Re: [projectvrm] Minimum viable VRM web site or service

[Henrik Biering < >]

The Public Key Pinning that you reference is not scalable. Therefore 
Chrome (already) and Firefox (from the next release) supports HPKP, 
which works in the same way as HTST, where the browser stores the 
appropriate information about the site at first visit. Which means that 
you are vulnerable at the first visit, but not for subsequent revisits 
with intervals shorter than the selected timeframe (typically 6 months). 
More information here:
https://timtaubert.de/blog/2014/10/http-public-key-pinning-explained/

DNSSEC+DANE is another option whereby you can replace the risk of just 
one out of hundreds of CA's being exploited to relying only on the 
security of your own server as well as your DNS operator:
http://www.internetsociety.org/articles/dane-taking-tls-authentication-next-level-using-dnssec
None of the standard browsers support this (too good relations with the 
CA's?), but plugins are available for both Chrome, Firefox, IE and Safari:
https://www.dnssec-validator.cz/

/Henrik

Den 15-01-2015 kl. 21:19 skrev Johannes Ernst:
> > On Jan 15, 2015, at 11:30, Brian Behlendorf 
> > <
> >  >
> >  wrote:
> >
> > https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
> >
> > Band-aid after band-aid.
> Amen.
>
> Would be so nice if SSL used a web of trust model, where my site could 
> publicly declare that it believes your site’s key is such-and-such, and 
> browsers could be configured whose assertions to trust, and how many are 
> needed for a given key.
>
> In practice, the cert authorities would end up as “super nodes” on such a p2p 
> network, but each of them could be used as a check and balance against all 
> the others. And paranoid people could, configure their browser to only trust, 
> say, the EFF’s assertions, *without* losing all vouching for some/many sites 
> that we’d lose if we removed some of the root certs in our browsers.
>
> Cheers,
>
>
>
>
> Johannes.