[cryptography] Math corrections

Jeffrey Walton noloader at gmail.com
Wed Sep 21 13:23:05 EDT 2011


On Wed, Sep 21, 2011 at 12:30 PM, Arshad Noor
<arshad.noor at strongauth.com> wrote:
> On 09/18/2011 11:59 AM, Peter Gutmann wrote:
>>
>> Arshad Noor<arshad.noor at strongauth.com>  writes:
>>
>>> Just because you come across one compromised CA out of 100 in the
>>> browser,
>>> does not imply that the remaining 99 are compromised (which is what you
>>> are
>>> implying with your statement).
>>
>> Since browser PKI uses universal implicit cross-certification, it is
>> indeed
>> the case that if one CA is compromised, all are compromised.  So Ian is
>> correct in his assessment.
>
> I disagree, Peter.
>
> In the first place, as you know, browsers have a trust-store of unique
> self-signed TTP CA certificates; not cross-certified certificates.  All
> SSL/TLS connections between browsers and a site with an SSL certificate
> issued by one of those TTP CA's, involves a *direct* trust-chain.  A
> browser user (or manufacturer) always has the ability to delete any TTP
> CA certificate from their trust-store and sever the trust-chain, at
> will.  Notwithstanding the fact that most users don't know anything
> about trust-stores and TTP CA certificates, it does not change the fact
> that these are direct and independent trust-chains that can be severed
> at will.
Not always true in practice. Consider devices which store an image in
ROM, smart phones which require a carrier's blessing, and broken
tools/APIs (cf, Apple
http://lists.apple.com/archives/Fed-talk/2011/Aug/msg00089.html.).
There are lots of bright folks on the FedTalk mailing list.

> Secondly, if one CA is compromised, the only affected users are the ones
> who still have that CA's Root certificate in their trust-store and who
> happen to rely on a certificate issued by that CA (or its chain).  Any
> user that has deleted the compromised CA's certificate can continue to
> rely upon *other* TTP certificates/chains without worrying about the
> compromised CA's certificates. They have isolated the damage can move
> on.
>
> [SNIP]

Jeff



More information about the cryptography mailing list