[SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
Chris Palmer
snackypants at gmail.com
Mon Nov 7 15:31:43 PST 2011
- Previous message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Next message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
On Mon, Nov 7, 2011 at 3:08 PM, Ralph Holz <holz at net.in.tum.de> wrote:
> C=DE, O=Technische Universitaet Muenchen, CN=Zertifizierungsstelle der TUM
>
> C=DE, O=Technische Universitaet Ilmenau, CN=TU Ilmenau
> CA/emailAddress=pki at tu-ilmenau.de
>
> According to the EFF methodology, these would be counted as CAs because
> the O strings are distinct. Yet as Matthias has said for the third
> example, they cannot *arbitrarily* issue to any domain name, and the
> guidelines for what they can issue are somewhere in the DFN policies.
They can, purely as an X.509 technical matter, arbitrarily issue
certificates for any domain name. For example, nothing like X.509 Name
Constraints are set.
If DFN's operations and processes are so good that it would be very
hard for an attacker to get away with abusing one of those signing
certs, well, that is very nice and I'm glad to hear it.
But if an attacker did somehow get away with abusing a DFN signing
certificate, clients would consider end-entity certs signed by one of
those certs as valid, regardless of domain name. Without something
like Name Constraints, clients have no way of knowing the signing
certificate was abused.
Having many signing certificates, none with any limitations on their
signing power, is bad. Having many signing certificates, for the
purpose of giving each one very narrowly-scoped signing power, would
be better. Currently, the former scenario is the reality.
The holders of the signing certificates can make assertions about how
great their operations and validation processes are — and I encourage
them to keep doing so, and to present evidence. But Name Constraints,
or some other mechanism that effectively limits the scope of a
signer's authority at the time the client validates a certificate
chain, would reduce our need to blindly trust such assertions.
--
"These days, though, you have to be pretty technical before you can
even aspire to crudeness." — William Gibson
- Previous message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Next message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Observatory
mailing list