On Wed, 12 Jul 2017 10:47:51 -0400 Ryan Sleevi <r...@sleevi.com> wrote:
> One challenge to consider is how this is quantified. Obviously, if you > reported to Comodo the issue with the key, and then they issued > another certificate with that key, arguably that's something Comodo > should have caught. However, if you reported the compromise to, say, > ACME CA, and then Comodo issued an equivalent cert, that's > questionable. I'm loathe to make CAs rely on eachothers' > keyCompromise revocation reasons, simply because we have no normative > guidance in the BRs (yet) that require CAs be honest or competent > with their revocation reasons (... yet). Further, we explicitly don't > want to have a registry (of compromised keys, untrustworthy orgs, > etc), for various non-technical reasons. > > I'm curious if you have thoughts there - particularly, how you > reported the private key was compromised (did you provide evidence - > for example, a signed message, or simply a link to "Here's the URL, > go see for yourself"?) > - and how you see it working cross-CA boundaries. To answer this question: As the private keys were available on webpages I simply reported the URLs and corresponding certs to the CAs. (This was also with the intention that in case the CA has a contact to their customer they could inform them about the key on their server, though I'm not sure if any CA informed them.) So there are several questions and possible situations here. I think it's relatively clear that a CA could prevent reissuance of certs if they know about a key compromise. Another question is if there has been a revocation that wasn't clearly tied to a key compromise. On the other hand I hardly see any reason why anyone would revoke a cert if there isn't any indication of a compromise. The next question would be if there should be a cross-CA blacklisting of compromised keys. I think that would be valuable, but of course it raises a lot of questions on how this information should be shared (share the private keys? public keys? spki hashes? share it in public or only between CAs?). Ultimately I'm inclined to say that there really shouldn't be any good reason at all to ever reuse a key. (Except... HPKP) -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
