On Wed, Sep 21, 2011 at 12:30 PM, Arshad Noor <arshad.n...@strongauth.com> wrote: > On 09/18/2011 11:59 AM, Peter Gutmann wrote: >> >> Arshad Noor<arshad.n...@strongauth.com> writes: >> >>> Just because you come across one compromised CA out of 100 in the >>> browser, >>> does not imply that the remaining 99 are compromised (which is what you >>> are >>> implying with your statement). >> >> Since browser PKI uses universal implicit cross-certification, it is >> indeed >> the case that if one CA is compromised, all are compromised. So Ian is >> correct in his assessment. > > I disagree, Peter. > > In the first place, as you know, browsers have a trust-store of unique > self-signed TTP CA certificates; not cross-certified certificates. All > SSL/TLS connections between browsers and a site with an SSL certificate > issued by one of those TTP CA's, involves a *direct* trust-chain. A > browser user (or manufacturer) always has the ability to delete any TTP > CA certificate from their trust-store and sever the trust-chain, at > will. Notwithstanding the fact that most users don't know anything > about trust-stores and TTP CA certificates, it does not change the fact > that these are direct and independent trust-chains that can be severed > at will. Not always true in practice. Consider devices which store an image in ROM, smart phones which require a carrier's blessing, and broken tools/APIs (cf, Apple http://lists.apple.com/archives/Fed-talk/2011/Aug/msg00089.html.). There are lots of bright folks on the FedTalk mailing list.
> Secondly, if one CA is compromised, the only affected users are the ones > who still have that CA's Root certificate in their trust-store and who > happen to rely on a certificate issued by that CA (or its chain). Any > user that has deleted the compromised CA's certificate can continue to > rely upon *other* TTP certificates/chains without worrying about the > compromised CA's certificates. They have isolated the damage can move > on. > > [SNIP] Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography