[Sovereign Keys] Evidence for claim - CA-signed certificate
Peter Eckersley
pde at eff.org
Sun Dec 18 16:10:48 PST 2011
On Mon, Dec 19, 2011 at 12:23:48AM +0100, Ondrej Mikle wrote:
> Hi,
>
> I'm a bit puzzled by the option of using CA-signed certificate to claim
> control of DNS name. Despite having re-read the text couple of times, I
> think I'm not understading it correctly.
>
> According to my interpretation, owner of domain example.com can create
> additional RSA/ECC sovereign key and obtain a CA-signed certificate that has
> the key in SubjectPublicKeyInfo and domain's FQDN in CN/SAN.
>
> Though this would create a loophole: if an attacker gains control of any CA
> (or uses other tricks), he can issue himself a CA-certificate with key of
> his choosing and use that certificate for claim of domain's ownership. What
> am I missing?
If there is already a Sovereign Key for this domain, this attack is useless
because there is already an entry for this domain in the timeline.
But what if there is no Sovereign Key for the domain yet?
Protecting against a compromised CA creating a SK could be achieved using
methods like repeatedly asking https://domain.com over Tor if it really wants
to make an SK (you could use a header or a magic URL for this question).
But there is a worse version of the attack, where the attacker does not
compromise a CA but instead compromises the HTTPS webserver itself, and then
tries to make a Sovereign Key.
That attack, and proposed protections, are discussed in this file:
https://git.eff.org/?p=sovereign-keys.git;a=blob;f=issues/transitional-considerations.txt;h=fa3b1591820baf1f2f62740f1f0e8b7998c29174;hb=HEAD
But as Brad points out, there may be other precautions and procedures that
should be added to that file.
>
> Ondrej
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the Sovereign-Keys
mailing list