-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 04/29/2014 07:09 AM, Gervase Markham wrote: > > Let's imagine StartCom said to you: "OK, we will perform free > revocations for all Heartbleed-affected certificates, as you > request. And we are changing our business model to charge up-front > for certs like all the other CAs, so we don't get hit with a big > cost like this again. No more free-of-charge 1-year-valid certs on > the Internet." > > Would you consider that a good trade-off, in terms of improving > the general security of the Internet?
I had to think about this for quite a while, and my answer winds up being "it depends". First off, I want to say that estimate the risk of leaving certificates unrevoked post-Heartbleed fairly low, *despite* evidence that it could be exploited to capture private keys, because no one has credibly demonstrated that it was being exploited prior to disclosure (if I'm wrong about this please tell me!) Therefore, as long as the affected server was patched promptly, the odds of a key compromise are low. (At this point, though, there are weaponized exploits circulating, so CAs in general really ought to to crawl their subscriber database and unilaterally revoke certificates that are on servers that are *still* vulnerable.) Because of that, the things we are trading off are (as I see it): marginal probability that someone starting up a new website will make it an HTTPS website, versus aggregate probability that, in response to *similar future* catastrophic events, everyone who should have revoked their certificate does so. I think the main thing that swings this tradeoff is how much that upfront charge is. If you are considering the acquisition of a certificate, you are already paying for a domain registration; domain names cost order of (US)$15 a year, which is peanuts compared to the cost of the server / hosting provider. So a charge on the order of $15 per certificate per year is, I think, not that likely to deter people from making their site HTTPS. Conversely, we know from this very discussion that lots of people considered revoking their free StartCom cert and didn't, precisely because it *wasn't* free. Relatedly, people are generally more comfortable with costs that are predictable than with costs that are unexpected, even if they wind up spending more money in total with the predictable costs. On the other hand, if the cost has to go up to $50 or more, that starts sounding like people who have concrete, not-just-in-principle reasons to make their site HTTPS *will* be deterred, which would be bad. Pulling in something you said in response to Jan: > That sounds to me like: "I'd like to live in a world where > whatever costs there are for having a certificate system are not > borne by me under any circumstances." - -- I keep coming back to my earlier observation that this sort of low-probability, high-cost event is what insurance is for. Eddy said that he had "never heard of" insurance against losses incurred because of catastrophic failure of software that the business relies on, but given that the state of play in the software industry is to disclaim all warranties at all times while shipping code riddled with bugs, I cannot bring myself to believe that such insurance is unobtainable. It seems like something lots of businesses should want. zw -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBCAAGBQJTY9eOAAoJEJH8wytnaapkKjUP/ApOkFHdvk6DhXQuhYt2X5Ot L5or2YprV+I1wRlGWAX2CZLngQWEq0KGGe0Sv59//C4Yq87JlGWjg6uFl8ioE40W H3tI71lGm7W5QneZsg9Acb6jSHGk/ufNNTkTpxQuQCZK6BGRTMXBssV7ucK9dZWc P9VGORKjnSFf8RfBAkRH6OaYrh3f7X3J/AmGI8lYIqKrowV89BiKV89d8KR+7sRa ixfR+1TbOs3D8sAoZoKZZ6ZjBOYhhFFuFnoUu237Sl89AKcVLFjKY/ahv7LMKu+h pRAlczrOwGZY5RHUXuTb0Yg9IZebp6/VqScRzeuugqQ9cFNgEU/5T1F3JMjmOSSS Ae1w6X8O8KhcQjRKcGC4sjG0qDNmF6zFKAC55iglV42QeNvTNAh0b6ZG/ygPw8yN fTN/GxI4JEX4IVAGnM35We3Cmg4KlLwFDhRx6YXrVtfnWyTRHJXAWl8Zbc7z/t6d 5m74F/ZXlHTfLEua/hwnPwk/jTJ50pgnHVVjr/Bl/Sf5URkbNdN7ybpZg/SK2e2J jH3DUwNwqFtUyz6RRlfc4Kr7tP7deyE9Mr+l1cVthPQfTVN918sXZHr2FcaUTZ01 CM9AyZTJzDgFiUqV4sJoXsi4pQOdqhtm0WFnC2iZBczW36B5hdIHbW3oJxQ8vEbM VMN7BHGKew4f0LufVk9n =Lesr -----END PGP SIGNATURE----- _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy