Aren't the people who send their credit card number on an https connexion where the private key of the server is public knowledge already screwed ?Yes, of course. The question for this thread is: who is responsible for each screwedness?I beg to differ. The question is: for what is the CA responsible?That's not much of a question, because it is answered in each CPS. Mozilla has reviewed each CPS.
It seems we are spending a lot of time discussing theoretical considerations of liability and responsibility, which are important, but only one part of the true issue before us, which is practical.
The issue is: through an mistake in a not insignificant generator of of private keys, a non-trivial number of web sites are now using keys that are compromised.
Products like mozilla will have to do something to protect their customers. This can either be:
1) work with CA's, in their existing infrastructures to get those certs revoked. 2) include that list of keys in the browser itself to detect this compromise. 3) build a parallel revocation scheme to phone home to mozilla (a.la. anti-phishing) to identify sites with revoked keys.
In any event, the final result is websites with these keys need to be inaccessible. If 2 or 3 are chosen, we face the situation where mozilla will start (some argue continue) to believe that the CA infrastructure is irrelevant and push for non-PKI, bare key solutions.
Whether or not CAs have an obligation for timely revocation of these certificates, they have a vested interest in doing so. This mass compromise scenario was already planned for. For the last 10 years companies like Verisign have worked hard to bring the revocation infrastructure on line. Today that infrastructure is about 80% in place, where the missing pieces are actually browser pieces. If we see cooperation from CA's in quickly revoking those certs which are vulnerable, that would be enough to convince mozilla the right way to solve the problem is to depend on option 1 and fix revocation in the existing browsers.
This is an opportunity to show that PKI infrastructure really works. It is by far the best solution. The use of certs limits the Web's exposure to the issue because These certs can be revoked and will eventually expire. This cannot be said of protocols like ssh, which is now basically vulnerable to MITM attacks with no real recourse than to either 1) hope everyone checks and fixes their own keys, or 2) carrying around a huge set of compromised keys basically forever.
bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
