Reporting here in a separate thread, since previous post drew no repsonses for oer 48 hours.
(My reply was lost in a crash, apologies!)
1. As I mentioned in another post in this group, a cert is a signed statement from a cert issuer, certifying the binding of a name or names to a public key. The statement is either true or false. if any part of it is false, then the statement is false. I would not say that the statement contains a fraudulent value. The presentation of such a false statement is (or may be) an act of fraud.
I'm not sure you can be so definate. Statements can be true and/or false, depending on assumptions. For example, a statement can be true up until a certain time, and false afterwards.
I suspect it makes more sense to ask whether a statement can be relied upon, than whether it is strictly true. For example, many people rely on expired certificates. They are still good, and their security is unimpeached; the original purchaser simply didn't pay that number of years, which is a commercial statement of no great import to the relying party.
iang
PS: that great set of statistics underlying this rant http://iang.org/ssl/how_effective.html is updated monthly; here are the January figures
http://www.securityspace.com/s_survey/sdata/200401/certca.html
which show that 38% of certs in use are expired, and only 26% are unexpired as well as signed by a CA.
2. I would add a crucial phrase to your "key threat" statement. (As an aside, let's not use the word "key" except when describing a cryptographic key. Let's use "crucial" when that is what we mean.)
I would restate that statement as follows:
A crucial threat is that (a) an attacker is able to present, to a relying browser (or email) user, a cert, verifiably signed (possibly indirectly) by a trusted CA's private key, containing a binding of names to a public key, and
Maybe this is better off broken into steps. Assuming a "trusted CA" hides a wealth of detail. Possibly something like:
a.1 able to present a cert,
a.2 where the cert is signed by a CA's cert,
a.3 the CA's cert is in the "trusted list" in
the program (browser or mailer), and
a.4 the name bound in the cert sufficiently
matches the URL presented for checking by
the program.then, the various attacks can be listed by means of each component.
I think your whole email bears two observations: Firstly, these are not crucial threats, simply because they don't happen. See the Microsoft bug for an example, were only recently it was revealed that the CA cert signing wasn't checked properly and it was easy to present a bogus cert. (In preference, attacks without certificates are rampant and are very serious / crucial threats. Money is lost in those attacks.)
Secondly, in the difficulty of trying to write all this down is revealed the complexity of the system; hence, it is not easy to have any great deal of confidence in the CA certificate model. It's simply too complex, there are too many assumptions, too many roles, too many agents, and too many steps.
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
