On 10/21/2011 08:09 AM, Kai Engert wrote:
This is an idea how we could improve today's world of PKI, OCSP,
CA's.
https://kuix.de/mecai/
This is great. We need these kinds of ideas.
Review, thoughts and reports of flaws welcome.
OK, this is a serious thought, not just a flippant remark:
Why would CAs want to act as VAs, and more importantly, why would they
want to revoke their vouching?
CAs seem to put a lot of emphasis on structured legal
agreements/contracts. Surely they have such agreements in place when
they cross-sign each other, so they would likely want them for this VA
system. Contracts are enforced primarily by legal action with courts and
lawyers and this adds very concrete risks and expenses even in the
clearest of cases. On the other hand, declining to stop vouching for a
partner CA experiencing some "moderate problems" (e.g. some compromised
resellers issued fraudulent certs that were eventually revoked) seems
associated with purely abstract risks (e.g. loss of confidence in the
system as a whole).
CAs are not the Relying Parties (i.e., users) and they're not even the
software vendors to the RPs (like Mozilla). It's not clear to me if they
feel the RPs are actually party to these contracts or to what extent
they otherwise consider themselves liable to the RPs. But I suspect that
the CAs themselves would be at least as reluctant to eliminate one of
their fellow members as a vendor of client software.
So is providing the CAs collectively with a tool to more efficiently
reinforce or remove endorsements amongst themselves going to result in a
substantial improvement over the system we have now?
Or would the cost of new infrastructure be better spent on something
else like, say, a more robust mechanism for informing users about
software security updates?
- Marsh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
