[cryptography] Math corrections
noloader at gmail.com
Wed Sep 21 13:23:05 EDT 2011
On Wed, Sep 21, 2011 at 12:30 PM, Arshad Noor
<arshad.noor at strongauth.com> wrote:
> On 09/18/2011 11:59 AM, Peter Gutmann wrote:
>> Arshad Noor<arshad.noor at strongauth.com> writes:
>>> Just because you come across one compromised CA out of 100 in the
>>> does not imply that the remaining 99 are compromised (which is what you
>>> implying with your statement).
>> Since browser PKI uses universal implicit cross-certification, it is
>> the case that if one CA is compromised, all are compromised. So Ian is
>> correct in his assessment.
> I disagree, Peter.
> In the first place, as you know, browsers have a trust-store of unique
> self-signed TTP CA certificates; not cross-certified certificates. All
> SSL/TLS connections between browsers and a site with an SSL certificate
> issued by one of those TTP CA's, involves a *direct* trust-chain. A
> browser user (or manufacturer) always has the ability to delete any TTP
> CA certificate from their trust-store and sever the trust-chain, at
> will. Notwithstanding the fact that most users don't know anything
> about trust-stores and TTP CA certificates, it does not change the fact
> that these are direct and independent trust-chains that can be severed
> at will.
Not always true in practice. Consider devices which store an image in
ROM, smart phones which require a carrier's blessing, and broken
tools/APIs (cf, Apple
There are lots of bright folks on the FedTalk mailing list.
> Secondly, if one CA is compromised, the only affected users are the ones
> who still have that CA's Root certificate in their trust-store and who
> happen to rely on a certificate issued by that CA (or its chain). Any
> user that has deleted the compromised CA's certificate can continue to
> rely upon *other* TTP certificates/chains without worrying about the
> compromised CA's certificates. They have isolated the damage can move
More information about the cryptography