[SSL Observatory] Tangent - coercibility of different authority structures

[Ralph Holz]

Hi,

> In the case of the largest node in the EFF graph, the CA has 200
> intermediate certs, each issued to a different educational institute.
> 
> I would be exceptionally surprised if those keys were in 200 separate HSMs.

If I am not mistaken, you are referring to German DFN-Verein, who is in
turn certified by Deutsche Telekom, and they are in the Root Store. DFN
sub-certifies RAs of German universities. No, I don't think the keys are
in separate HSMs, either.

I am pulling this from my memory, but I had the pleasure with the local
RA once when I got myself an S/MIME cert. AFAICR the procedure is that
they trigger certification via an API, and the client cert is issued
directly by the CA. I don't know the procedure for WWW certs. What I do
know is that the guys did not accept my ID of the CS faculty here, but
rather insisted I show them my passport. That was a higher level of
certification than I had expected. :)

Anyway, I know nothing about their perimeter defenses, or how keys are
protected. *That* would be interesting, though.

> Now the current situation is not acceptable. The CA in question has not
> responded to my enquires as to what their policy actually is. So it is

Was that DFN? They should reply, but maybe they take that stupid stance
that they answer to subscribers only. As I am one, I could ask again.

> entirely possible that they are doing it the stupid way. And this is not
> a situation that can be allowed to continue. 

Which means you would have to unplug Deutsche Telekom. Which Mozilla
won't do unless you can show them they have misbehaved.

The real problem is not even disclosure of sub-CAs; it is control over
them. Host name limitations in the CN/SAN will help here, but only
briefly I guess.

> But what I take exception to is the jump from an observation that might
> imply the possibility of 200 CAs to a repeated assertion of fact. The
> EFF has not attempted to determine whether those 200 certs are
> independent CAs or merely 200 keys in a single HSM held by the CA. Yet
> EFF people are repeating the claim as fact and using it to drive a
> policy discussion.

I agree that the conjecture is not correct.

>     What is also true is that, e.g. Mozilla has no clue how many
>     sub-ordinate CAs are out there as these are often considered trade
>     secrets and not disclosed to the browser vendors. See the Mozilla lists
>     for discussions on that topic. Mozilla might soon try and close that
>     gap.
> 
> Actually the industry is working to close that gap, not just Mozilla.

Although I cannot see "the industry" doing that. Not more than 1-2 CAs
have spoken out on the subject on moz.dev.sec.pol. If you are referring
to the CAB, that's a closed forum. Their BR may be a step into the right
direction, but they're so impossibly worded and boring to read that you
need to be a really dedicated follower, and even then I am not sure if
name constraints are in the BR. Actually, I think they are not.

> My firm belief is that we need to start by making all parties that
> perform public validation subject to the same audit requirement as a CA. 

Audits are not my specialty, but I think IanG will have some words here...

Ralph

-- 
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110926/8075b07f/attachment.sig>