There's no rule that says you have to use a "root CA" signed certificate >>> for your TLS connections. >> >> Sure, in theory, but there are multiple practical problems when using >> self-signed certs or certs signed by a CA not built into browsers. As a >> starter, here are 3: >> >> - enterprise networks might block those right away with no way for the user >> to accept self-signed or import alien CA certs >> - the user experience is bad: Firefox scares with dialogs and multiple steps >> of overcoming those >> - with WebSocket, browers will not even show a dialog! WebSocket are so >> called "subresources", and browsers will never render dialogs for these >> >> So in practice, I _have_ to use a CA that is built into all major browsers. > > You're assuming a lot here. Perhaps TLS is broken for all the uses you're > interested in - that doesn't mean it's broken for everyone else's uses.
Tobias, all of the things you've said here about browser UI, enterprise networks, and key management tooling are true; however, note that none of those nouns are "TLS". If you want to fix these problems, two possible options are: 1. Write some code that uses TLS (which is a wire protocol, after all, not a trust model or set of trust roots, nor a key management UI) and addresses these issues, by implementing a new trust model, protocol for exchanging trust roots, or key management UI, and selecting appropriate ciphers. 2. Write some code that uses a brand new wire protocol with unknown, unaudited security properties, also implementing appropriate ciphers, and also implementing all of the things in point 1. One of these options seems obviously superior to me :-). It doesn't seem to me that re-working the wire protocol of TLS will fix problematic browser behaviors; only patches to the browsers will do that. > *This* is probably now sufficiently off-topic, though... Man, are there some kind of Topic Police everyone is worried about? Do I need to start taking extra precautions when I write to mailing lists? :-) I think this is on-topic enough, since this might inform TLS work with Twisted in the future, and Vertex has been brought under the Twisted umbrella recently, https://github.com/twisted/vertex and it seeks to provide a different trust model with TLS and Twisted. (If anyone objects, of course, feel free to say so and we can take this thread elsewhere.) > Jean-Paul >> /Tobias >>> >>> Jean-Paul >>>> Really, TLS is broken. >>>> >>>> We need a new scheme. For encryption session keys, Diffie-Hellman is >>>> available, and provides perfect forward secrecy naturally. >>>> >>>> For authentication, we need a peer-based system like PGP has, not >>>> relying on centrally managed trust. >>>> >>>> I know. Not going to happen any time soon .. >>>> >>>> /Tobias >>> >>> _______________________________________________ >>> Twisted-Python mailing list >>> Twisted-Python@twistedmatrix.com >>> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >> >> >> _______________________________________________ >> Twisted-Python mailing list >> Twisted-Python@twistedmatrix.com >> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python > > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
