On 09/14/2011 09:34 PM, Arshad Noor wrote:
On 9/14/2011 2:52 PM, Seth David Schoen wrote:
Arshad Noor writes:
I'm not sure I understand why it would be helpful to know all (or any)
intermediate CA ahead of time. If you trust the self-signed Root CA,
then, by definition, you've decided to trust everything that CA (and
subordinate CA) issues, with the exception of revoked certificates.
You keep using this word, I do not think it means what you think it means.
'Trust' does not mean everything the trusted party does is somehow put
beyond all questioning by definition.
Technically - and legally (if the Certificate Policy and contracts
were written up properly) - when a self-signed Root CA issues a
Subordinate CA cert, they are delegating the issuance of certificates
to the Subordinate CA operator, to be issued ONLY in accordance
with a CP that both parties have agreed to. The SubCA cannot,
legally, exceed the bounds of the self-signed Root CA's CP in any
manner that introduces more risk to the Relying Party. These are
legal obligations placed on the operator of the SubCA.
Yes, and this system sucks. It is a complete joke.
It is of no doubt great consolation to the Dutch and Iranians to know
that there is a contract somewhere being breached among Comodo and their
resellers and DigiNotar and some software vendors.
Are the RPs even a party to that contract?
Can a SubCA operator violate the legal terms from a technical point
of view? Of course; people break the law all the time in business,
it appears.
A loose web of computer law contracts among hundreds of international
business and government entities is not a foundation on which to build a
strong system for data security. Just the fact that they allow this
unrestricted delegation of authority (in the form of sub-CAs) means that
they're even crappy contracts to begin with.
However, an RP must assess this risk before trusting a self-signed
Root CA's certificate. If you believe there is uncertainty, then
don't trust the Root CA.
Yes, that's what this conversation has been about. Finding ways to
reduce this ridiculous hyperinflation of trust going around in general,
and specific parts of it quickly in emergencies.
- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
