the TOFU lie - or why I want my meat...

Christoph Anton Mitterer calestyo at
Wed Apr 1 00:40:35 CEST 2015

... at least when it comes to crypto.

Let me use this word snippet from DKG to more generally think about the
TOFU concept :-)

On Tue, 2015-03-31 at 15:58 -0400, Daniel Kahn Gillmor wrote: 
> The devil is

What have we had in the recent years when it came about
cryptographically secured message exchange (and message doesn't mean
"mail", it means "any data") that was actually used on a broader basis?

a) OpenPGP and similar schemes, where peers are typically more or less
   directly authenticated (e.g. by personal meeting and fingerprint
   This btw. also includes things like SSH, at least when one
   directly/securely exchanges SSH keys.

   This PKIs put the whole control under the user. He can decide who he
   signs/trusts, or how many indirections (in the case of WoT) he'll
   trust and so on.

b) X.509, and similar schemes, where trust in another one's identity is
   not directly authenticated, but rather one trusts one (or hundreds)
   of central points (the CAs) to do the right thing.
   This includes basically all SSL/TLS, because this is typically only
   used with X.509, and yes I know there is a RFC for OpenPGP + TLS, but
   is there even a client who implements that?

   Here, the control is effectively fully out the user's hand. The CA
   alone decides, can forge (accidentally or on purpose) identities and
   so on.
   Theoretically the user can decide which CAs he trust, but in practise
   this won't work either, since you have no control which CAs your peer
   Each CA can typically also assert the whole namespace (i.e. *all*
   domainnames,... or *all* personal names - and not just the ones from
   e.g. Lithuania)

(a) Is typically only used by people who want stronger security (i.e.
those who don't trust that fragile strict hierarchical and CA based
model of X.509). Or in cases where it needs to be sure that a 3rd party
cannot forge anything (e.g. when distributing packages of a Linux

(b) Is - whether intended as such or not - typically used for the
masses. Everything in the web (i.e. https) that is secured.
(btw: (b) is in concepts quite similar to TOFU,... no-one ever actually
verifies the CA's root certs... it's also trust on first use, what your
(e.g. browser) vendor ships)

That the X.509/strict hierarchical system is inherently broken, was
clear to everyone for many years (not only since Snowden or the growing
frequency of cases where CAs did something evil).
The masses didn't really complain, neither did any of the bigger players
(banks, Google, Mozilla, MS). The system worked at least to that extent
that people felt save and not enough damage was made by cybercriminals
to make a change worth.

Thanks to incompetent and/or corrupt CAs (does really anyone believe the
story that Turktrust or CNNIC's sub CA just made that forged CAs by
accident?), thanks to greedy companies like Google/Mozilla/MS/Apple who
only care about money and or market share, the system was kept alive and
thanks to them it was weakened more and more by the introduction of more
and more CAs (IIRC Modzilla ships around 150 these days, not counting
intermediate CAs).
You have the money? You'll be a CA and can do what ever you like!
And even if abuse gets public, Mozilla and friends likely won't ban you
(again see e.g. Turktrust, CNNIC).

Now since the whole NSA/GHCQ scandal and since the CA system showed more
and more to be what it is - broken - people started to actually
recognise that problem.

So the same people/player who knowingly kept the broken system alive,
are now looking for ways to fix it (which however isn't really possible
by nature).
The most prominent "solution" is probably TOFU, or key pinning or
however you call it.

It seems like a bad joke that those player, who are all too often
against open standard and who are well known to happily cooperate with
or even advise government agencies are now the ones trying to push TOFU
as "soluion".
Honi soit qui mal y pense!

So... TOFU.

Trust on first use.
That's basically like what we've had in the good old days with anonymous
SSL/TLS modes, where it was clear to everyone, that this doesn't really
provide security. Or similar to just blindly accepting a SSH server host
key without checking whether it's actually the right one.
Well it's that anonymous authentication + pinning of the respective
credentials (key, cert, or however you call it).

One can use TOFU "alone", e.g. just trusting any credential (like a
self-signed cert) on the first use. Or hybrid with e.g. the strict
hierarchical model from X.509.

The idea how TOFU should "solve" or at least improve things is, that
you'd recognise if subsequent connections go to the same destination
(because you have it's credentials/keys pinned/trusted - on their first

The first bad assumption here is that one would have gained "trust" at
any stage. This is simply not true.
One cannot know, whether the peer on the first connection/communication
was actually the desired one (and has thus deserved "trust") or whether
it was my neighbours son, some cyber criminal or the BND (yes even the
German intelligence service isn't that bad as people often may think).

TOFU doesn't prevent MitM at the first connection at all, and once that
would have happened, an attacker could simply MitM every further

So TOFU makes some further assumptions:
1a) In practise one would have simply good enough chances that the first
    connection (where trust is given) is not attacked.
1b) (see below)
2) And even if it was attacked (and all further communication relayed
   via Mallory), one would sooner or later notice it.

I really wonder how one can just dare to make any of these two
assumptions and sell it to people... o.O

As for (1):
We already know that NSA/etc. sit literally at all the central network
places, the internet exchanges, the transatlantic cables, quite surely
in satellites and so on.
They either cooperate with the big content providers (Facebook, Google,
etc.) and the big Tier-1s (Level, Akamai and that like), they force them
to cooperate by law (national security letters, gag orders) or they
simply hack them.
Quite likely most of the commercial companies (i.e. those who file
lawsuits against the NSA and protest loudly) just happily cooperate in
They (NSA/etc.) also even hack the network hardware before it's
delivered to customers.
We know that they have extremely large powers, even already when
operating under law (cause in the US and others, when it comes to
surveillance or economical espionage law doesn't really matter),... and
if law should be in their way, well then they simply ignore it.

So again, how on earth could one believe that one would be safe from
MitM attacks in the "OFU" stage of TOFU?
Quite contrary, one must very well assume that they actually are listen
and sneak in as soon as a target would be interesting.

And even if you don't look at NSA/Co. - the same principle just applies
to the big players AND to cyber criminals.
They likely don't have access to that large part of the cake as e.g. the
NSA, but how can one just assume that the simple cyber criminal who
attacks you for ransom money isn't capable of getting in the line for a
We see that basically daily with highly sophisticated attacks on two
factor authentication systems like smsTAN in mobile banking and lots

So the argument (which is 1b) that typically comes next:
"Well they may be able to MitM most connections, but it would be too
expensive for them to do this on a broad scale ... and _therefore_ it
prevents or at least helps against mass surveillance.
Again, how can one just make such a blind and naive assumption.
We already know the extreme things they're capable of, like storing vast
amounts of data for lata use. We know the extremely big computing
centres they have (and these are just the ones publicly known - I don't
need to wear my alu hat, to believe that there real capacities are many
times higher; history has proven that.).

IMHO the arguments (1a) "in practice on will be lucky and the 'first
use', i.e. when the key is pinned/trusted, will be the right one" as
well as (1b) "well even if not, it at least prevents mass
surveillance"... are at best completely unproven, but likely simply
plain wrong, naive and - in all doing respect - stupid[1].

Then there's argument (2). The idea behind is:
If one makes an anonymous key exchange, then even when it's anonymous
(but trusted) in the first place, one would/could sooner or later
notice, if one was attacked (in the single case), respectively whether
mass surveillance continues.

Let's look at the single case:
When I notice "sooner or later" that I was MitM attacked, then it's
likely already too late. My precious data is likely already stolen or
e.g. evil code may have been already introduced in my system or e.g. my
bank account is already empty.
A cybercriminal who's on to me, or a intelligence agent who has really
targeted me simply wouldn't care.
The former only wants money and if his attack is noticed, well he didn't
send me his address in advance so he'll just move on to the next victim.
And the later... either they have already what they wanted, or it's at
least better for them to have a bit than nothing.
In both cases, the argument "that one may sooner or later notice it" is
simply moot.

And let's look at the mass surveillance case, the idea is basically:
*If* the masses would use opportunistic encryption with TOFU, then
they'd be secure unless the agencies already MitM most or all of them at
the "OFU" stage of TOFU.
But, since one can find out later (e.g. by really comparing the
credentials when meeting the actual peer) people would notice that mass
surveillance is still in place... and then...
then what?
A big outcry? Governments changing the system and stopping mass
surveillance? People start switching to really secure (i.e. mutually
authenticated communication)?

Forgot it already? We've had these things already! A big scandal. A big
What happend? Nothing (at least on "their" side).
Actually quite the contrary - what paranoid people just assumed to be
the case (i.e. the mass surveillance before) is now publicly confirmed
and justified by NSA/Co.

So, to all the proponents of TOFU/key pinning and that like:
How can you dare to make assumption (2)?
How can you dare to believe that this would prevent NSA/Co. from
attacking (in the form of surveillance) people?
We already know that they do much worse things (like actively breaking
into computer systems, computer sabotage, and so on), they're basically
the same as cyber criminals just that they do it for the "good"[2] and
that they don't need to fear any consequences (in contrast to cyber
criminals; remember that people who illegally copy a video get worse
punishment than rapists or murderers).

IMHO, TOFU won't help you at all against mass surveillance:
- As said above, it won't keep the high level attackers (NSA level,
which are the typical bodies for mass surveillance) from doing their
If everyone would do opportunistic encryption in conjunction with TOFU,
they would simply adapt and MitM every connection they can. It would be
publicly known, just as  their mass surveillance is known now.

- The next lower level of attackers who do mass surveillance are
actually the big companies which now try to sell security to people
(Google, Facebook and that like).
For them it would actually get harder to do surveillance (because they
cannot easily operate outside the law). But their form of surveillance
is anyway completely different.
People voluntarily (actually just happily) give them all their data
(look at Facebook).
So they don't care about encryption as an enemy at all

- Last but not least, cyber criminals.
They typically don't care so much about mass surveillance, and even if
they would: They already operate outside the law, so as soon as they can
MitM people - they would.

Last but not least, some motivational analysis and my personal opinion
about how TOFU-like ideas affects security of single people as well as
the masses.

TOFU is IMHO clearly indented for the masses, i.e. those who don't know
to much about crypto, and simply want to use the web. Why? Well simply
because it doesn't give any real strong additional security. So all the
paranoid people, or experts and that like, they likely simply would want
to continue with their safe mutually performed authentication (be it for
OpenPGP, or accessing an SSH server).

So the argument by proponents is often:
3) "that we (i.e. software developers, standard makers, other experts)
need to secure the masses".

Remember the beginning of my lengthy mail (sorry for that btw.)? Were I
basically wrote that noone (not even the banks who loose money) care
about the flaws of the X.509 model?
That's just it. No one cares. At least not until people would suffer
more severe consequences.
Mass surveillance? Well all people complain, but apart from a few none
of them *really* cares (because if, then they would look for ways to
protect themselves).
A hacked email account or the knowledge that all unencrypted
emails/Whatsupp/etc. can be read either by anyone or at least some
others? Do you really think the masses(!) would care?
A few cases of hacked bank accounts? Well that's perhaps when people
start to get annoyed, but as long as the banks pay for the damage...
this ain't a big deal either.

So when it comes to (3) I really wonder:
Why would "we" need to secure the masses, when they typically don't care
anyway? At least not above the level of says "yeah it's a shame that XYZ
happens.." + secretly thinking .oO(but I don' really care either).

Don't get me wrong, I don't say that we should remove security/crypto
from the masses.
But I don't see why we should be obliged to introduce TOFU (for which
it's IMHO questionable whether it increases security at all) when we
already have a system which works for the masses:

Apart from allowing forgeries and surveillance, and apart from single
cases where this was even done by Cybercriminals (remember when the
reserved the TLD www.pа[3] or something like that and got a
certificate for it).

So much for the question, why would the masses want TOFU.
And I'm not going to analyse now which motivation some bigger (e.g. US)
players may actually have to advertise key pinning and that like now as
a big step forward so that people feel secure again.
Honi soit qui mal y pense!

Long story short, my analysis of the TOFU principle and key pinning
methods is the following:

a) at best, it would give people a short longing improvement in they
security, *if* (and only *if* and as long) attackers don't decide to
already start attacking[4] them at the "OFU" stage.

b) at worst - people could assume - it wouldn't harm either
but I think that's wrong:
more realistically:

c) the massive campaign in favour of TOFU that we see at all different
levels: standards making (yeah, HTML2 has now nearly-mandatory
encryption - so it's secure, isn't it?), development and the communities
has IMHO actually quite a number of dangers:
- The masses will actually believe that they'd be now at least more
  secure than before.
  Thus they will care less about their effective security and even less
  about the political dimension of the whole topic.
  In the light of new crypto wars being probably just started - quite
- Developers, standard makers and experts actually start believing the
  illusion of TOFU and care less about implementing stronger rock solid
  mutually authenticated crypto systems.
- Which in turn will (in the long term) also affect those people (like
  most/many OpenPGP users) who really wanted strong security, and who
  put their efforts into it.
  Simply because less software/standards may provide that strong

In the end, the minority who really wants (and or needs) security, would
likely start to suffer for a majority who even doesn't care about it.

Best wishes,

[0] And just to prevent Werner from the usual comment: yes I know,
OpenPGP doesn't mandate this or the WoT,... but I guess one can easily
say that it's mostly used in that way.
[1] And yes I use such harsh words, because people already believed in
the past the intelligence services, cybercriminals weren't capable of
this and that (or at least not doing it)... and they did as if it was a
complete surprise when Snowden revealed his stuff. And now, where they
should know much better, they do it again.
[2] And no I'm not questioning here whether this is the case or not,
actually I don't believe that NSA/BND/Co. are evil per se.
[3] I assume everyone noticed the first a being actually not an a but a
[4] And we must generally assume that an attacker has no reason not to,
since he'll always attack the weakest chain in the target. So if he
finds something weaker, e.g. flash installed ;-) he'll take that, but if
there's no better alternative, why should he not do MitM respectively
mass MitMs?
[5] And probably quite bad for Snowden, cause the first day Putin sees
no PR use in him anymore and the US would have to offer anything, we'll
probably disappear forever in some US supermax.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: </pipermail/attachments/20150401/8197e0c8/attachment-0001.bin>

More information about the Gnupg-devel mailing list