Paul Hoffman <> writes:

>Peter, you really need more detents on the knob for your hyperbole setting.
>"nothing happened" is flat-out wrong: the CA fixed the problem and researched
>all related problems that it could find. Perhaps you meant "the CA was not
>punished": that would be correct in this case.

What I meant was that there were no repercussions due to the CA acting
negligently.  This is "nothing happened" as far as motivating CAs to exercise
diligence is concerned, you can be as negligent as you like but as long as you
look suitably embarassed afterwards there are no repercussions (that is,
there's no evidence that there was any exodus of customers from the CA, or any
other CA that's done similar things in the past).

Imagine if a surgeon used rusty scalpels and randomly killed patients, or a
bank handed out money to anyone walking in the door and claiming to have an
account there, or a restaurant served spoiled food, or ... .  The
repercussions in all of these cases would be quite severe.  However when
several CAs exhibited the same level of carelessness, they looked a bit
embarassed and then went back to business as usual.  The CA-as-a-certificate-
vending-machine problem (or "rogue CA" if you want to call it that) had been
known for years (Verisign's "Microsoft" certificates of 2001 were the first
case that got widespread publicity) but since there are no repercussions for
CAs doing this there's no incentive for anything to change.

>This leads to the question: if a CA in a trust anchor pile does something
>wrong (terribly wrong, in this case) and fixes it, should they be punished?

If a CA in a trust anchor pile does something terribly wrong and there are no
repercussions, why would any CA care about doing things right?  All that does
is drive up costs.  The perverse incentive that this creates is for CAs to
ship as many certificates as possible while applying as little effort as
possible.  And thus we have the current state of commercial PKI.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to