At 1:02 AM +1200 5/7/09, Peter Gutmann wrote: >Paul Hoffman <paul.hoff...@vpnc.org> writes: > >>Peter, you really need more detents on the knob for your hyperbole setting. >>"nothing happened" is flat-out wrong: the CA fixed the problem and researched >>all related problems that it could find. Perhaps you meant "the CA was not >>punished": that would be correct in this case. > >What I meant was that there were no repercussions due to the CA acting >negligently.
We agree fully, then. >This is "nothing happened" as far as motivating CAs to exercise >diligence is concerned, you can be as negligent as you like but as long as you >look suitably embarassed afterwards there are no repercussions (that is, >there's no evidence that there was any exodus of customers from the CA, or any >other CA that's done similar things in the past). This assertion is probably, but unprovably, wrong. I suspect the CA now has better mechanisms in place to check for the problem in the future, and I suspect that a few other CAs seeing the kerfuffle probably added their own automated checks. Note that these are checks that should have been in place before the error was found. >Imagine if a surgeon used rusty scalpels and randomly killed patients, or a >bank handed out money to anyone walking in the door and claiming to have an >account there, or a restaurant served spoiled food, or ... . The >repercussions in all of these cases would be quite severe. However when >several CAs exhibited the same level of carelessness, they looked a bit >embarassed and then went back to business as usual. ...because not only did no one die, but also the CAs were able to fix the problem. >The CA-as-a-certificate- >vending-machine problem (or "rogue CA" if you want to call it that) had been >known for years (Verisign's "Microsoft" certificates of 2001 were the first >case that got widespread publicity) but since there are no repercussions for >CAs doing this there's no incentive for anything to change. s/no/small/ > >>This leads to the question: if a CA in a trust anchor pile does something >>wrong (terribly wrong, in this case) and fixes it, should they be punished? > >If a CA in a trust anchor pile does something terribly wrong and there are no >repercussions, why would any CA care about doing things right? Slight worry about making a more serious mistake than happened here. >All that does >is drive up costs. The perverse incentive that this creates is for CAs to >ship as many certificates as possible while applying as little effort as >possible. And thus we have the current state of commercial PKI. Fully agree. --Paul Hoffman, Director --VPN Consortium --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com