[Cryptech Tech] The cert for cryptech.is

Rob Austein sra at hactrn.net
Sat Mar 29 19:28:25 UTC 2014 

Trying to address the substance of Joachim's point rather than the
mechanics of our current state:

At Sat, 29 Mar 2014 08:40:55 +0100, Joachim Strömbergson wrote:
> 
> Yes it opens up an opportunity to discuss the state of CAs and blind
> trust in Trust Stores. But that actually seems to divert the discussion
> about OpenHSMs. And among the more knowledgeable I get comments like
> "unprofessional", "broken", "bad". Basically, since self signed certs
> are in general considered bad, Cryptech does not look like a serious
> project.

I think the key point here is that there is more than one profession
involved.  I'll skip lightly over security experts who don't get the
technological issues here (self-signed vs unknown CA, "broken" vs "it
did not work out of the box on my Banana Junior 6000", etc) and focus
on "unprofessional".

Considered from the marketing point of view, this is accurate.
"Unprofessional" in a marketing context is anything that gets in the
way of delivering the intended message into the audience's brain.

Considered from the security geek point of view, this looks very
different.  Basically, these people are asking that we go with
something technically weaker in order to make it look more secure (or
just look easier).

So which profession are we talking about?   This is part of why I
suggested at one point that we might need to separate the engineering
content from the technical content.

> And by using a self signed cert and telling non-tech people to just
> ignore the warning

I don't think it says anywhere on the web site that one should just
ignore the warning.

I won't dispute that non-technical folk may choose to translate what
we do say that way.  As near as I can tell, pop-up warnings mostly
teach users to click the dismiss button without reading the warning.

> I therefore conclude that by using a self signed cert we are not doing
> ourselves and our project a favor. That it makes adoption and trust in
> our work harder to get, not easier. That it takes the focus away from
> the need of open HSMs.
> 
> Lets select our fight. Focus on building a good, open platform for HSMs
> and then try to be more mainstream and simply go with a good cert.

On most projects I would be completely in agreement with this.  Not so
sure in this case.  We based this project in Sweden and Iceland for a
reason, and I don't think it's wise to increase our technical reliance
on infrastructure in jurisdictions where the usual suspects can just
march in with secret orders.  We don't have the resources to defend
against a serious attempt to mess with us by a major government, but
we don't have to make it easier for them either.

More information about the Tech mailing list