On Tue, Dec 23, 2008 at 10:43 AM, Frank Hecker <hec...@mozillafoundation.org> wrote: > I've asked Robin Alden of Comodo to make an accounting regarding these two > issues. I don't expect to see that immediately (i.e., in the next day or > two), though I also don't expect to wait a month for it (as Kyle is > concerned about).
Actually, I think it's very important that the accounting include this: for each name (not just certificate, but name in subjectAlternativeNames) that has been certified, a connection to the TLS ports should be made, and the certificate presented by the site compared against the certificate that Comodo issued. This obviously won't be a complete verification, but it should give a start to see how widespread the problem is. A script to do this could probably be written fairly easily, but depending on the number of certificates Comodo has issued that are currently valid (and I'd like to see some hard numbers on that, as well) it could take a while to run. >From the script, the numbers I'd like to see are: the number of unreachable/not-answering names/hosts, the number of matching certificates, and the number of mismatched certificates. From that output plus Comodo's records, I would also like to see how many resellers there are and how many of them have sold mismatched certificates. I hate to say this, but this IS The Worst-Case Scenario. A CA has gone rogue and issued certificates that violate its standards, and the standards of the root programs that it's a part of -- it is true that Comodo didn't /intend/ to go rogue, but it has, and we can't afford to let it damage the greater PKI. Since every CA in the root store is treated the same, there is no differentiation between them -- and this means that Verisign and Comodo and Thawte and *every* CA share the same reputation. If one goes rogue, it's exactly the same as if all of them have gone rogue, in the eye of the end-user. To put it another way, it's exactly the same problem as putting the public keys of webservers in DNSSEC. Since the end-system can't know if a response came from DNSSEC or just unauthenticated DNS, the end-system can't trust anything (including RFC2538-style CERT records) that comes from DNS. THIS is why I want to see greater differentiation in the browser chrome between CAs, so that one bad apple doesn't spoil the whole root barrel. THIS is why the argument against changing the chrome (user convenience) fails. -Kyle H _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto