Re: Fwd: Has any public CA ever had their certificate revoked?
Paul Hoffman wrote: Peter Gutmann asked on a different mailing list: Subject says it all, does anyone know of a public, commercial CA (meaning one baked into a browser or the OS, including any sub-CA's hanging off the roots) ever having their certificate revoked? An ongoing private poll hasn't turned up anything, but perhaps others know of instances where this occurred. Was Peter referring to the general requestion of a public CA having its root removed from a browser for whatever reason? Or was he specifically referring to a public CA having a root key compromised and thus having the root revoked? Frank -- Frank Hecker hec...@mozillafoundation.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Fwd: Has any public CA ever had their certificate revoked?
Frank Hecker wrote, On 2009-05-12 11:32: Paul Hoffman wrote: Peter Gutmann asked on a different mailing list: Subject says it all, does anyone know of a public, commercial CA (meaning one baked into a browser or the OS, including any sub-CA's hanging off the roots) ever having their certificate revoked? An ongoing private poll hasn't turned up anything, but perhaps others know of instances where this occurred. Was Peter referring to the general requestion of a public CA having its root removed from a browser for whatever reason? Or was he specifically referring to a public CA having a root key compromised and thus having the root revoked? Frank, As I understand it, doubt has been cast on the value of revocation checking of CA certs, on the grounds that CAs simply never have revoked a CA cert, and (it is suggested) likely never will. I think this is a case where we're hoping that someone will find an example where a real public CA actually has revoked a subordinate CA cert at some point, demonstrating that revocation checking on CA certs would have been of value in that case. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Fwd: Has any public CA ever had their certificate revoked?
On 05/12/2009 09:45 PM, Nelson B Bolyard: Was Peter referring to the general requestion of a public CA having its root removed from a browser for whatever reason? Or was he specifically referring to a public CA having a root key compromised and thus having the root revoked? Frank, As I understand it, doubt has been cast on the value of revocation checking of CA certs, on the grounds that CAs simply never have revoked a CA cert, and (it is suggested) likely never will. Maybe not revoked, but taken out of active usage? StartCom has stopped active issuance (one year ago) and requested removal of its 1024 bit root: https://bugzilla.mozilla.org/show_bug.cgi?id=487150 This root is scheduled for archival and future destruction. I think this is a case where we're hoping that someone will find an example where a real public CA actually has revoked a subordinate CA cert at some point, demonstrating that revocation checking on CA certs would have been of value in that case. I think there is a big difference between an intermediate CA certificate and a root. I'm certain some intermediates have been revoked already for whatever reason. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Fwd: Has any public CA ever had their certificate revoked?
On 3/5/09 15:32, Ben Bucksch wrote: On 03.05.2009 09:06, Ian G wrote: (5) possibly as consequence of all the above, it can be claimed that it is an empty threat, and no more than a security/marketing tool for PKI people. Consequently, we need to either: * Make that threat not empty This is harder done than said. In order to make a threat of removal work, we would have to set it up so that we are fair, documented, disciplined, open, and agreed. We might get around 1 of 5 points in that list, currently. Let me rant on a bit... 1. Fairness cannot be done by the consensus model. We need a fair method, not democracy, in the sense that it is a gathering of many wolves and a few sheep, all voting who to eat for dinner. 2. Documented: we need procedures for this. Without a documented procedure, all actions are arbitrary. 3. Disciplined. We all have to follow the spirit. Which is to say we have to give and take. Accept some knocks. Mea culpa and all that. 4. Open: it needs to be discussed here in the open. We probably earn half a point here. At a minimum, the ruling needs to be delivered, which doesn't get us the other half point as yet. 5. Agreed. We need to agree to all the above. Here, we get about half a point, because anyone who participates has entered into a spirit of an agreement. We just disagree on what it is, and where it is, and whether it binds us to something serious. 1 out of 5 points, before the threat becomes something worthwhile. This isn't going to change much, so perhaps some pragmatism: accept that it is an empty threat? The CAs already act as if it is an empty threat, maybe the users should as well. iang -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Fwd: Has any public CA ever had their certificate revoked?
On 3/5/09 15:43, Eddy Nigg wrote: On 05/03/2009 10:06 AM, Ian G: (2), there exists a standard need in audits to discuss disaster recovery. Curiously, this does not appear to be documented anywhere, draw your own speculations It's usually addressed in internal CA documentations and audited accordingly. Disaster recovery is certainly part of the usual audits, OK, sorry, I should have said documented anywhere that is reliable to the users. Which is to say, it's useless, because without some external visibility, there is no reason to believe that there is anything reliable about that which is hidden. (To be totally clear, I don't really think disaster recovery is a big issue, in my personal opinion. 1. It's never happened. 2. It is a conventional/business thing, more than a security thing; which is to say, in security work, if we end up with the whole system being unplugged, actually, we aren't unhappy, that's quite secure different perspectives for different folks. Although I grant that OCSP/CRL requires a bit more thought before reaching a conclusion.) root compromise is such a disaster IMO. Precisely. Just exactly why is there such a need for root compromise to be dealt with, but the PKI world denies its existance? Draw your own conclusions. (4) no review of existing grandfathered roots has been done. That's not entirely correct, legacy CAs which requested EV enabled had to go through the process as if they were new roots. See also the current thread of Verizon/Cybertrust. Ah! Well corrected. I did not know that. Are you serious? Is the stated CA undergoing a full review by Mozo? All at the same time? iang -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Fwd: Has any public CA ever had their certificate revoked?
On 05/04/2009 09:12 AM, Ian G: On 3/5/09 15:43, Eddy Nigg wrote: That's not entirely correct, legacy CAs which requested EV enabled had to go through the process as if they were new roots. See also the current thread of Verizon/Cybertrust. Ah! Well corrected. I did not know that. Are you serious? Is the stated CA undergoing a full review by Mozo? All at the same time? Errr...yes. I've asked Frank concerning this review and he confirmed it (as it appeared to me that those roots were taken over from Netscape). It's now to raise any concerns, complaining later will not help. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Fwd: Has any public CA ever had their certificate revoked?
On 2/5/09 17:50, Paul Hoffman wrote: Peter Gutmann asked on a different mailing list: Subject says it all, does anyone know of a public, commercial CA (meaning one baked into a browser or the OS, including any sub-CA's hanging off the roots) ever having their certificate revoked? An ongoing private poll hasn't turned up anything, but perhaps others know of instances where this occurred. Current consensus here is that none has ever been revoked in Mozilla's history, from memory. There are several aspects: (1), How to do it: https://wiki.mozilla.org/CA:Recommendations_for_Roots#Revocation_of_the_Root (2), there exists a standard need in audits to discuss disaster recovery. Curiously, this does not appear to be documented anywhere, draw your own speculations (3), whether there is a framework to make a decision about doing it against the wishes of a CA. There are notes about how to do this somewhere, but the current consensus of Mozilla group is that they do not want to make decisions of these types. (4) no review of existing grandfathered roots has been done. (5) possibly as consequence of all the above, it can be claimed that it is an empty threat, and no more than a security/marketing tool for PKI people. iang -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Fwd: Has any public CA ever had their certificate revoked?
On 05/03/2009 10:06 AM, Ian G: (2), there exists a standard need in audits to discuss disaster recovery. Curiously, this does not appear to be documented anywhere, draw your own speculations It's usually addressed in internal CA documentations and audited accordingly. Disaster recovery is certainly part of the usual audits, root compromise is such a disaster IMO. (4) no review of existing grandfathered roots has been done. That's not entirely correct, legacy CAs which requested EV enabled had to go through the process as if they were new roots. See also the current thread of Verizon/Cybertrust. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Fwd: Has any public CA ever had their certificate revoked?
Ben Bucksch wrote: FWIW, I have removed Comodo from my browser's roots, and I have encountered only 2 sites recently which used it, despite going to quite some online shopping sites (SSL part). So did I and I did not encounter any sites I accessed since then being affected by this. Ciao, Michael. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Fwd: Has any public CA ever had their certificate revoked?
Peter Gutmann asked on a different mailing list: Subject says it all, does anyone know of a public, commercial CA (meaning one baked into a browser or the OS, including any sub-CA's hanging off the roots) ever having their certificate revoked? An ongoing private poll hasn't turned up anything, but perhaps others know of instances where this occurred. Peter. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto