On Saturday 21 May 2005 17:46, Ram A Moskovitz wrote: > If a root key is compromised and a certificate status server responds as > such the only way to undo the revocation is for the bad guy with the > private-key to prevent access to the responder, or spin up a new one which > answers differently (he has the root after all). This is farily > sophisicated as it requires coordinating a few different attacks and yet > yields a relatively small reward - something this big would likely result > in a browser update within a few days and so the opportunity is relatively > small; given how many other easier attacks are out there I would be > surprised if anyone bothers to do this against a well protected root such > as by seven tiers of physical security (including multiple orthogonal > dual-control or better systems) in order to reach an (always non-network > connected) offline root in FIPS 140 hardware that uses threshold to active. > It's just not the weak-point and certainly not an economical attack point > if you only trust roots with (ridiculously) good protection policies ;)
Right, I agree with that. Also, it gives over much more information in the attack. Phishing is designed to work when there is an unmolested path between attacker and victim, and calling attention to oneself by also DOSing or intercepting a CRL/OCSP feed is likely to break that privacy. The other thing about phishing is that when it is conducted, there is no easy way to trace back from the victim to the original breach of privacy. A credit card could be breached at any of a thousand places and times. Whereas if a root cert was used, then that could only have been lifted in a very few places. The use of a root cert would then send a very strong signal back that would lead to how and when and where it was ripped off. If you like, a phish of your credit card is only dot on a map, but if a root cert was used, that's two dots, and one pissed off CA. Hence, it's not as economic an attack as it might seem. iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
