On Thu, Jul 2, 2020 at 6:42 PM Pedro Fuentes via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> Does the operator of a root and it’s hierarchy have the right to delegate > OCSP responses to its own responders? > > If your answer is “No”, then I don’t have anything else to say, but if > your answer is “Yes”, then I’ll be having still a hard time to see the > security risk derived of this issue. > Yes. But that doesn't mean we blindly trust the CA in doing so. And that's the "security risk". I totally appreciate that your argument is "but we wouldn't misuse the key". The "risk" that I'm talking about is how can anyone, but the CA, know that's true? All of the compliance obligations assume certain facts when the CA is operating a responder. This issue violates those assumptions, and so it violates the controls, and so we don't have any way to be confident that the key is not misused. I think the confusion may be from the overloading of the word "risk". Here, I'm talking about "the possibility of something bad happening". We don't have any proof any 3P Sub-CAs have mis-signed OCSP responses: but we seem to agree that there's risk of that happening. It seems we disagree on whether there is risk of the CA themselves doing it. I can understand the view that says "Of course the CA wouldn't", and my response is that the risk is still the same: there's no way to know, and it's still a possibility. I can understand that our views may differ: you may see 3P as "great risk" and 1p as "acceptable risk". However, from the view of a browser or a relying party, "1p" and "3p" are the same: they're both CAs. So the risk is the same, and the risk is unacceptable for both cases. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
