At 1:02 AM +1200 5/7/09, Peter Gutmann wrote:
>Paul Hoffman <> writes:
>>Peter, you really need more detents on the knob for your hyperbole setting.
>>"nothing happened" is flat-out wrong: the CA fixed the problem and researched
>>all related problems that it could find. Perhaps you meant "the CA was not
>>punished": that would be correct in this case.
>What I meant was that there were no repercussions due to the CA acting

We agree fully, then.

>This is "nothing happened" as far as motivating CAs to exercise
>diligence is concerned, you can be as negligent as you like but as long as you
>look suitably embarassed afterwards there are no repercussions (that is,
>there's no evidence that there was any exodus of customers from the CA, or any
>other CA that's done similar things in the past).

This assertion is probably, but unprovably, wrong. I suspect the CA now has 
better mechanisms in place to check for the problem in the future, and I 
suspect that a few other CAs seeing the kerfuffle probably added their own 
automated checks. Note that these are checks that should have been in place 
before the error was found.

>Imagine if a surgeon used rusty scalpels and randomly killed patients, or a
>bank handed out money to anyone walking in the door and claiming to have an
>account there, or a restaurant served spoiled food, or ... .  The
>repercussions in all of these cases would be quite severe.  However when
>several CAs exhibited the same level of carelessness, they looked a bit
>embarassed and then went back to business as usual. 

...because not only did no one die, but also the CAs were able to fix the 

>The CA-as-a-certificate-
>vending-machine problem (or "rogue CA" if you want to call it that) had been
>known for years (Verisign's "Microsoft" certificates of 2001 were the first
>case that got widespread publicity) but since there are no repercussions for
>CAs doing this there's no incentive for anything to change.


>>This leads to the question: if a CA in a trust anchor pile does something
>>wrong (terribly wrong, in this case) and fixes it, should they be punished?
>If a CA in a trust anchor pile does something terribly wrong and there are no
>repercussions, why would any CA care about doing things right? 

Slight worry about making a more serious mistake than happened here.

>All that does
>is drive up costs.  The perverse incentive that this creates is for CAs to
>ship as many certificates as possible while applying as little effort as
>possible.  And thus we have the current state of commercial PKI.

Fully agree.

--Paul Hoffman, Director
--VPN Consortium

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to