> Look, we've had Root CAs that have actively lied in this Forum, 
> misrepresenting things to the community they later admitted they knew were 
> false, and had previously been an otherwise CA in good standing (or at 
> least, no worse standing than other CAs). A CA is a CA, and the risk is 
> treated the same. 

What the original poster is trying to say, is that if a CA is malicious, and 
the CA operates its own sub-CA, the CA itself could use its own OCSP signing 
certificate (the real one) to sign fake unrevocation responses.
Thus, if a CA is bad, they is bad and nothing cannot be done to that.

To take the example:
Lets say im a CA, and then operate a own sub-CA with delegated OCSP certificate 
with the invalid security properties.
This means the sub-CA's certificate can be abused to for example unrevoke 
certificates that CA revoked, or revoke certificates belongning to the CA or 
other sub-CA.

**BUT**
Note that CA and sub-CA is the same entity!!!
This means, that even if the issue is fixed, if the CA is malicious, the CA 
could simply have their OCSP server sign fake responses that unrevokes revoked 
certificates. Nothing prevents that, even if the sub-CA's right to sign OCSP 
responses is revoked or disabled.

The ONLY way to actively prevent a malicious CA from unrevoking a certificate, 
would be to require some sort of public OCSP ledger, like blockchain or 
similiar, where no changes can be made to anything posted in OCSP server.

Its like saying: "You have the master key and a user key to the room A. You can 
abuse the room A, so you shouldn't have the user key to room A.".
But wait - I have the master key to room A, and can still abuse the right, even 
if you take my user key.
Or another example: "I know the root password to system A, and have sudo rights 
to system A. You revoke my sudo rights - but I still have the root password."
So it becomes superfluicious to revoke my sudo rights, as I still have the same 
privileges.

So the fact that a CA and sub-CA operated by the very same entity, where the 
sub-CA can be abused, is not a security problem, because the same security 
problem exists even if the sub-CA doesn't exist at all.


However, if the sub-CA is a separate entity - like another person - then they 
stand in a position where they get higher privileges than they should have.
And then it becomes a security risk, because then it exist a escalation of 
privileges, where the sub-CA gets more privileges than it should have.

The only problem here is if a CA then lies about a sub-CA being entity of the 
CA, when they actually isn't -- but that should be visible in the audit because 
the composition of the sub-CA and CA must be revealed in the audit and it 
should be easy to catch if CA and sub-CA is different entities.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to