Ask Hacker and Security Gadfly Moxie Marlinspike 70
As a security researcher, Moxie Marlinspike has played a big role in explaining what can go wrong in using Certificate Authorities to authenticate SSL traffic, an issue that's been top of mind this year thanks to compromised and faked certificates. On that front, he's lately come up with a system designed to circumvent CAs entirely, which means bypassing compromised (or invidious) authorities, rather than trying to patch the CA system.
Another line of research, but not the only one, is mobile security and privacy; his Whisper Monitor Android firewall, released earlier this year, gives Android users notifications (and fine-grained permissions) when apps — including location-tracking or malware apps — want to make outbound connections. Possibly related: Moxie can also speak first-hand about what new border-search policies mean for travelers, having had his laptop and phones seized on returning to the U.S. from a trip. (And by the way, he's also an accomplished sailor and film-maker.) Moxie's agreed to answer your questions. Ask as many questions as you'd like, but please, be kind of rewind^wask don't ask unrelated questions in the same post.
CarrierIQ (Score:5, Interesting)
Wildcard rules (Score:5, Interesting)
Who writes your paychecks? (Score:5, Interesting)
Hope for the Future (Score:2, Interesting)
As a security researcher myself - albeit an unknown one - I find myself constantly looking around at the state of security in our always-online world. To say the least, striving for a goal of security where nothing is ever actually secure is disheartening, something akin to a donkey chasing an inedible plastic carrot.
While the cat and mouse games between genuine rob-your-grandmother criminals and (hopefully) 'honorable' types continue today, is there really any hope that this situation won't eventually just escalate into a forced-at-birth Orwellian nightmare?
Web of trust versus online consensus (Score:5, Interesting)
If I wanted to validate the hypothetically secure https://slashdot.org/ [slashdot.org] I would be happy seeing an SSL certificate signed by Geeknet's PGP key (assuming they cared enough to be in the strong set), but even happier if it was also signed by a couple certificate authorities and some other folks in the strong set. I would assign partial trust to each of the certificate authorities' root certificates and use PGP to measure the partial trust of other signatures and set a threshold for the security of any SSL site, perhaps requiring "full trust" for automatic acceptance of an SSL certificate, a warning for marginal trust, and a bigger warning for anything less.
One of the primary advantages is separation of privacy and identification; the private key for identifying an entity would only be used to sign SSL certificates, reducing the likelihood of an attacker compromising an identity certificate. Notaries, as in Convergence, would simply be entities who sign a large number of SSL certificates after verifying the owner's identity through the existing trust network. The advantage for notaries is that they would not need to keep their private keys online and would only serve signatures. SSL sites could also just include the signatures in the initial SSL/TLS exchange, shifting bandwidth costs to the entities that benefit from the signatures. Site owners could also pre-distribute new SSL keys to certificate authorities and notaries to obtain signatures similar to the way that the existing PKI works, without relying on projects like Convergence to correctly identify a legitimate key change through heuristics.
The biggest advantage is a much more robust framework for trusting the privacy and identify of web sites. The likelihood of obtaining fraudulent SSL certificates signed by enough entities to achieve full trust is much lower than the likelihood of compromising a single fully trusted root CA or tricking a Convergence-style network into trusting a fraudulent SSL certificate by DNS poisoning or other methods.
Do you think this is a workable and, if so, good idea?