Hi Kyle, good questions! Sorry for the length in answers.
> I've been looking at the GeoTrust papers, and I'm struck by two things: > > 1) There are multiple CAs with 'authority' (granted by the Mozilla > Foundation, by including their root certificates with the > distribution) to issue certificates, and they do not coordinate their > actions; Yes, Mozilla acts as a super-CA for the initial distribution. Now, one might think that this means it should adopt the same care as the CAs ... but along side this is the fact that anyone can distro the product, and in fact many do, and change the root list as they desire. So that says no care should be taken... Add to that the processes of other browser manufacturers: Opera takes money. M$ requires a WebTrust or equivalent national. Konqueror does whatever Mozilla does. To bring some semblance of order to this chaos is the Frank Hecker policy which has now been put before "staff". The gaping hole of what it all means desperately needs to be filled, for reasons I won't go into now. > 2) each of the cases that GeoTrust asserts as failing examples relies > on a trademark infringement. One caveat. I would suspect that the GeoTrust people modelled the attacks along the lines of trademark infringements because that's what they understood. In contrast, the original SSL architects modelled the structure based on old crypto threat models taken from the military, because that's what they had. Meanwhile the browser implementors modelled it on user gripes. And phishers model it on money received. Just because one group says "it is X" doesn't mean it is, it often means that X is all they are trained to perceive. > The first thing is a contributor to all of this trouble. There's no > "industry best practices" that the industry has had the chance to go > over and refine; instead, they're all working from the > ANSI/WebTrust/standards-body ideas of how CAs should behave, without > revision and without oversight. I'm surprised it took as long as it > did to have problems. Right, what I mentioned above. Bear in mind also that the system was put in place for a *perceived* threat, not a validated threat, so all of what you call "best practices" was written without direct reference to any validated threats (hence the dramatic difference between GeoTrust's statements and other practices). But see more on that below. > The second thing, though, is a legal argument, and one that deserves > more rational analysis. > > In the US (at least; I don't know anything about international law as > relates to trademarks, tradenames, et al), banks and insurance > companies file their trademarks under Class 36, and telecoms file > their trademarks under Class 38. These are the two (along with Class > 45, "personal services", if "providing a credit report" is a function > of a personal service) that seem to be most likely subject to phishing > attacks. (Though, to be fair, Class 42 seems to be where the entire > concept of 'phishing' began -- trying to get account keys and > usernames/passwords illegally.) (Reference: > http://www.uspto.gov/web/offices/tac/tmfaq.htm#Application018 , "What > are the different classes of goods and services?") > > Why don't CAs have sub-CAs based on the class of the trademark that > has been granted on the name? (Trademarks often take over a year to > process through the USPTO, but a 'no current trademark registered' > sub-CA could be used for that.) This would allow for determination of > what class of business the name is certified for, and a UI enhancement > that would thus prevent the GeoTrust attack of "Chase Ferries" being > UI-same as "Chase Bank". > > It would seem to me that the class of threat that GeoTrust exposed was > "right to use the name". Oh, I see. What you are essentially asking is why don't they set up specialist CAs that do a particular sector and leverage off the trademark infrastructure and charge for that? The reason for this is simply because the market for CAs is inefficient and small. Now, what follows is based on econ, esp. Porter, so apologies in advance. There is no free entry into the CA business. The barriers include "best practices" of how to run it, browser requirements for WebTrusts, digsig laws. These barriers both mitigate against competitors of the current insiders, and also against the discovery of more efficient services. As the cost of a WebTrust is put around the $100k mark, the basic cost of a CA is looking around the $1m mark which students of business will recognise as a serious barrier. Further, the barrier that was built was created on a poor understanding. It was constructed on paper in advance of experience, and turned out to be misaligned with market needs. Unfortunately, a lot of capital was raised on this design, and it was invested into "best practices" sales, again in advance of the experience needed. (A metric for this would be the Verisign stock market price over the years.) What this meant was that the market stalled, and only those parts that were mandated ever happened. Luckily (some would say) one essential part of the PKI was constructed by Netscape which put it into its browser, and this forced merchants to buy Netscape's secure server product. They needed something to sell at the time, and this was one nice possibility. Other competitors looking to take Netscape's market adopted this complete solution without question, and within a year or two the solution was spread across many server suppliers and many browser suppliers. Which caused a lock-in of the browser's use of SSL. Merchants found that they had to purchase certs and the market for certs became strongly correlated with the retail ecommerce market (it tracked the dotcom boom.) But, most other users ignored it, which was what all the capital was raised upon. (These days you will see some webmail users and all finance users doing it, but even counted up, that makes for not many certs. See securityspace if you want to see how few certs are sold every year.) Which meant that the market for certs was locked into a small mandated need, with no ability to modify its approach. Which means there is no money to be made in a vertical, because the capital cost outweighs the small number of certs. If none of that makes sense, then think of it this way: The market is too small, and it is too small because it is inefficient. iang _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
