> Look, we've had Root CAs that have actively lied in this Forum, > misrepresenting things to the community they later admitted they knew were > false, and had previously been an otherwise CA in good standing (or at > least, no worse standing than other CAs). A CA is a CA, and the risk is > treated the same.
What the original poster is trying to say, is that if a CA is malicious, and the CA operates its own sub-CA, the CA itself could use its own OCSP signing certificate (the real one) to sign fake unrevocation responses. Thus, if a CA is bad, they is bad and nothing cannot be done to that. To take the example: Lets say im a CA, and then operate a own sub-CA with delegated OCSP certificate with the invalid security properties. This means the sub-CA's certificate can be abused to for example unrevoke certificates that CA revoked, or revoke certificates belongning to the CA or other sub-CA. **BUT** Note that CA and sub-CA is the same entity!!! This means, that even if the issue is fixed, if the CA is malicious, the CA could simply have their OCSP server sign fake responses that unrevokes revoked certificates. Nothing prevents that, even if the sub-CA's right to sign OCSP responses is revoked or disabled. The ONLY way to actively prevent a malicious CA from unrevoking a certificate, would be to require some sort of public OCSP ledger, like blockchain or similiar, where no changes can be made to anything posted in OCSP server. Its like saying: "You have the master key and a user key to the room A. You can abuse the room A, so you shouldn't have the user key to room A.". But wait - I have the master key to room A, and can still abuse the right, even if you take my user key. Or another example: "I know the root password to system A, and have sudo rights to system A. You revoke my sudo rights - but I still have the root password." So it becomes superfluicious to revoke my sudo rights, as I still have the same privileges. So the fact that a CA and sub-CA operated by the very same entity, where the sub-CA can be abused, is not a security problem, because the same security problem exists even if the sub-CA doesn't exist at all. However, if the sub-CA is a separate entity - like another person - then they stand in a position where they get higher privileges than they should have. And then it becomes a security risk, because then it exist a escalation of privileges, where the sub-CA gets more privileges than it should have. The only problem here is if a CA then lies about a sub-CA being entity of the CA, when they actually isn't -- but that should be visible in the audit because the composition of the sub-CA and CA must be revealed in the audit and it should be easy to catch if CA and sub-CA is different entities. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy