[cryptography] Auditable CAs
ben at links.org
Wed Dec 7 06:00:38 EST 2011
On Tue, Dec 6, 2011 at 10:48 AM, Florian Weimer <fweimer at bfk.de> wrote:
> * Ben Laurie:
>> Given the recent discussion on Sovereign Keys I thought people might
>> be interested in a related, but less ambitious, idea Adam Langley and
>> I have been kicking around:
> Why wouldn't the problem we have with CAs now resurface again with the
> entity which maintains the log? And why is a new protocol needed?
> Couldn't you just treat certificates from existing browser CAs as
> signing requests for an uber-CA which issues traditional X.509
I don't know how to answer that without just regurgitating the
document again. You have read it, right?
> Viewed from another perspective, "The CA must publish a list of
> certificates it has issued" is a perfectly auditable requirement (in
> particular if you specify availability and format), so if this is what
> we want, browser vendors could just make it a requirement for being on
> the root list. However, this seems rather unrealistic at this point.
> Therefore, I have written a proposal for TLS extension which adds some
> additional transparency regarding the certificates which are floating
> around, without mandatory publication by the CAs or a third party.
Our proposal does not require CAs or third parties to publish anything.
> relies on the phenomenon that nowadays, we have a fair number of mobile
> devices which migrate between networks with and without a clear path,
> and sufficient local storage capacity to keep track of the certificates
> they see.
> I still think the concept is sound, and some discussion in this thread
> (on TLS-intercepting proxies) makes it clear why the complexity of
> sending the entire certificate chain is necessary.
Interesting proposal: two comments immediately spring to mind:
1. You probably need to allow for sending more than one certificate chain.
2. What about server farms that have a different cert per machine? Or CDNs?
More information about the cryptography