On certificates and validation

[Michael Lazar]

On Thu, Nov 26, 2020 at 1:43 PM Drew DeVault <sir at cmpwn.com> wrote:
>
> On Thu Nov 26, 2020 at 1:41 PM EST, Michael Lazar wrote:
> > Now you're talking about CA verified certificates. There's nothing
> > wrong with using self-signed CAs, but it's a completely different
> > security model than TOFU and shouldn't be confused with it.
>
> Mostly correct. What we have is TOFU on top of TLS, not just TOFU. And
> because these parameters are present, it's likely that someone may rely
> on them. And if they do, and put their personal security on the line for
> it, then we can hardly call that a mistake.
>
> Gemini uses TLS. That comes with warts. That's life.

I like to think of gemini as TLS + TOFU whereas the web uses TLS + PKI. TLS by
itself is not a complete security model without something on top of it to
establish trust.

We're talking about validating x509 certs here which were literally designed to
work with PKI [0]. Using them in any other context is throwing the whole
security model out the window. Nobody can "rely" on x509 parameters in
that sense. They might think they can, and giving them that false sense of
security is the wrong thing to do.

(are there other types of certs that can be used with TLS? I have no idea, but
if so I bet they aren't supported by openssl...)

- Michael

[0] https://tools.ietf.org/html/rfc5280