[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Sep 5 19:39:35 PDT 2011
Larry Seltzer <larry at larryseltzer.com> writes:
>It seems to me this is a failure of both blacklists and whitelists.
>Revocation is based on blacklisting and trusted roots are themselves a
>whitelist. So from the point of view of the CA blacklisting failed, from the
>point of view of users whitelisting failed. No?
Not at all. The problem is that an unknown number of unknown certs were
issued that can't be invalidated because we don't know what they are. If
validation were whitelist-based, the certs wouldn't be present on the
whitelist (since they were issued in secret) and so would never be regarded as
valid. Conversely, if they were present on the whitelist then there'd be a
clear audit trail indicating their creation and existence, and they could be
dealt with.
The fact that we need to go to such drastic measures as pulling a root cert is
an artefact of the totally broken validity-checking mechanism we have now.
Since you can't directly invalidate an unknown cert, the only way to do it is
pull the root. Imagine if this happened with a larger CA like Verisign. If
it issued a single manufactured cert, the only way to invalidate it would be
to pull Verisign's root cert.
(In practice this is so drastic that nothing would happen, thus the TB2F
problem we have now).
Peter.
More information about the Observatory
mailing list