[cryptography] Let's go back to the beginning on this

Marsh Ray marsh at extendedsubset.com
Wed Sep 14 23:24:27 EDT 2011


On 09/14/2011 09:34 PM, Arshad Noor wrote:
> On 9/14/2011 2:52 PM, Seth David Schoen wrote:
>> Arshad Noor writes:
>>
>>> I'm not sure I understand why it would be helpful to know all (or any)
>>> intermediate CA ahead of time. If you trust the self-signed Root CA,
>>> then, by definition, you've decided to trust everything that CA (and
>>> subordinate CA) issues, with the exception of revoked certificates.

You keep using this word, I do not think it means what you think it means.

'Trust' does not mean everything the trusted party does is somehow put 
beyond all questioning by definition.

> Technically - and legally (if the Certificate Policy and contracts
> were written up properly) - when a self-signed Root CA issues a
> Subordinate CA cert, they are delegating the issuance of certificates
> to the Subordinate CA operator, to be issued ONLY in accordance
> with a CP that both parties have agreed to. The SubCA cannot,
> legally, exceed the bounds of the self-signed Root CA's CP in any
> manner that introduces more risk to the Relying Party. These are
> legal obligations placed on the operator of the SubCA.

Yes, and this system sucks. It is a complete joke.

It is of no doubt great consolation to the Dutch and Iranians to know 
that there is a contract somewhere being breached among Comodo and their 
resellers and DigiNotar and some software vendors.

Are the RPs even a party to that contract?

> Can a SubCA operator violate the legal terms from a technical point
> of view? Of course; people break the law all the time in business,
> it appears.

A loose web of computer law contracts among hundreds of international 
business and government entities is not a foundation on which to build a 
strong system for data security. Just the fact that they allow this 
unrestricted delegation of authority (in the form of sub-CAs) means that 
they're even crappy contracts to begin with.

> However, an RP must assess this risk before trusting a self-signed
> Root CA's certificate. If you believe there is uncertainty, then
> don't trust the Root CA.

Yes, that's what this conversation has been about. Finding ways to 
reduce this ridiculous hyperinflation of trust going around in general, 
and specific parts of it quickly in emergencies.

- Marsh



More information about the cryptography mailing list