As seen in http://bugzilla.mozilla.org/long_list.cgi?buglist=215243 mozilla.org is now wrestling with the topic of how to choose which root CA certs to include, and which not to include, in the mozilla open source.
My guess is that lawyers will have a lot to do with the selection. :( But IMO it would still be good if the mozilla community could come to some agreement on certain issues, such as:
To what standard should CAs be held to be added and remain in mozilla's built-in list of trusted root CAs?
The principals of a certain CA want their root CA cert added to mozilla's list. Ultimately, someone has to decide if that CA meets the standard, passes the test. But first, someone must decide what standard mozilla.org should have. We can't answer "Is CA X adequate" until we define adequate. This thread is about defining adequate, NOT about deciding if any particular CA is adequate.
The certs now in mozilla's list came from CAs that all met a particular standard that was formerly administered by Netscape. As Frank pointed out in bug 215243, that standard doesn't appear to have been publicly disclosed.
Some folks think the standard, the "bar" if you will, has historically
been set too high, and want to see it lowered. Many have called for the
bar to be lowered to the point where certs from CAs on the list will cost
nothing. The chief concern of that call seems to be lower cost. That is,
I don't recall reading any complaint that the requirements for proper identification and authentication to the CAs are too high.
Others express the view that the bar wasn't high enough. They think that CAs should be held to higher standards than those that seem to be in use now or in the past. They would like to see root CAs disbarred, so to speak, for significant lapses in administration of security. But I don't recall any complaints that the cost of certs is too low! :)
An interesting article about this subject just appeared in the newest issue of 2600 magazine. The author of "Whom do you trust" reports his succesful attempt to get certs for an https server for a company of which he was not a prinicpal. He discussed certain CAs' authentication practices that (I gather) he found to be insufficient, such as accepting a faxed copy of a publicly available document as proof of identity.
What are some questions that a web user, or an https server admin, or a sender or recipient of signed or encrypted email, might raise about the adequacy of the CA's security practices?
Here are some that occur to me, in no particular order.
1. Is the CA going to continue to exist if the owner/principals die or
go bankrupt? Is this a "going concern" or a hobby?2. Will the CA's private keys continue to remain uncompromised if the
owner/principals die or go bankrupt? Or will they become mere assets
sold at aunction?3. What has been done to protect the CA's private key for the root public
key?
- is it in a tamper-proof hardware security module?
- is it spinning around on disk? could it be copied?
- could an armed robber walk out with the device that holds it?4. What practices are followed to establish and ensure the subject names
in certs issued by the CA rightfully belong to the party who holds the
private key?5. If the private key for a cert issued by the CA becomes compromised,
can the key's owner contact the CA and have his cert revoked?
Are there adequate assurances that some pretender cannot cause
another person's cert to be revoked?6. Will the revocation information be available in a timely fashion to
people who depend on these certificates?
How is revocation information made available?
- Are Certificate Revocation Lists available for web servers?
- Are OCSP servers available for use by web clients?7. Are the revocation servers available 24 x 7 x 365 ?
Do they keep running even when the city's public utility stops
delivering power?
Do they have a UPS that can keep them up 24 hours or more?
Will they survive an earthquake or a tsunami?That list is off the top of my head. What did I forget? Please add your own questions to this list.
Disclaimers: I speak for no-one other than myself.
Opinions expressed are solely mine._______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
