On 03.01.2009 16:48, Eddy Nigg wrote:
...I wouldn't be willing to disclose each and every detail of code, preventive measures, controls and procedures and possible events.
Well, I think this might be a good idea, though. I could even go so far as to demand that all operations of the CA, including all processes in all detail, and the actual day-to-day operations, need to be open to everybody, both over the Internet and in real life. Anybody can just walk in the CA's office and watch anybody there working. All is entirely open to anybody. Only the private keys of the CA and the rest rooms are kept hidden.
I think that would improve operation quite a lot. The processes would need to be water-proof and correct, just like a cryptographic algorithm needs to withstand public scrutiny. (And most actually do have weaknesses at first which are rooted out by the public review. This, as experience shows, outweighs the advantage that attackers get by knowing the algorithm. The algo just needs to be strong enough. I think you can create strong CA processes, too.) Also, the day to day operations could be observed, too, by anybody, whether they match the declared processes, and to see whether the declared processes still show holes in practice, e.g. lacking diligence when verifying signatures. (A regular and unannounced audit - of *all* parts of the processes, no matter if RA or not - by a third party would also be mandatory.)
The problems we see are in no small part because CAs decalre their operations to be their private little business. Well, it's not, it's our responsibility. The browser gives the CAs special status, the CAs only exist because browsers invent this whole concept, so we say how a CA has to operate.
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
