Learn, hack!

URL

http://ftp.ccc.de/congress/28C3/mp3-audio-only/28c3-4798-en-sovereign_keys.mp3

File name

28c3-4798-en-sovereign_keys.mp3

File size

29.4 MB

MD5

e36ac00d9004c825d96eed53981b3c99

SHA1

e8c1df172ade8ff00cb009d3eccce62c7a6c80e0

This talk will describe the Sovereign Key system, an EFF proposal for improving the security of SSL/TLS connections against attacks that involve Certificate Authorities (CAs) or portions of the DNSSEC hierarchy. The design stores persistent name-to-key mappings in a semi-centralised, append-only data structure. It allows domain owners to deploy operational TLS keys without trusting any third parties whatsoever, and gives clients a reliable way to verify those keys. The design can also be used to automatically circumvent a large portion of server impersonation and man-in-the-middle attacks, avoiding the need for confusing certificate warnings, which users will often click through even when they are under attack. The Sovereign Key design bootstraps from and reinforces either CA-signed certificates or DANE/DNSSEC as a method of publishing and verifying TLS servers' public keys. Conceptually, it provides functionality similar to what could be obtained if HTTPS servers could publish special headers saying "in the future, all new public keys for this domain will be cross-signed by this key: XXX", but the design includes a number of necessary additional features, including a secure revocation mechanism, protection against false headers that an attacker could publish after compromising an HTTPS server, and support for protocols other than HTTPS (SMTPS, POP3S, IMAPS, XMPPS, etc). Sovereign Keys allow clients to detect server impersonation and man-in-the-middle attacks even if the attack involves compromise or malice by a CA or DNSSEC registry. But Sovereign Keys also allow for automatic circumvention of these attacks via proxies, VPNs, or Tor hidden services.