[SSL Observatory] SSL CA compromise in the wild

[Tom Ritter]

> The global validity of certificates issued by the root CAs is what
> scares me most. There is no "natural confinement" of a CA
> compromise. If each CA would only be allowed to issue certificates for
> a certain domain a compromise would also only affect that domain.
> Of course a compromise of e.g. the .com CA would still be
> catastrophic then but I could at least safely continue to log into
> mybank.de.

I really like this idea actually.  A forward-thinking company could
obtain several SSL certs for different ccTLDs, from different CAs
(think mybank.de, mybank.nl, myback.be).  And then if their .nl cert's
CA was blacklisted, they could seamlessly route that traffic to
another ccTLD without major disruption.  With a mechanism for service
providers to still get 'the green address bar' and 'the little lock';
*without* relying on an external entity's actions - I think keeping it
a boolean is still a possibly.  And a more restrictive, less open
boolean, where we _can_ blacklist entire CAs.

A problem of course is trying to put the smoke back in the bottle -
going to CAs and telling them their broad signing powers are now going
to be restricted.  It'd be extremely difficult if not impossible to
regulate signing certs already issued, and trying to regulate them
going forward would probably bring cries of anger from the signers who
want to be 'grandfathered' in and have the overarching powers of the
signers that got there first.

Ultimately, I don't like CAs at all, and consider the system
fundamentally broken.  It's become a business model, so it will never
be abolished completely but... I'm hoping to see an entirely new
infrastructure for determining Certificate Trust in my lifetime -
maybe the DNS-based approach (but I confess I haven't read enough to
speak intelligently on it.)  crlwatch and the observatory are
excellent tools to show the necessity of that new infrastructure.

-tom