daveschaefer
commented
11 years ago Would we want to add any policies to the default security levels?
Open daveschaefer opened 11 years ago
daveschaefer
commented
11 years ago Would we want to add any policies to the default security levels?
Allow the user to specify multiple acceptance policies. If a certificate satisfies quorum under any policy, flag it as accepted.
This could help achieve a better mix of availability and security - for example, a user might trust a certificate if either 100% of notaries have seen a certificate consistently for 3 days,or at least 50% have seen it consistently for a month. Some users currently inspect Perspectives results and implement this behaviour by hand - it would be good to make it happen automatically.
Carl says: "This would give resilience when notaries are unavailable, and quickly adapt when certificates legitimately change or new sites are added, while still imposing a high barrier on anyone trying to subvert the system. With the example rules above, an attacker must either maintain control of every notary for 3 days, or maintain control of at least half the notaries for a month. Both scenarios are unlikely and indicate a very powerful attacker (such as a government) who could probably subvert traffic in other ways (like DNS poisoning)."
The improved availability of such a setup could make much stricter policies feasible - "Without a fallback, I would never configure the addon to require 100% agreement, but with alternative policies in place, I might."
Credit and thanks to Carl Antuar for the idea