[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

and not a single Tor hacker was surprised...



Hi there,

Dnia czwartek, 23 stycznia 2014 00:47:48 Tom Ritter pisze:
> There are a lot of things like this, but the big question is: how does the
> user indicate to you which cert they want?

Can't they just get both certs and accept the one that works for them? I.e. 
John Doe would just accept the "vanilla" SSL cert; Joe R. Hacker's browser 
would have these blocked, but could accept a Monkeysphere-based one.

> If it was via pubca.x.com or privca.x.com - that's easy just put the
> different certs in the different sites.

The idea is to have the same site.

> But otherwise, you have to rely on quirks.

Ah, yes, quirks. ;)

> TLS allows you to send different certs to different users, but this is
> based off the handshake and is for algorithm agility - not cert chaining.
> EG I send ECDSA signed certs if I know you can handle them, and RSA if not.

Oh, this is good. Differentiating between "vanilla" certs and "advanced/really 
secure" Monkeysphere-based certs via ciphers is neat. Thanks for the idea!

> You can also send two leaf certs, two cert chains, a cert and garbage, a
> cert and a stego message - whatever. This is the closest to what you want,
> but this is undefined behavior.

Mhm.

> Browsers may build a valid chain off the public CA, and monkeysphere off the
> private* and it works perfect... Or the browser may pop an invalid cert
> warning. It's undefined behavior. You'll have to test, see what happens, and
> hope chrome doesn't break when it updates every week.

So, sticking to the ciphersuite hack, which is elegant and bound to work. 
Thanks a bunch.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140213/4cb89c8a/attachment.sig>