Arshad Noor writes: > I'm not sure I understand why it would be helpful to know all (or any) > intermediate CA ahead of time. If you trust the self-signed Root CA, > then, by definition, you've decided to trust everything that CA (and > subordinate CA) issues, with the exception of revoked certificates. > > Can you please elaborate? Thanks.
Of course, intermediate CAs are sometimes created for purely operational reasons that may be quite prudent. But delegating root CA-like power to more distinct organizations creates risk. Without external double-checks, the integrity of the CA system is as strong as its weakest link, so every new CA is an additional independent source of risk. When CAs delegate to intermediates, those intermediates can add new kinds of risk: * they could be in different jurisdictions, so there's new risk that the legal systems in those jurisdictions could try to compel them to misissue*; * they could be run by different people who could be persuaded to misissue in new ways; * they could use different software or hardware or operating systems that could have different vulnerabilities; * they could use different crypto primitives when issuing legitimate certificates that could have different vulnerabilities. Whether or not the new CA does a worse job overall than the old CA, it still creates new risk -- by CA proliferation! (In fact, there are already some cases showing that intermediate CAs _aren't_ always as cautious or competent in practice as the roots that delegated to them.) More fundamentally, as Peter Biddle points out, trust isn't transitive. Suppose we think that a particular CA is super-awesome at verifying that someone owns a domain and issuing hard-to-forge certificates attesting to this fact, while resisting compromises and coercion. That doesn't necessarily mean that it's also a good judge of whether another organization is also a good CA. Even giving the PKIX status quo the benefit of the doubt, the root CA decisions are supposed to be made by neutral parties following a careful process that includes input from professional auditors. When CAs get in the habit of delegating their power, that process is at risk of being bypassed and in any case starts to happen much less transparently. There are plenty of cases in the real world where someone is trusted with the power to take an action, but not automatically trusted with the power to delegate that power to others without external oversight. And that makes sense, because trust isn't transitive. * see https://www.eff.org/files/countries-with-CAs.txt -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
