It's pretty funny to me when people defend PKI as something good and nice, especially while criticising EV.
As it stands, PKI is EXACTLY good for spying, MITM etc attacks.
I so wish that a) governments would become their own CAs, this would finally allow us to have actually reliable and secure government level communications
and b) tofu would be the standard when communicating with anything on the internet.
PKI is CIAs wet dream, and it's infuriating how people just skip right over that. I actually think it's highly likely that certificate pinning was actually killed because it allowed tofu and basically removed all need for outside control.
Can you explain how exactly you believe a government can exploit the PKI to MITM traffic to, say, google.com? Especially how they could do so in a way that wouldn't have been much easier if they (a) could force a browser to trust an insecure CA or (b) intercept my initial communication if they know I'm doing TOFU?
I recommend that you, for example, look into the very recent attack on the Russian Jabber service that was talked about here a lot a couple of weeks back.
Companies, doesn't even have to be the CA themselves, are very easy to coerce into doing the governments bidding, and it doesn't even have to be the entire company, just one person is enough, it's just a change in law that most outside of IT circles support, and it's already law in many, many places.
Like it or not, country level domains are already under the control of their respective country.
And PKI is enabling this coercion, it simply wouldn't be possible if we didn't place trust on these third parties, and place our trust in them all the time, that's a 3 months maximum wait.
As for "bootstrapping" trust, your first connection is always going to be about trust unless you have a side channel to provide you trust (basics of encrypted communications), so trusted CAs are in no way special here, I would much prefer if this trust was provided by say Debian, as it provides the software I'm running. I even much more trust a first connection validity vouched for by an actual government, especially say from Finland than I would trust one vouched for by just some random company.
As for tofu, you do realise attacking it requires capturing and changing ALL traffic, forever, to be effective, as as even though SSH doesn't do it, it's super easy to add forward secrecy to it with a signature update mechanism.
And once you have tofu, you are set. If you can compromise that channel you can also compromise PKI.
PKI is strictly worse than TOFU.
Random company CAs are strictly worse than governments themselves vouching for connections.
As it stands, PKI is EXACTLY good for spying, MITM etc attacks.
I so wish that a) governments would become their own CAs, this would finally allow us to have actually reliable and secure government level communications and b) tofu would be the standard when communicating with anything on the internet.
PKI is CIAs wet dream, and it's infuriating how people just skip right over that. I actually think it's highly likely that certificate pinning was actually killed because it allowed tofu and basically removed all need for outside control.