[messaging] [Cryptography] Gossip doesn't save Certificate Transparency

[Peter Gutmann]

Jerry Leichter <leichter at lrw.com> writes:

>The logical outcome of pinning is to get rid of the certs entirely.  Your
>browser vendor provides you with a bucket of public keys for well-known sites,
>and you just use them.

Yup, and that's been proposed in the past (late 1990s) as a way of getting
away from X.509's 1970s origins in offline systems.  Instead of asking a
source for a certified copy from some self-appointed authority (certificate
from a CA) and then groping around for further information to check whether
the certified copy you've just fetched is actually valid (CRL), you just ask
the authority directly, "give me the currently-valid, known-good key for X"
(pin from Google).  This short-circuits all of PKI.

For some reason it hasn't proven too popular with CAs and browser vendors.

>Pinning is a hack to buttress a PKI system that we know is failing.  I
>appreciate the importance of having something that improves existing systems
>as transparently as possible - it's so difficult to deploy anything entirely
>new.  As a transition - that's fine.  But it shouldn't block us from thinking
>about a better replacement.

It's just a very roundabout way of implementing the "give me a known-good key
for X" described above without disintermediating the CAs.

Peter.