This an interesting issue Kaspar and I appreciate you raising it. I also personally appreciate you framing it in terms of trust because that's really what is at issue here.
The whole idea of revocation is a gaping hole in the PKI landscape. The ability to say "don't trust me" is so poorly implemented throughout PKI as to be effectively non-existent. If for some reason you need to revoke a cert, you should do so because it's the right thing to do, but the best you can hope for is that some anti-security person doesn't figure out a way to use it anyway. This means that theft and other compromises of private keys remain viable attack vectors for those who wish to do so (government sponsored organizations and otherwise). Private keys and the certs that go with them could be usable well after when people think they become invalid. This also means that we should not be surprised to see an underground market appear that seeks to sell "revoked" certs. Given that "high value" internet destinations might have been impacted by the Heartbleed vulnerability this could definitely become a concern. Should such a place appear I would think StartCom - issued certs would easily be included for sale. This also means that all "pay to revoke" policies should be viewed as anti-security and we need to "strongly encourage" they be discontinued in short order. If a CA wishes to continue such policies I would question their trustworthiness. Further I think we are reaching the point where browsers have to refuse SSL connections when OCSP validation fails. I think it's getting harder to argue otherwise, but I'll let the Mozilla folks speak to that. ----- Original Message ----- From: Kaspar Janßen Sent: Thursday, April 10, 2014 4:12 AM On 10/04/14 10:08, Peter Eckersley wrote: > Kaspar, suppose that Mozilla followed your suggestion and removed > StartCom's root certificates from its trust store (or revoked them!). What > would the consequences of that decision be, for the large number of domains > that rely on StartCom certs? I hope that an appropriate policy will force authorities to reconsider their revocation principle. I don't want to harm someone nor I want to work off in any way. The key is that anybody should be able to shout out "don't trust me anymore!" without a fee. Isn't that part of the trustchain idea? I read a few times that Chrome doesn't even check if a certificate is revoked or not (at least not the default settings). That leads me to the question: Is it mandatory for a CA in mozilla's truststore to have to ability to revoke a certificate or is is only an optional feature provided by some CAs? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
