Being quite offtopic here, i still do not know a more appropriate discussion group.
We are all aware that SSL does *not* actually use full x503v3 capabilities to build sane trust hierarchy. We have a "cardhouse" instead, while one flawed CA may ruin the whole system. Well, i did not consider that to be a fatal treat until i got aware of these things, just a matter of close future, despite the fact we have CAs closely affiliated with domestic and foreign ;-) (wherever point of view we take) government organizations, just some random privately owned companies, known malicious entities (like Etisalat), etc etc. There was a way to fix it: once a CA shows any malicious activity, it gets kicked out, revoked and forgotten. Now let's face it: http://www.narus.com/index.php/news/industry-news/article/209 old news, 2005, but the partnership is scary. What if not only Narus offers services to Versign, but vice versa as well? We cannot just "kick Verisign out", "all our base belong to them". There is *no place* for "lawfully intercepted SSL" in any resonably secure design. And if Versign + Narus + government decides to implement that, we have no protection at all. (expected commonplace "packet forensics" rant skipped, no need to) I think clear and visible warning on *ANY* certificate change should be mandatory requirement, even if the issuer keeps being the same and there is nothing suspicious from any point of view. Moreover, we probably need to design two things: 1) "ad hoc" cross certification web of trust (there already some efforts to bring pgp-like "cross-sign" functionality to the web) and 2) true hierarchy limiting each CA functions (say, you cannot sign "outside" certificates with corporate CA, national CA etc etc) _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
