On Wednesday, December 13, 2017 at 2:46:10 PM UTC-6, Gervase Markham wrote:
> My concern with this argument is that it's susceptible to the criticism > that Adam Langley made of revocation checking: > https://www.imperialviolet.org/2012/02/05/crlsets.html > > "So [EV identity is] like a seat-belt that snaps when you crash. Even > though it works 99% of the time, it's worthless because it only works > when you don't need it." I would like to point out that this is true of certificates in general. It is also true of DV certificates. It is also true of the DV validation processes. The same criticism can be applied to any mechanism which has a non-zero potential for elevating the user's expectation and confidence to any level above "anyone can see this, anyone can manipulate this." Route hijacking your way to what would appear as a proper domain validation is practical for even a modestly resourceful adversary. I suspect that the only reason more spectacular demonstration of certs issuing pursuant to such hijacks haven't arisen owes to ethical considerations, poor overlap of those with the network interconnection experience and the CA DV practices knowledge, and that doing it effectively means doing it in a well documented way -- ringing a bell you can not unring. The same targets worth hijacking and getting fraudulent DV certificates for are those same sites that can derive benefit from strong identity validation and enhanced indication that you're talking to infrastructure of the party that underwent that. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy