Ian,
Ian G wrote:
But OCSP/CRL can not help in case of *root* cert compromission. There's nothing above it to sign the validity information.
Can't it revoke itself?
This is priceless and one for the books. This statement shows that you really don't understand PKI !
Revocation checks cannot be done at the root level, by definition. The standards don't allow support for revocation checking of self-signed certs.
Please explain how you would make it work. If the root's private key has been compromised (which is one of the common reasons for cert revocations), then anybody could make a fake CRL, or run a fake OCSP server with that key that would all say that the root cert OK, even though clearly, it's not.
If a self-signed cert is compromised, there is nothing automatic that can be done to recover in X509. Do you now understand how crucial it is to trust the right roots, and why the use of self-signed certs is so dangerous ? Once you trust a self-signed cert, it's forever !
So in that case, any browser that has the root cert in
its root list then is encouraged to issue a new root list,
in an emergency patch.
The problem is not to issue an emergency patch with a new root list, but how to notify the users of the root that they need the update in the first place .
Obviously, a mozilla patch notice doesn't happen as part of every regular certificate chain verification . And there is no way it could happen specifically when some roots are used . If you already know which roots are revoked, then you don't need any update !
One could make the root checking work in a standards-compliant way by having a single trusted root in the browser - mozilla.org's. All the CA certs that are currently roots could be replaced by certs issued by the mozilla.org CA, which could distribute its own very little (hopefully zero-size!) CRL . But the cost of hosting the CRL or OCSP server in that case would be prohibitive - every client in the world would need to access either one . Ultimately though, the size of the that's what you need if you want to do revocation checking on "roots"
Also, the current roots would probably object to their demotion to mere mozilla.org intermediate certs . They would probably sue for copyright infringment on their public key or something ;) .
And of course, in this scenario, the risk would remain that mozilla.org's root would be compromised . But the risk is much lower when you only trust 1 root rather than 75 ! It only takes 1 compromised root for the whole system to fall apart.
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
