[cryptography] current limits of proving MITM (Re: Gmail and SSL)

Jeffrey Walton noloader at gmail.com
Sun Dec 16 17:51:28 EST 2012

On Sun, Dec 16, 2012 at 4:48 AM, ianG <iang at iang.org> wrote:
> On 16/12/12 11:47 AM, Adam Back wrote:
>> (note the tidy email editing, Ben, and other blind top posters to massive
>> email threads :)
>> See inlne.
>> On Sun, Dec 16, 2012 at 10:52:37AM +0300, ianG wrote:
>>> [...] we want to prove that a certificate found in an MITM was in the
>>> chain
>>> or not.
>>> But (4) we already have that, in a non-cryptographic way.  If we find
>>> a certificate that is apparently signed by say VeriSign root and was
>>> found in an MITM, we can simply publish it with the facts.  Verisign
>>> are then encouraged to disclose (a) it was ours, (b) it wasn't ours,
>>> or (c) mmmmummm...
>> Verisign cant claim it wasnt theirs because the signing CA it will be
>> signed
>> by one of their roots, or a sub-CA thereof.
> Just to nitpick on this point, a CA certainly can claim that they or an
> agent did not sign a certificate.  And, they can provide the evidence, and
> should have the ability to do this:  CAs internally have logs as to what
> they did or did not sign, and this is part of their internal process.
That brings up a good point: the CA should be responsible for their
reseller's or agent's actions. The CA entered into the relationship,
and no one forced them into the partnering.

I also envision a scenario where a CA sets up a subsidiary (that is, a
distinct corporate entity) and then uses the new corporate entity to
subvert the spirit and intentions of the system. Later, the CA claims
"it was them, not us."

Lack of responsibility and accountability are part of the problem. It
needs to be addressed.


More information about the cryptography mailing list