[cryptography] how many MITM-enabling sub-roots chain up to public-facing CAs ?
smb at cs.columbia.edu
Tue Feb 14 14:09:20 EST 2012
On Feb 14, 2012, at 1:16 23PM, Jon Callas wrote:
> On Feb 14, 2012, at 7:42 AM, ianG wrote:
>> On 14/02/12 21:40 PM, Ralph Holz wrote:
>>> Actually, we thought about asking Mozilla directly and in public: how
>>> many such CAs are known to them?
>> It appears their thoughts were "none."
>> Of course there have been many claims in the past. But the Mozilla CA desk is frequently surrounded by buzzing small black helicopters so it all becomes noise.
> I've asked about this, too, and the *documented* evidence of this happening is exactly that -- zero.
> I believe it happens. People I trust have told me, whispered in my ear, and assured me that someone they know has told them about it, but there's documented evidence of it zero times.
> I'd accept a screen shot of a cert display or other things as evidence, myself, despite those being quite forgeable, at this point.
> Their thoughts of it being none are reasonably agnostic on it.
> Those who have evidence need to start sharing.
A related question...
Sub-CAs for a single company are obviously not a problem. Thus, if a major CA were to issue WhizzBangWidgets a CA cert capable of issuing certificates for anything in *.WhizzBangWidgets.com, it would be seen as entirely proper. The issue is whether or not that sub-CA can issue certificates for, say, google.com. The restriction is enforced by the Name Constraints field in the CA's cert. However, this is seldom-enough seen that I have no idea if it's actually usable. So -- do major cert-accepting programs examine and honor this field, and do it correctly? I know that OpenSSL has some code to support it; does it work? What about Firefox's? The certificate-handling code in various versions of Windows? Of MacOS?
--Steve Bellovin, https://www.cs.columbia.edu/~smb
More information about the cryptography