Whitfield Diffie and Moxie Marlinspike

Video thumbnail (Frame 0) Video thumbnail (Frame 8933) Video thumbnail (Frame 10932) Video thumbnail (Frame 16704) Video thumbnail (Frame 25411) Video thumbnail (Frame 34251) Video thumbnail (Frame 43091) Video thumbnail (Frame 48818) Video thumbnail (Frame 55180) Video thumbnail (Frame 57807) Video thumbnail (Frame 62110) Video thumbnail (Frame 65064) Video thumbnail (Frame 66529) Video thumbnail (Frame 81204)
Video in TIB AV-Portal: Whitfield Diffie and Moxie Marlinspike

Formal Metadata

Whitfield Diffie and Moxie Marlinspike
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Come watch Whitfield Diffie and Moxie Marlinspike talk about certificate authorities, DNSSEC, SSL, dane, trust agility and whatever else they want to. Moderated by the Dark Tangent and with Q&A from the audience.
Decision theory Client (computing) Web browser Perspective (visual) Public key certificate Direct numerical simulation Mathematics Computer configuration Internetworking Different (Kate Ryan album) Authorization Data conversion Information security Position operator Physical system Information File format Digitizing Planning Database Bit Lattice (order) Line (geometry) Cryptography Category of being Whiteboard Procedural programming Quicksort
State observer Word Dependent and independent variables Neighbourhood (graph theory) Video game Right angle Figurate number
Point (geometry) Axiom of choice Regulator gene Key (cryptography) Moment (mathematics) 1 (number) Sound effect Computer animation Public key certificate Web 2.0 Word Goodness of fit Term (mathematics) Telecommunication Website Self-organization Right angle Data structure
Point (geometry) Context awareness Service (economics) Thread (computing) Decision theory Multiplication sign Firewall (computing) Set (mathematics) Web browser Client (computing) Rule of inference Public key certificate Revision control Direct numerical simulation Sign (mathematics) Root Different (Kate Ryan album) Energy level Endliche Modelltheorie Area Authentication Default (computer science) Key (cryptography) Graphical user interface Telecommunication Statement (computer science) Self-organization Website Right angle Quicksort Asynchronous Transfer Mode Row (database)
Android (robot) Dynamical system Presentation of a group Decision theory Multiplication sign Source code 1 (number) Real-time operating system Parameter (computer programming) Client (computing) Public key certificate Computer programming Formal language Mechanism design Different (Kate Ryan album) Cuboid Endliche Modelltheorie Information security Social class Physical system Meta element Block (periodic table) Electronic mailing list Bit Type theory Category of being Process (computing) Ring (mathematics) Internet service provider Telecommunication Chain Self-organization Right angle Figurate number Quicksort Annihilator (ring theory) Row (database) Point (geometry) Trail Server (computing) Service (economics) Variety (linguistics) Web browser Machine vision Number Revision control Goodness of fit Term (mathematics) Authorization Business model Operating system Computing platform Default (computer science) Multiplication Focus (optics) Information Weight Wärmestrahlung Cache (computing) Voting Software Integrated development environment Personal digital assistant Iteration
Principal ideal Domain name Complex (psychology) Server (computing) Context awareness Service (economics) Multiplication sign Twitter Direct numerical simulation Internetworking Term (mathematics) String (computer science) Encryption Information security Address space Physical system Domain name Dot product Email Key (cryptography) Cellular automaton Moment (mathematics) Instance (computer science) Cartesian coordinate system Pivot element Public-key cryptography Hash function Personal digital assistant Website Right angle Quicksort Asynchronous Transfer Mode
Ocean current Service (economics) Multiplication sign Decision theory Real number 1 (number) Port scanner Cyberspace Client (computing) Computer font Perspective (visual) Power (physics) Facebook Centralizer and normalizer Prototype Latent heat Roundness (object) Bit rate Term (mathematics) Internetworking ARPANET Energy level Office suite Endliche Modelltheorie Physical system Identity management Control system Vulnerability (computing) Authentication Information Forcing (mathematics) Moment (mathematics) Parallel port Basis <Mathematik> Special unitary group Instance (computer science) Hand fan Process (computing) Personal digital assistant Order (biology) Self-organization Right angle Freeware
Point (geometry) Suite (music) Domain name Server (computing) Overhead (computing) Random number generation Multiplication sign Transport Layer Security Connectivity (graph theory) Client (computing) Web browser Public key certificate Number Web 2.0 Mathematics Crash (computing) Cross-correlation Operator (mathematics) Encryption Proxy server Physical system Mobile Web Default (computer science) Shift operator Key (cryptography) Counting Schlüsselverteilung Public-key cryptography Category of being Exterior algebra Telecommunication Chain Order (biology) Website Video game Right angle Communications protocol Resultant
Group action Code View (database) Decision theory Multiplication sign 1 (number) Numbering scheme Mereology Information privacy Public key certificate Fraction (mathematics) Direct numerical simulation Sign (mathematics) Mathematics Computer configuration Encryption Information security Position operator Physical system Curve Algorithm Extrapolation Structural load Digitizing Data storage device Bit Electronic signature Type theory Category of being Digital photography Arithmetic mean In-System-Programmierung Ring (mathematics) Telecommunication Internet service provider Self-organization Website Right angle Quicksort Row (database) Asynchronous Transfer Mode Point (geometry) Functional (mathematics) Service (economics) Perfect group Computer file Divisor Variety (linguistics) Connectivity (graph theory) Patch (Unix) Characteristic polynomial Web browser Theory 2 (number) Number Twitter Goodness of fit Term (mathematics) Operator (mathematics) Integer Data structure Computer-assisted translation Proxy server Metropolitan area network Computer architecture RSA (algorithm) Authentication Time zone Distribution (mathematics) Key (cryptography) Information Validity (statistics) Directory service Cache (computing) Personal digital assistant Communications protocol Resolvent formalism Window Library (computing)
what we're doing here this morning is sort of a spontaneous panel that popped up maybe a month or two ago and the best you can do for spotting the ideas of 180 a month ago well you know I was thinking like I knew you and I knew you and Matsu was doing some interesting stuff and it was doing some interesting stuff and uh and I forget what happened it was like maybe maybe Moxie was you know doing something about Dane DNS SEC he was something came up I thought you know that would be perfect to get him talking with wit and then I thought that would be perfect to get both of them on the stage because if I think it's cool maybe you guys will think at school so who's looking forward to seeing them just have a conversation yeah so that there's not a whole lot of format here I've got a couple of questions to kick it off and what I'm really trying to do is kind of get new school and old school talking here and I'm really curious about how sorry if you're still new school wit ya and because what we're seeing is there's a little bit of a different perspective moxie maybe is more of an end-user perspective you grew up as a user of some of this technology just like myself and wit was lucky enough to be around to be the creator of a lot of this technology on the designer and he was there for a lot of the important meetings that shaped the way the Internet is today the way we do certain things online the way we use certain math and certain cryptography that's you know wit was there for that and so they just naturally see the world slightly differently just from where they came from and then we I definitely want to open it up to the audience because I think you'll probably get the most value asking questions so does that sound like a plan that's what we're doing ok so I'm first off how many people saw Moxie's talk earlier so you're pretty pretty familiar with some of his his opinions and so one of my first questions I just want to get out of the way for this is for Moxie is you know why uh why the digital jihad against certificate authorities you know okay I um I don't know if it's a jihad but I did start some of this by looking at the recent Komodo attacks people are familiar with this komodo got compromised and you know did you know the attacks could not have been more embarrassing the you know the information that has has emerged from these attacks makes it pretty clear that its board Komodo is not necessarily does not necessarily warrant our trust and you know the question is you know what happened to komodo after all of this you know couldn't have been worse could not have been more embarrassing and nothing happened to come over and so I started looking at that question well why is it that nothing happened to come out on will the u.s. Ferrars will after having it's great down great for the u.s. fairies would encourage us look nothing happened to come on oh I said yeah right now yeah yes exactly um so uh and you know looking at this question I realized that you know there's really nothing that anybody can do you know that the truth is that somewhere along the line we made a decision to trust Komodo and now we're locked into trusting them forever and I feel like this is the essence of many of the problems that we've seen with certificate authorities over the years that we were kind of locked into trusting them what whether they continue to warn our trust or not without really any incentives to continue behaving appropriately and so and then your options is an end user are very limited sure and I think I could say you know your options as a client are limited you know like as an end user there's nothing really you can do when the browser vendors are in the same position you know that and Komodo knows it you know Komodo knows that the browser vendors can't just remove them from their trust database because it would break somewhere between you know a quarter and a fifth of the internet for their users so I feel like you know you know we can reduce this to a single missing property that I call trust agility and the idea behind trust agility is that it should be easy to trust and untrusting it should be easy to make trust decisions at any point and that those trust decisions should be initiated by the client and I feel like with those two property is moving forward we won't get into the same situation that we are in now and so there's been a lot of talk about replacing the see a system with something else and I just want to make sure that we don't end up in the same place again by come and I think the way to do that is to you know come up with a replacement that provides trust of jellybeans any comments on that well no comments that are different from what I had before he said that yeah let me start out with a few procedural comments or assign I'm dressed for security theater at the airport and it seems to be appropriate to change for allegedly intellectual theatre here at the conference or something like that now I was told when I was I've never been Def Con before and I was told that I was required to drink a glass of whiskey before I spoke was this what don't applaud so loud I haven't done it yet I assume what that meant is I have visibly to drink my whiskey you know he's going for the 40 year old Laphroaig to visibly drink my whiskey here in the presence of the
witnesses you know just the way there were many people at court in the in the European Court so had the right to witness the royal birth be sure that the baby was the right one so I think my whiskey is being fetched so the first few words i speak will be unauthentic receiving the whiskey but after that you know you can you can have more trust than what I have to say I mean basically I'm here like most things in my life by accident Jeff sent me incidentally I
really appreciate the name Moxie Marlinspike you know it was hard growing up with the name whitfield diffie and in Jewish neighborhood in New York and somebody wants to have the name Moxie Marlinspike that that's that's courageous but basically I read this article and my response was to think my gosh I mean either I can't quite figure out either he's made the greatest observation about the way this needs to work in decades or he's led me to the observation because I don't I don't say things point the same
way so let me just say what I learned from Moxie's article and it now seems to me obvious of what should be done and it turns into a business problem of how to get to work and the simple thing I learned and it started out with the point in which I disagreed with him he said it wouldn't make any sense for DHS to be issuing certificates for Chinese websites and I thought well that no that's wrong it makes very good sense for DHS to issue web certificates for Chinese websites it just doesn't seem likely that those are going to be particularly interesting to the Chinese right a Chinese doing business in China doesn't care what DHS thinks about Chinese websites but an American business or an American government organization interacting with Chinese companies and organizations and so forth might even be bound but we're rationally bound by regulation to only conduct certain communications using certificates supplied by the DHS website that seems to be entirely reasonable idea and in general what I learned right is that basically ca's work for the wrong people cas should be working for the people who want to acquire keys not for the people who are wanting to proffer keys and that's where the truck and work for and here's the rub largely means of course as always paid by so think about some other things that I think have about the same structure that is to say you're going to hire somebody you're allowed to have that person investigated you go make certain choices you choose you know I know burns detective agency to investigate them or some of the detective agents you go to equifax or some other place to investigate the credit but it's the people doing the people who want the answer who are responsible for getting the investigators to find out what they want to know well similarly you know if you are a business of some kind rather and you want to do business reliable you don't really care about browsing every website on the web who cares you want to be sure than when you're talking to IBM you're talking to IBM when you're talking to Microsoft you're talking to Microsoft when you're talking to NSA you're talking to NSA and so you want to go to what Marx is calling a notary and I think I don't have a better term and not quite comfortable with that one well use it for the moment you want to go to somebody in effect that you retain who issues certificates for people you want to talk to now there are two things about this in my mind this organization need neither be friends of the people it's issuing certificates for nor even be known to them right so it could do anything I mean it can you know the cheapest ones just parrot whatever the whatever certificate those websites issue for themselves however things are picking up thank you fortunately they drive me all around town that's right you I see okay I don't get I don't get whiskey at all i get r I I don't get scotch at all again Rock okay so are any lot drinking Rio knows what's going to happen any last words before you have to be authentic now what was I saying uh so what you might have an investment or e organization that you retained that goes
out you know flatfoots around and does the kind of things accounting companies do and investigates the company's you want to communicate with and by whatever
means it deems appropriate it figures out what their keys are and then it issues your certificates for those keys the other aspect of doing these things this way is of course there's going to be a new mode of failure that's going to appear that is to say the rules of my
organization say I will never talk to your organization unless you present the key that is in the certificate I got
from my trusted notary and so if you send me some other key the communication
just dies there right you're presumably not going to understand things that I encrypting the key I was sent and I'm not willing to encrypt anything in the key you set but by and large I'm going to expect this will work reasonably oh that's not going to happen that often and of course it triggers an investigation is and you may certain sprinkling of these you will have rekeyed or something like that and it'll have to be updated so that's we pretty much come to the end of my pre whiskey a statement so I think while I drink my whiskey I'll turn things back over to my cohorts so so Moxie the idea of the notary sort of reminds me of the concept of trust anchors in the early days of DNS SEC when they're still trying to get the root sign in the TLD sign people still wanted stuff to work so they came up with you know the trust anchor concept and the notary seemed fairly similar or have you gotten some ideas from that or sure I think it's a similar concept and the difference as far as I can tell and maybe I don't know enough about trust anchors is that the trust anchors were still sort of predefined by someone that wasn't the user whereas with a notary concept anybody really in the world right now can decide to run a notary and if anybody trusts you then they can use you as a notary and look like a popularity contest I get half the room to trust me you get half the room to trust you have the whole room can somehow reach where they want to go exactly exactly and you know maybe half of the room and I think that's appropriate maybe half of the room is in a situation where they trust you for whatever reason and the other half of the room is in a situation where they don't trust you for whatever reason and maybe they trust me instead or some other organization and I think that's how the world works and there can be overlapped to right exactly there can be overlap and but and I I think you know the the important distinction there between this and the DNS SEC trust anchors is that I I think we've gone to a point in time where it's it not it doesn't really make a lot of sense for one entity or one organization to be making a decision about how everybody in the world should engage with the the authenticity of their website because different people are in different context with different threads and different ideas of who they trust in the world and its really it's our data you know it's it's the users data that's at risk not the the services data that's at risk in most cases and so I think it should be up to the clients it should be up to the users to decide who they're going to trust to certify their data so so would you say looking back that users have made really well informed decisions okay this is a fair question right users you know for putting this on the user aren't aren't users gonna isn't as too complex right and I think that really instead of user we should be saying client okay because you know the way that I would imagine this is that you get your web browser you know Mozilla or Chrome or whatever webbrowser you choose and embedded within it is a set of saying defaults you know that the organization like Mozilla has chosen organizations that they think you know are sort of generally trustworthy and maybe they have it localized you know maybe they have you know they already have localized versions of their browsers maybe they have those those notaries localized for different areas of the world but then the if a user like an advanced user which is to modify that it's very easy for them to do so and if Mozilla needs or Chrome or whoever needs to make a different decision about how to distribute these things they can really easily change it unlike now yeah so it gives them at least initial level of flexibility that they didn't have exactly and then hopefully that'll trickle down then to the advanced users yeah when he's talking about half of the people in the room I had suddenly came to what I think of us the Casanova model half the people in the room trust him because there is girlfriend and the other half don't trust him because he stole the girlfriend um I think there is a you know envision there's a certain possibility here for a graduation of trust that would be very useful namely if if we've gotten a certificate from our from our notary that indicates trust in this organization then maybe connect connect to them for example without any firewall we can get a much better much better performance and so forth where is if we you know we have levels of trust and if we don't don't acquire keys for them that way then we treat them as more hostile and we you know do deep packet inspection on everything they send us at cetera take make out great graduated detention that's right it's not a either yeah all or nothing can I want to take a question from the audience in the front row come have a microphone we have an abundance yeah I think there used to be in one of the aisles no I don't see it have this microphone all right thanks
just name and ok my name is white Kesterson I am also old-school as both of these guys know I chaired the committee that invented x509 so all right the the interesting thing is when I draw back and I hear about these trust models I'm reminded of PGP signing parties okay that's exactly what I'm reminded of and let me tell you where the problem comes from from these kind of communities they they may work in certain ways I hang with way too many lawyers okay and the problem of this kind of distributed trust model is what kind of business liability are you assuming so when you say I want to open it open a CA or when I are your version of a CA which is a notary then the question is what's the business model from them and and here's my problem we actually you know put together a program that said cas were supposed to operate responsibly right they're supposed to do certain things and when the first ones came out they had a little bit more discipline but but when the other ones came out they lowered their prices they lowered their prices and and now you know you have godaddy which does a really horrible job and a couple of other people to do that but people want certificates and they go to it and I just don't and that's the economic model that's what drives it because we're lazy fair we don't really enforce these kind of things so I just don't see how when you put another model together I do like incidentally the voting portion of it I think perhaps we might be able to do that with actually having servers present multiple certificates from old providers hopefully you find someone you trust but I don't understand why you think that the same economic model won't happen that that they'll be there doing a reasonable job for a reasonable saw community then it gets bigger it gets more costly than I have lawyers telling me about the risk i'm assuming so i start charging money more money more money to do a decent job and then someone uncut Smee undercuts me in terms of pricing to a less decent job and then we end up with comodo and so I basically see this nothing there that stops the same iteration of the business process that's it okay so I'm not really sure I follow that in terms of the vision the way I envisioned is where did you leave the mic with him for a second I mean as I said we have it seems to me a variety of things that work pretty much the same way in which you choose a detective service an accountant or something like that that has to be trusted and you pay them and there they they bear that is actually a price a case where if they have a contractual obligation and so they will actually suffer for delivering you bad information no I agree with that I don't mind with the flipping of the model but what I'm arguing is that there when we talk about the common person the one who's already trying to figure out what's going on in that little bar and as browser I personally think the clients got a little too thin here right and we say for the record I can't figure it out and so so I think would know I think we got a little too thin here in terms of people trying to make decisions and all the information that's up there but but my arguments exactly the same if people are out buying their buying based on certain kinds of things and they'll end up buying based on cost okay that's what people do they buy based on cost and so my argument is is that we end up with the same thing low cost cutting type things I say Marissa I on cost versus perceived a you know quality or something I mean lots of people by Mercedes as opposed to buying much cheaper cars right lots of expensive goods sale it's just it would be a problem with the market is that you can't see the difference in what you're getting so why spend more for it I think that's because people who buy Mercedes probably have an innate understanding about cars and quality and so forth they might be wrong about it but they think they do I just don't know if we're going to find this an eighth understanding and trust me they're saying you put your foot on the gas and hoist through a turn and you feel the difference but why what what didn't you don't know the thermal dynamics of what's going on in one of the ways I'm imagining that some of these investigative agencies they might be NGOs it might be the eff that might be it could be anybody right yeah I mean it could be anybody you know so I've released some software called convergence which is an early stab at you know inverting this this trust relationship and doing things a different way and the way it works you know convergence anybody can run a notary and it's actually you know requires a very low resources you know it's not an intensive process for somebody to run a notary and already there's been you know you know some number of people in the past two days who have set up their own notaries and I've received communication from security companies and NGOs who are interested in running odors of their own maybe even one certificate authority was interested in running a node ring you know so I i think that people are interested in running this even if it does not provide any immediate revenue because it looks good you know it's just like security companies do a lot of things in this industry without taking any you know any like direct cash for it because they want to be seen as trusted entities sort of like the lost leader yes yes yeah one thing may be necessary you know how to remark in your paper about how verisign could sign a certificate for somebody even if the person didn't want it you're not just strikes me as inevitable of course you could sign anything get your hands on but the critical maybe we need a more expressive language to have to go into the browser for saying what you trust
about certain sources certain i'm going to call notaries you say you know we trust this notary to endorse that category of things and have explicit yield you might explicitly what we think they made a mistake in that case will blacklist that one or so glad i don't know precisely all sounds very xml ish oh no yeah as long as it doesn't sound asn.1 ish yeah sense was stuck using primarily low assurance to no assurance systems do you see any sane approach to prevent subversion of the trusted list of a certificate authority list I'm thinking of the example were about a year or two ago Microsoft released a security update that actually modified the see a list for Mozilla Firefox what and so the question is is there any mechanism to prevent some version of these default lists themselves anything that you can see particularly sensitive work in a untrusted environment sure well I mean I think you know when in the case of organizations like Microsoft or that any of the browser vendors themselves that they you know at heart are trying to actually provide secure communication for their users now I think you know let me ask but does anybody in this room trust Komodo 1 2 3 okay three people people don't work for ya or do you guys work what just certify your secure communication you know I feel you know this may be a couple hundred people here maybe one or two people trust Komodo and I think that the browser vendors and the platforms actually feel the same way and I think if they could they would also make a decision to untrust Komodo but they can't do it and so you know this is the situation we're in and I think that if we give you know these platforms the mechanism to make the appropriate decisions that they will in good faith make the appropriate default decisions well hypothetically let's say you're a dissident in Iran the Iranian government has a CA which I noted was in my trusted see a list by default I removed it but how exactly would you expect a user to deal with that if it's a bird and readded because it's assumed to be trusted by your vendor and you might have no warning that gets readded to the list you know I that that's a I think that that's a maybe a different class of problems right that you know one thing you can imagine right is you know right now platforms like the web browser or your operating system are essentially you know delegating some trust decisions for you right there you're almost subscribing to them for some information on who to trust and you can imagine something similar to an ad block plus model right where you don't have to make you know very intricate decisions about all the entities in the world that you trust but you say well there's this other organization this NGO that's going to curate these kind of lists for you so it's like a you know a meta notary or something like that and you know maybe you have something like that i'm not sure but what i want to do is at least provide the kind of flexibility so that these decisions can actually be made however they're made okay now we're not I don't want to turn the track into nothing but you know rant against the ca's but we're going to take a couple more questions and not threaten we're going to try to shift may be the focus a little bit so let's uh hello bill Manning and I'm going to take both of those questions okay the first one has to do with you said notary notary reputation who does that number one and the second i will call it trust echoes trashed what trust Echo's echo how many people in the room have one device with one browser only one no no no no no no all right how many people have multiple devices with multiple ways to get to the net everybody's hand should go up okay so if I want to update mozilla firefox on my macbook pro 15 who's going to update my android who's gonna update my iphone who's going to update the box that's been sitting on the desk or sitting on the shelf for last three months i'm going to forget these things so the idea of updating all of the trust on all of the devices simultaneously is problematic and then there's also the problem of if I trust something and whit decides that he trusts me for whatever reason he's had too much whiskey or rye and I choose to say well I think that actually Jeff is you know pulling my chain I withdraw my trust but wit doesn't see that in any time any near real time so he continues to trust Jeff based on my reputation so this idea of cached or their influence ripples of trust it's a problem I don't know how you deal with that I'm I mean it sounds similar to the the relocation problem right you know that if things change Oh SCP kind of yeah exactly that you know right now there's you know certificate authorities have the same problem they usually signed certificates maybe at some point they change their mind and so they're supposed to be these revoke ation mechanisms that allow them to revoke their decision unfortunately they don't actually work and so that tends to break down but you know I think it's an ongoing question and certainly we can I think I'll imagine relocation mechanisms that would work if they were just implemented correctly all right first
I'd like to start with a comment on scoping so i can better place my question i think that perhaps we speak of thirst of trust in a very you know one way that's too broad and in my question I was being explicitly interest in terms of knowing that you got the correct public key for that particular website in context of SSL i'm not talking about email encryption or or other applications and I wonder and I would like to see both moxie we spoke earlier about this and our the cell would like to hear its comment if perhaps there is a simple way for instance tour puts a hash of the private key in the dns name itself and helps pseudo domain onion why don't we do something like this natively in the browsers for so we could get away and get rid of these policy a system I think it would be a much simpler solution perhaps putting other layers come over complicates things and complicated things have complicated modes of failure either they're hard to analyze and simplicity security and simplicity have lots in common but then don't aren't you shifting your trust to the DNS infrastructure sort off which we already do one way or another why another player yet another layer to create another failures so that's sort of like dane or other proposals like that where you put your public key in DNS we're right in the side pain itself say XYZ 123 whatever a big hash dot-com or dot key or any TLD we we choose for that and I think that it's it reuses what no no no we are not we already trust what already works and it doesn't doesn't add other layers of complexity to the whole system and that's what I would like to to to hear their comments on this thank you well i think you know when one thinking about a lot of this stuff one thing that we should be or one thing that I like about a simple pivot to something like convergence is that it it doesn't require migrating the internet you know that right now the way the convergence works is the the servers people are wearing services on the internet don't have to do anything they'll have to change anything and I think it could be difficult to convince everybody that okay here's what we're going to do starting january fourth everyone's going to switch to domain names that are actually just long income principal hashes and i think it would particularly be a hard sell if you go to somebody like Twitter and you're like right twitter from now on instead of twitter com you're going to be 73 2594 you know some incredibly long string twitter com well just notice how hard it's been to sell ipv6 any other proposal a lifetime for lesser helling reasons we can make the switch on the same day anywhere NASA Valley in case a I think ipv6 is you know its problems ought to be addressed at this moment by the stepping over it I think we need IP v8 that has a good name and would have a 256-bit address space and that it's time
to you know often often you give up on something it has opponents and you pick up a new thing that's substantively the same but but better I encourage everyone it just seems to me like these trusted organizations that you're talking about would tend to be ten towards large organizations instead of small ones I would think and I it seems like there's a lot of parallels to politics in in this case in which if a politician it has a lot of you know a large amount of power they tend to have political terms of office and then they get you know they have to be reelected in order they have the day of a specific delineation of time in which they have to be recertified as as good yeah as trusted powers right I mean it doesn't it seem like we could enact a system like that where it's like okay well in the year 2014 on january first we have to decide whether we will continue with this large organization central truster or go to a new one I give you my answer which is perhaps unpopular but the way that I wish that you know this term worked and just like with all politicians is that that term expired every second you know where you know at any moment you can decide well you know these people like well yeah but I mean it's it's like users aren't going to want to decide every moment whether they whether they trust anyone or decide on an individual basis they want to set it and forget it what you know and again I think maybe instead of saying users we should say clients because it doesn't have to actually be the end user it can be whoever's providing the client because you know that's their job to me making these kind of decisions I skechers any of this reminds you of that the trusted users trust identities in cyberspace initiative where you know the tix the the proposal coming out of the US government to create the trusted online identities you maybe have to give up more information but in return you get a larger amount of trust in whose you're connecting to and they have a higher level of trust in you as a consumer wait so the government is proposing this thing that sounds scary and they called it tick morva what these people need a PR department I think after be very careful about this i think it's i've heard people say you know your round for a while and get all these seminars about how we should have done the internet and this that and the other and I heard Klein rock say if we had to do over again we build in strong authentication from the beginning and I think no thing nothing could be more profoundly mistaken because if that had been done in just incidentally I don't think the tools were available the urine he's talking about but that doesn't matter but when you suppose they succeeded then they would have ended up with what Baron wrote about of what ARPANET was prototype for which is a national command and control system they would not have ended up with the incredible of cultural and economic force that the Internet has become so I think you have to warning a lot of these things about doing anything that can tighten things up in such a way that you don't have the freedom to go out and explore because everywhere you go you will be well known and they will just what they tell you to fit who you are so you're not probably a fan of Facebook's policy that everybody has to use their real name I'm probably I'm not but the fact is I'm fairly ignorant I don't facebook so I
think there's a strong parallel between the trust problem with cas and the trust problem we have with our bond rating services um but that's a side comment going to the model of the client driven trust I can see a model where I don't sign your key unless you pass my vulnerability scan for instance but that creates a free rider problem and I wonder is wondering if you have any comments on that what is the free rider problem I don't have to worry about scanning this because this other trust agency has already done it well that sounds pretty much to mean that the you know lots of outsourcing decisions could be decided could be described in the same way right if I've hired somebody to do this investigation it seems if I do it again myself the Sun question you know why did I throw away the money to hire those people to do it or why do I bother to do it again or can I explain why we did from different perspectives and can expect different value from the work oh you have notary a who has a strong vulnerability assessment does it for X and X hashes a vulnerability assessment you know notary be who says well no trade trusts them so I don't have to do a vulnerability assessment they had to pay for it these guys didn't that's the free rider problem I think that's handled in a lot of current things by the fact that the your customer you're paying customer I think was X you know gets the thing paying customers the client who's paying either A or B yeah and I think if you pee you get you get information from a and if
you don't pay them they don't send it to you or something is not the way it usually works yeah but if you pay be he didn't have the overhead that a did how did we learn what it told you because b is because b subscribes to a as a client does oh that's honestly okay that has to be true of a whole lot of business relationships currently so a sooz be for you know the theft of intellectual property or something I don't know the answer is I don't know maybe that's a problem well uh quickly on business incentives of running a notary it occurs to me that I go home I set up a notary and people start using it I would have a significant amount of customer data which I could later resale so is that a business incentive is that a legitimate thing is that something that you perceive is happening would they be removing the trust chain at that point or um who are the customers in your your bottle here the customers would be some marketing firms or something that what you're saying you have a number a large number of customer you have some custom radio the customer data what is it you know other than what sites your customers would like as he addresses linked to domain names of who they looking for and so you have correlation data of people that are going to a similar website it would be the same data that a name operator yeah it look about it but but then I would have it though sure well so the way that convergence at least works right now is that by default your communication with the notary's is anonymized through another notary so you turn let's say you have ten notaries can configured for every request you decide you're going to talk to nine of them you try to turn one of them into a one-hop proxy tunnel ssl through that one to the other nine so now two notaries actually have to collude in order to reveal your browsing history and also you only contact them on the first time you visit a site or when a certificate changes which would be fairly rare oaks excellent thank you okay we've come to a fork in the road I think you underestimated the audience i count about 16 x 32 which is around 500 who's talked down 500 people guys feel pretty good okay we've come to a fork in the road do we want to continue on this topic or a shift we've got about 10 minutes left we could just keep doing questions or we could talk about something else ah you stirred the soft one okay have a great new topic I don't have a lot of great topics in my back pocket but I'm always curious and maybe you know why this happens when i'm using my browser and i'm going through and i have the same problem related to wit ciphers do I trust and the cipher suites or do I trust only TLS or only to LSB 1.1 or v3 or you know ssl v2 or whatever so I've been experimenting with some of
my websites and I'll change on my web server what kind of certificates it hands out and then I'll pay attention to see with my browser crashes and I've gotten it down out of my mobile devices and everything I have can support TLS 256 with diffie-hellman but if I turn on a es 256 without diffie-hellman the browser's prefer that over you wit why don't they like you I think you're more secure I think the diffie-hellman key exchange there is probably better for users but what's the alternative you need some public key component right the alternatives that yeah is RS I yeah and it seems to default it i don't know if that's a legacy of older browsers or not well i'll give you a personalized answer since I was probably more fun than something else one of the greatest mistakes I have made in my life is that because RSA solves the public key problem in the way I formulated it diffie-hellman solves the public key problem in the way ralph merkle formulated as a result I for years I liked RSA better than I liked if he home in retrospect between long time to understand that's a mistake for two reasons one is deeper both are important one deeper than the other the deep one is that RSA has the problem that I hand you a modulus and say to you hey this is a good key send me you know send me a secret well I know there's some fancy protocols where I can prove to you that the modulus is good they're not widely employed but in the basic protocol the whole thing that makes the system secure is that there's nothing much you can tell about the modulus from looking at it and whereas in a defeat Hellman protocol all the things that are secret are kind of uninteresting I mean you pick random numbers you don't want them
to be 0 or 1 and other than that you dont much worry about them so in terms of the trust structure the diffie-hellman architecture if less elegant about Purton points of signature I'm sorry I probably should have said it's inadequate until you have el-gamal right once you have to feel man in El Gamal then you have what is now in for example sweet be essentially you have the two components the other point is that RSA is a curious dead end you can do it in quite a variety of rings but it's not in none of them are better than the integers whereas with diffie-hellman you can do it satisfactorily in quite a variety of number systems and in particular Lipton curve groups work a lot better than modular of modular rings and so you know why is why is our essay more popular well in part of a couple in
part only one part because I backed it rather than to be held is there a is there a component between RSA and if you help me of sort of perfect forward secrecy well I'm deafening is the better thing for giving you forward secrecy because it's very cheap in to be held in to manufacture ephemeral keys manufacturing RSA keys you can manufacture femoral ones and some systems do but it's expensive so so on the on that topic I'll shift it for a second will take one or two more questions before we wrap up on the concept of perfect forward secrecy it seems like it would be a very good characteristic to have in some of our communications especially moving forward and sort of this perceived view of the world where there's many organizations that might be monitoring you so you think from your isp wants to better market you to nefarious government organizations so if you could always be having the properties of PFS that would be that seems good then it really doesn't matter how much of my history they record like with PGP they just get your key ten years later and they get everything going back in time why don't we see more PFS in protocols is it was there sort of a it was never really consideration of the people who designed it that's you know just privacy doesn't enter their mind and now we're trying to bolt it on into a system that was never really designed for or there are deeper reasons that I just haven't I haven't thought I don't know deeper reasons I mean one the free the phrase incidentally is misleading i know it became a forward secrecy isn't okay phrase shannon's term perfect secrecy referred to an information for theoretic phenomenon that's not present here this is not right so I just call it forward secrecy NSA has a couple of terms one of which is backpack protection I can't think of the other one that is sort of more operationally focused on what might happen everybody doesn't know this stuff it means you know if they get your key today they can't use that to figure out what your key was yesterday because you've done something in between that really changes the two and yes I think it's a great idea and it may be that the sort of was enough trouble discipline getting things to work put up making them look perfect how many comments Martin on that I mean I I think for for security is going to be something that's increasingly important you know for the reasons you mentioned that today it's not unrealistic to think that there's some number of organizations that are just recording all of your cipher text all the time and you know maybe one day someone compromises your key and now all of the previous communication would be compromised as well and used to work for a storage vendor we really like that trend and I mean it is a little bit more expensive and I think that's probably why your web browser does not prefer the forward secure mode because you know there's a few extrapolations in there but you know also I feel like we've gone to a point where that added cost is not significant so so how many people here for example Def Con a dork turned on only handing out if you Hellman type keys and it's going to break some minor percentage how many people that think that's a valid trade-off because see then I is the operator making a decision to basically scare away a certain percentage yeah yeah where do I presumably I don't actually know this photo as well you don't means you don't support digital signature algorithm right okay well Duffy helmet as such doesn't sign but but el-gamal signatures are based on the same arithmetic and do sign there's a second in my night I'm sorry everything sounds so loud to me up here how is how are you be using the mic okay somebody came put the mic closer to me I didn't see why no just one point that there are as a secondary problem in signatures that sometimes you want to sign fast and sometimes you want to verify fast and in particular if you're signing code in the sense of a signed distribution of Windows you could take all week to sign it if you want to do what you want is for it to verify in a fraction of a second when you want to load it and run it and that's a more subtle problem yeah I just wanted to make a comment that I think the most important point are the most important problem that we have with us to sell or HTTPS now is websites are not using it we're not using it enough and um as I work for Mozilla and we are trying to make things faster the speed is becoming one of the primary factors in this so the idea of like contacting a third party site we're actually trying to do that unless so like in the notary system it would probably be a good idea to try and add in some mechanism so that the website you're contacting can proxy that data on the behalf of the friends Oh notary so that you don't have to contact someone else i would say that so this is a good point right speed isn't speed important i would say that actually with convergence convergence is probably slightly faster than the existing see a validation because you only have to talk to the notary the first time you visit a website or for certificate changes and then if the stiff egat hasn't changed you have a local cache and it's a simple compared you don't even have to do the the cryptographic operations to check the signature so it should be slightly faster in the common case so the first time slower Oh until almost imperceptibly slower but yet here you mentioned the amount of information you mentioned that I got the impression you wanted the diffie-hellman chosen society before RSA Cyprus then you have two options you can send him a patch or you can change browser to opera and fill disclosure I wrote that code um so can I ask you guys a question okay all right so it's my position that Dane which is leveraging DNS SEC to replace the authentic cv piece of SSL as a bad idea because it doesn't provide trust agility and it will leave us in the exact same position now you guys work for I can I agree with you I think it's a bad idea my fear I think DNS SEC is good idea incidentally I just think pushing it to do other things is probably a mistake my fear with with DNS SEC is that people will say now we have this new capability we have a sort of like a trusted directory and we ask it questions and it gives us stuff back and we can trust it so wow that's great maybe we should put some other stuff in there that I can trust to like a recipe or a picture of my cat and in businesses will come along and say hey that's all the whole bunch of stuff we don't have to build a whole new protocol or anything we'll just put it in DNS and you know instead of maybe the traffic going over and being queried to you know HTTP it'll be queried over dns and so maybe the traffic load equals out and so we're just shifting some packets from this service to that service and I fear it one day we're going to wake up or we're gonna have these like you know 200 megs zone files and you know it like what said it wasn't really designed for that but I don't really know how you prevent people from stuffing things in there well I think as I can you could say no this is a bad idea ietf don't certify this protocol well like for example I was looking at the number of Records you could put in DNS there's i don't know like 20 or 30 different things like you can put its ok to put your ssl certificates in there it's ok to put your pgp certificates in there like how many I don't know how many Ruby resolver libraries actually know how to query a pgp key you know I think they noted do get host by name and that's it they don't get like get pgp by my name and so I even though we already have this functionality nobody's really doing it yet and so I don't know if I'm bringing up a point that's not going to be it's not going to be an issue but that's one of my concerns so I've been given this signal ok yeah obviously a dynamic phenomenon they're both people getting up people sitting down what are you so my question is though since i'm going to ask the question is this when does the Q&A start and where so the QA will be in room one or a there's signs and what you can do is you can just follow h + x and myself and moxie and we'll go into the QA room but feeling if a lot of you follow us there it'll probably get full and that's just the way the rooms work ok guys i want to give you a round of
applause for our two you