[cryptography] Let's go back to the beginning on this

Arshad Noor arshad.noor at strongauth.com
Wed Sep 14 22:34:19 EDT 2011

On 9/14/2011 2:52 PM, Seth David Schoen wrote:
> Arshad Noor writes:
>> I'm not sure I understand why it would be helpful to know all (or any)
>> intermediate CA ahead of time.  If you trust the self-signed Root CA,
>> then, by definition, you've decided to trust everything that CA (and
>> subordinate CA) issues, with the exception of revoked certificates.
>> Can you please elaborate?  Thanks.
> Of course, intermediate CAs are sometimes created for purely
> operational reasons that may be quite prudent.  But delegating
> root CA-like power to more distinct organizations creates risk.

Technically - and legally (if the Certificate Policy and contracts
were written up properly) - when a self-signed Root CA issues a
Subordinate CA cert, they are delegating the issuance of certificates
to the Subordinate CA operator, to be issued ONLY in accordance
with a CP that both parties have agreed to.  The SubCA cannot,
legally, exceed the bounds of the self-signed Root CA's CP in any
manner that introduces more risk to the Relying Party.  These are
legal obligations placed on the operator of the SubCA.

Can a SubCA operator violate the legal terms from a technical point
of view?  Of course; people break the law all the time in business,
it appears.

However, an RP must assess this risk before trusting a self-signed
Root CA's certificate.  If you believe there is uncertainty, then
don't trust the Root CA.  Delete their certificate from your browser
and other applications, effectively removing all risk from that CA
and its subordinates from your computer.  Or, choose not to do
significant business over the internet when you see their certificate
on a site - you always have the choice.

Practically speaking, since the average internet user has "delegated"
(more like abrogated) the responsibility of trusting self-signed Root
CA certificates to the browser manufacturers, they have already
accepted significant risk - if the browser-manufacturer is lax in
verifying the self-signed Root CA's controls (of that of the SubCA
operators' by delegation), they have already sown the seeds of
destruction for their browser - and have, perhaps, thrown a body blow
to e-commerce in general.

Arshad Noor
StrongAuth, Inc.

More information about the cryptography mailing list