0

// ,

I don't want to go to https://bankofamerica.com and see it self-certified.

I don't want to go to https://amazon.com and see it self-certified.

I don't mind going to https://patriotact.wordpress.com and seeing it self-certified, because it doesn't take orders for money, or handle messages.

Now, our government wants everything tagged with the legal ID of the site owner.

How do the above provenance requirements for compliance affect RevokeSSL's effectiveness?

If I use a certificate that is not self-signed, is there a point to using RevokeSSL on the blockchain?

Christopher Allen recently gave a presentation here: http://www.meetup.com/SF-Bitcoin-Devs/events/222712738/

However, I left with a feeling like I did not have a sure y/n on certain core issues.

Am I asking this question correctly? Is this specific enough?

Can we add an SSL tag?

Nathan Basanese
  • 368
  • 1
  • 15

1 Answers1

2

RevokeSSL requires one of the following:

  • self-signed certificates
  • certificates signed by CAs that are willing to include extra information in what they sign.

This is because there is a false revocation attack available if the certificate does not contain the information (the address that's going to be used to create the verification transaction) needed for RevokeSSL to work.

Victor (the victim site owner) is up against Mallory (the malicious adversary who wants to harm Victor's site reputation):

  • Victor creates site, creates certificate, but doesn't include the RevokeSSL verification address.
  • Mallory obtains Victor's site certificate. (He does not need to obtain any private keys.)
  • Mallory creates a RevokeSSL-formatted transaction, containing the OP_RETURN value that is the hash of the certificate he wants to falsely revoke.
  • Some time later, Mallory "spends" the transaction, revoking Victor's site certificate.

If the hash of the certificate were used to search the OP_RETURNs, this attack would work. If the original certificate includes the address used to create the verification transaction (and the verification transaction includes the hash of the certificate in question as OP_RETURN), then this attack cannot falsely revoke the certificate.

sjcaged
  • 136
  • 2
  • // , Thanks for the thoughtful answer, and the example, SJ. Do you think that Bitcoin could serve as part of the infrastructure for a system like the one that the http://bitcoin.stackexchange.com/users/26746/sjcaged profile advertises? – Nathan Basanese Jun 14 '15 at 06:54