[SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA

Erwann ABALEA erwann at abalea.com
Mon Nov 7 10:13:31 PST 2011


Bonjour,

2011/11/7 Ralph Holz <holz at net.in.tum.de>:
>> In practice, you can only register root CAs into browsers, and you're
>> strongly advised to *not* issue certificates directly under the root,
>> like it was the case some years ago with the big CA vendors selling
>> X.509v1 certificates. So a company acting as a CA has at least one
>> root CA, and then several sub-CAs (for EV, OV, DV, Test, S/MIME, code
>> signing, timestamping, ...). Add to this imposed segmentation some
>> levels (for example in Europe, we have qualified certificates, and in
>> France we have other "France-only" rules). Those CA certificates can
>> be counted as different CAs if you stick to pure X.509 rules, but they
>> are all held by the same one company, and operated by the same people,
>> only applying different validation rules. Does that still count as so
>> many CAs? I doubt so.
>
> That's the point Phillip was referring, too. But the more interesting
> question to me seems here: if CAs = the companies operate sub-CAs, why
> do so many CA = companies have several root certificates in NSS? The
> latest count of roots in NSS was 150+; and I remember someone from
> Mozilla recently mentioned that the number of companies is much lower,
> near 35-40 or so.

Some obvious reasons:
 - root renewal (expiration date),
 - key change (longer ones),
 - algorithm change (MD5 is actively being phased out, SHA1 is
progressively being replaced by the SHA2 family, and that will go on
once SHA3 will be elected),
 - company merge (i.e. Thawte+VeriSign)
 - name change (i.e. AOL->TimeWarner)

You can also count companies that were used to have one root for each
"level" (just as VeriSign: Class x), while renewing them (VeriSign
Class 3 - G2 to G5).

Some companies are aware of the risk of having everybody under one
single root, they're not all "security illiterate" ;)

> And correct me if I am wrong - but isn't it so that some CAs = companies
> have root certs for DV *and* EV in the NSS root store?

I'm not sure if I'm understanding you correctly, please correct me too
if I'm wrong.
Some companies have distinct root certificates for EV or DV, some
others have a single root certificate for both EV *and* DV. But below
this root certificate, you'll generally find a subordinate CA, one for
DV and one for EV.

-- 
Erwann.



More information about the Observatory mailing list