Amir,
picking up a debate earlier this month around the forthcoming paper on spoofing:
http://www.cs.biu.ac.il/~herzbea//Papers/ecommerce/spoofing.htm
Amir Herzberg wrote: > I still don't see why the same corporation needs multiple SSL > certificates. Why?? > ...
On this one point - I'm unsure whether you are asking from a practical pov or an ideal pov.
Practically speaking, certs are required for each different domain name. There is supposed to be some wildcarding in place such that *.mydomain.com is covered, but it doesn't work so well, apparently. This may be historical, it may be that browsers now all handle the wildcarding, but maybe not, as a) I've heard complaints about it not working well enough, and b) I've seen sites that still duplicate certs for each different subdomain (my pair web mail has a cert per host for web1.pair.com, etc...).
In practical terms, any large corporation uses domains as labels that are cheap and makes them into brands. So, for example, I have idea_one.org and biz_two.com. Now, both of these require certs. They are both my corp, but I have to get a cert for each. Even if they are the same site, but with a different domain name (to re-brand the same thing) I still need more than one cert.
Likewise, even within a single-named secure operation, there are always duplicates of a site. For example, there are older copies, there are test rigs, development rigs, and failovers. In the banks that I know, the common thing is for them to have 4 running systems for everything. Each is a different role: production, test, development and something else I forget.
Now, each requires web access and a domain. It would be plausible to use the same cert in each, but that means they also have to be secured the same way. Much better to create a separate cert for each one, and that way if the test site gets compromised, it matters not. This frees the test system to run on its own security regime, and get on with the serious business of testing.
In structural terms, I think one reason why corporations require many certs is that it was set up that way by the originators of the x.509-based PKI software. If you read through for example Lynn Wheeler's historical comments, you will see repeated references to "viable revenue model" which amounts to "we scotched that because we couldn't sell it." Recall back in the mid 90s, there was huge hope put on the SSL server for Netscape as it had finally found a product to sell.
So, I think it's fair to say that the original architects deliberately or subconsciously encouraged a situation where bigger companies could be sold more certs. For money of course. The fact that this had little to do with security or with the needs of the corporation was lost at the time. This is almost certainly the reason why Netscape didn't set out selling software for each corporation to run its own CA internally - that would have reduced the "pretended" market size for certs to something unviable, on paper.
Theoretically, just to repeat my earlier fundamental point, I don't see the point in having a corporation bound to one cert. They are not bound to one car, one building, one set of letterheads, or one secretary .. what's the deal with one cert?
The only thing that a corporation is bound to singly that I can think of is the rules listed by the incorporations act and the tax people. There should be one corporate seal, for example. The consequence of this is of course certainly in the english common world, the corporate seal is unused, because it is too hard to find "the one." Likewise, anything that is "one only" is generally bypassed in real business.
iang _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
