[cryptography] Auditable CAs

Ben Laurie ben at links.org
Mon Nov 28 16:45:55 EST 2011

On Mon, Nov 28, 2011 at 9:32 PM, Chris Richardson <chris at randomnonce.org> wrote:
> Right.  Or to think about it a different way:
> Facebook uses a CA-signed cert.  Users connecting to Facebook get no
> errors/warnings (assuming no one mucks with the connection)
> If someone is mucking with my connection, I get a self-signed Facebook
> cert and the appropriate warning screen.
> In this case, I know that that my connection is being mucked with
> because I know (ahead-of-time/out-of-band) that Facebook uses a
> CA-signed cert.
> If in several years, I get a cert-does-not-have-audit-proof warning
> for Facebook, how will I know if that's because
> 1. Facebook has chosen a CA that does not use the audit system
> 2. Facebook has chosen a CA that uses the audit system, but Facebook
> chooses not to participate in the audit system
> 3. Someone is mucking with my connection.
> The current system is no stronger than the weakest CA.  I think this
> proposal is interesting, but I'm not certain it's any stronger than
> the systems that do not participate in it

Note that the CAs do not have to participate: the holders of the certs
can register them in the logs.

So, the question is: why would Facebook not want to participate in the audit?

More information about the cryptography mailing list