Wifebeating syndrome :) I was aware of the claim of MITMing, but nobody
offered proof and it sort of faded away under the cover of NDAs.
Just on that above: Back in 2005, 2006 or so when the Mozilla policy was
being written, allegations surfaced that two CAs were practicing MITMing
as a business model. From what I recall of the discussion, the business
model as suggested bears an uncanny resemblance to DPI, 'cepting the
data was on-sold.
Surprise surprise, the audit criteria of the time did not exclude this,
and as long as you declared it in your CPS, you were on the safe but
dirty side of some line somewhere. However, no proof was forthcoming,
and the offensive security-by-NDA trick worked again, with a nod to Dan.
On 3/12/11 20:30 PM, Peter Gutmann wrote:
You do need to distinguish between CAs issuing sub-CA certs (not for MITM but
for businesses who need them) and DPI MITM certs. It's the sub-CA certs that
have been around for a decade or more, the MITM certs are a lot newer, and I'm
not sure that the CAs know if, or that, they're being used for this.
Ah ok, yes. The issue of sub-CAs and external RAs has been widely
discussed in Mozilla's public forum.
For
example a legitimate reason for having a sub-CA is that you want to secure
your servers but don't want to reveal to a third party your entire internal
corporate infrastructure. So you buy a sub-CA cert and issue your own
internal-use-only certs off it, and you don't have to tell anyone what you're
doing. Or you may need 10,000 different certs a year every year and it's not
possible to do that via an interface designed for one cert at a time, so you
need to run your own CA to handle the volume and diversity. A variation of
this is that you act as an RA for the public CA, so you forward gimme-a-cert
requests on to the public CA with the understanding that you've checked that
they're legit. That Comodo reseller that got compromised seems to have been
one of these, except that they sold to the public rather than being for
corporate-internal-use only.
There's a million reasons why you'd need to do this sort of thing, and most of
them are legitimate business needs, so it's not as if this is some arbitrary
ill-considered decision, it meets a legitimate need. The problem is caused
(again) by the browser PKI model, if you don't have your cert chaining to one
of a small set of browser-vendor-blessed CAs then you've DoSed your own
servers/sites/whatever, however you may not be in a position to buy certs from
public CAs, so the solution is to buy the CA capabilities that allow you to
deal with this yourself.
Following conventional PKI thinking, should you misbehave (certs for
google.com suddenly turn up issued by your sub-CA) then your sub-CA cert gets
revoked, you lose your 5-6 digit license fee, and possibly the CA gets to beat
you over the head with lawyers. So there's really no problem.
Oh, except for the fact that revocation doesn't work and in any case no-one
checks to see what you're up to. But on paper everything's OK.
As I understand it at the moment, the new Baseline Requirements has
established the firm rule that whatever is done with these things, the
CA is fully responsible and the Auditor rules over the entire hierarchy
[0]. (I for one am mollified. Others remain less so.) So I'd rewrite
the above last part to say, and your CA gets dropped from the root list
of major vendors.
What is the earliest sighting of a DPI-inspired MITM cert?
iang
PS; we need a better name than DPI MITM. For some reason I'm thinking
of WITM.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
