On 2011-04-14 7:07 AM, Jean-Marc Desperrier wrote:
Zack Weinberg wrote:
Counterpoint: If the attacker is (or colludes with) a rogue CA, they are
in a position to make the *entire contents* of the certificate be
whatever they want. They can forge EV status
Not really. EV status depends on the root certificate. If we'd lock on
something else, we'd made sure that it's based on the CA's values,
rather than the one of the issued certificates. The key that sign the CA
certificate ought to be off-line and much harder to compromise.
I've been assuming that it is only marginally harder to compromise an EV
signing key than it is to compromise a DV one. Under the circumstances,
I don't think that's a bad assumption.
*Public* PKI as it is implemented in the browsers does *not* protect
against nation-state attack scenario. It just can't.
A nation-state attack scenario means, amongst other things, the attacker
can get a perfectly valid ID that in fact is false (think Dubai Hamas
assassination and the Bristish passports). No commercial CA will be able
to do anything against that.
Cert-locking *does* defend against the nation-state scenario: it doesn't
matter what the secret police cozened out of their friends at some CA,
because you already have your keypair and it's declared as the only
correct one, so that's the only one the browser will accept.
[It doesn't defend against the case where the secret police get *your*
CA to *revoke* your certificate, but they can't do that if they don't
want you to notice. It also doesn't defend against the case where the
secret police can lean on the people who sign any of the zones between
you and the DNS root -- which is why, long term, I want to be looking
for solutions that don't rely on third party signatures at all. But
there is no such solution on the table just now, and we mustn't throw
away real short-term security improvements in a quest for long-term ideals.]
zw
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
