On 02/05/2014 03:06 PM, Werner Koch wrote: > Almost all X.509 certification in public use certify only one of two > things: > > - Someone has pushed a few bucks over to the CA. > > - Someone has convinced the CA to directly or indirectly issue a > certificate.
To further clarify: "Domain Validation" (how the overwhelming majority
of cartel-issued X.509 certificates are "verified" today) nominally
consists of proving that you can read e-mail sent to any of:
* the e-mail addresses associated with the domain in question (as found
in whois), or
* any of a set of "administrator" e-mail addresses in the domain,
including hostmas...@example.org, webmas...@example.org,
ad...@example.org, sslad...@example.org, postmas...@example.org, etc.
In practice, this means that any of the following can get a certificate
issued:
* anyone who can spoof whois to the CA
* anyone who can spoof DNS to the CA (changing the MX record)
* any mail system administrator who has access to any of the above
e-mail addresses
* any passive sniffer of outbound e-mail traffic from the CA's MTA if
the CA doesn't enforce STARTTLS for outbound SMTP.
* if the CA enforces STARTTLS for outbound SMTP, but doesn't check
certificates: any active attacker in control of the CA's MTA's network
connection (or anywhere between the CA and the receiving MTA)
* anyone who knows the password to any of these e-mail accounts
and so on... Remember also that (barring certificate pinning or TACK),
someone who wants a cert does not have to attack a single CA -- they
only have to attack the most sloppily-administered CA in all the public
root stores.
The bar for regular X.509 certification is much much lower than pretty
much any common OpenPGP certification guideline.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
