Gervase Markham <g...@mozilla.org> wrote: > 1) "Is the security analysis relating to government CAs, as a class, > different to that relating to commercial CAs? If so, how exactly?" >
It seems reasonable to assume that governments that have publicly-trusted roots will provide essential government services from websites secured using certificates that depend on those roots staying publicly-trusted. Further, it is likely that, especially in the long run, they will do things, including pass legislation, that would make it difficult for them to offer these services using certificates issued by CAs other than themselves, as being in full control will be seen as being a national security issue. Further, governments may even pass laws that make it illegal for browser makers to take any enforcement action that would reduce or eliminate access to these government services. In fact, it might already be illegal to do so in some circumstances. The main sticks that browsers have in enforcing their CA policies is the threat of removal. However, such a threat seem completely empty when removal means that essential government services become inaccessible and when the removal would likely lead to, at best, a protracted legal battle with the government--perhaps in a secret court. Instead, it is likely that browser makers would find that they cannot enforce their CA policies in any meaningful way against government CAs. Thus, government CAs' ability to create and enforce real-world laws likely will make them "above the law" as far as browsers' CA policies are concerned. Accordingly, when a browser maker adds a government CA to their default trust store, and especially when that government CA has jurisdiction over them, the browser maker should assume that they will never be able to enforce any aspect of their policy for that CA in a way that would affect existing websites that use that CA. And, they will probably never be able to remove that CA, even if that CA were to be found to mis-issue certificates or even if that CA established a policy of openly man-in-the-middling websites. IIRC, in the past, we've seen CAs that lapse in compliance with Mozilla's CA policies and that have claimed they cannot do the work to become compliant again until new legislation has passed to authorize their budget. These episodes are mild examples show that government legislative processes already have a negative impact on government CAs' compliance with browsers' CA policies. 2) "If it is different, does name-constraining government CAs make > things better, or not?" > Name constraints would allow governments that insist on providing government services using certificates that they've issued themselves to do so in a way that is totally independent of any browser policies. When a government agrees to the name constraints, such as the case of the US FPKI it seems like a no-brainer to add them. More generally, browsers should encourage CAs to agree to name constraints, regardless of the "government" status of the CA. As far as what to do when a CA that is--or seems like--a government CA wants to be able to issue certificates for everybody, I agree with Ryan Sleevi and the other Googlers. In general, it seems like CT or similar technology is needed to deal with the fact that browsers have (probably) admitted, and will admit, untrustworthy CAs into their programs. Cheers, Brian _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy