[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Lucky Green shamrock at cypherpunks.to
Sun Dec 4 22:21:18 EST 2011

On 2011-12-04 12:09, Ondrej Mikle wrote:
> I re-did the count of CAs whose CRLs had 'CA Compromise' as revocation reason,
> about month after Peter Eckersley did. Result was the same (counting "trusted"
> CAs). Plus few others (some seemed to be internal company CAs; but did not chain
> to a "trusted root").

Most (but not all) of the CAs that I worked with over the years did not
have anybody on the operations side full time that would know how to
place a revocation reason into the CRL. Which is why the majority of CRL
entries include an unspecified reason code or the ever popular reason
code "NULL".

Without taking anything away from the work of the folks at the EFF (I
appreciate their effort and have been a long-time financial supporter of
the EFF), determining the number of CA compromises from looking at "CA
Compromise" in reason codes is like determining car theft statistics
from the number of car thieves that turn themselves in at the police

Sure, once in a while a fellow that has not been suspected of any crime
will walk into a police station and decide to turn himself in. Every cop
will have a story or two along those lines. But the number of crimes
(and criminals) far exceed the number of criminals that choose to turn
themselves in to the police.

It does not require disclosing of any confidential information to come
to the conclusion that more certificates have been revoked due to CA
compromise than certs were issued due to CA compromise. Indeed, you only
need to look through the database for certs that very publicly have been
revoked due to CA compromise to find a some that lack that reason code
in the CRL.

Lastly, I am not trying to insinuate that having your CA compromised is
or should ever become a crime.

--Lucky Green

More information about the cryptography mailing list