Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Trading security for performance seems to be a recurring issue among many projects.


There's no platonic ideal of Security that exists in a vacuum, unaffected by the economic/convenience/performance/etc costs. The clearest example here is post-9/11 security, but this trade-off exists in EVERY security system, far from being an "issue" with certain projects. As far as I'm aware, this is considered a pretty fundamental tenet of security in a pedagogical context. Now of course there's still room to disagree with the level to which each project sets its security/cost-avoidance slider, but it's hardly black-and-white.


There are also contexts in which the trade-off doesn't actually exist. Extraneous complexity breeds performance problems and security problems.

The horrible mess of ancient cruft that comprises the existing certificate infrastructure is a more fundamental cause of the problem here than what this or that browser does to try to mitigate the damage.


The problem isn't the certificate infrastructure; it's the protocol.

Online revocation checking could be made to work. We know the shape the solution will take. It will look like a redesigned version of OCSP stapling (where instead of connecting out to an OCSP server, the TLS server itself relays the revocation assertion over the TLS connection), but for chained certificates, and with an HSTS-like persistence mechanism so that attackers can't skip revocation checks by simply not sending the Certificate Status extension.

This is a lot of work to get certificate revocation, which is a rarely-used feature. But dynamic certificate pins are useful all the time, and solve some of the same problems as revocation. They also happen to be a persistent, cached attestation that accompanies a TLS connection.

So, perhaps the right thing to do is (wait for it) push for TACK:

https://qht.co/item?id=7562185


This isn't an exchange of security for performance. It's an exchange of theater for reliability.


Why is checking for certificate revocations theater? It seems sensible to me.

Edit: I mean downloading a revocation list rather than checking online.


Because the real world breaks OCSP checks often enough that browsers can't tell the difference between e.g. a malfunctioning proxy and an attacker; therefore, browsers don't hard-fail the checks, so attackers can slip past them. And in exchange for that theater, you're telling the CAs what sites you're visiting. It is a crazy system.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: