Eddy Nigg wrote:
> On 02/09/2012 12:18 AM, From Nelson B Bolyard:
> BTW, this proposal wouldn't be a problem if it would cover, lets say
> the top 500 sites and leave the rest to the CAs. There would be
> probably also the highest gains.

Effectively, we would be making the most popular servers on the internet 
faster, and giving them a significant competitive advantage over less popular 
servers. I am not sure this is compatible with Mozilla's positions on net 
neutrality and related issues.

AFAICT, improving the situation for the top 500 sites (only) would be the 
argument for *mandatory* OCSP stapling and against implementing Google's 
mechanism. The 500 biggest sites on the internet all have plenty of resources 
to figure out how to deploy OCSP stapling. The issue with OCSP stapling is the 
long tail of websites, that don't have dedicated teams of sysadmins to very 
carefully change the firewall rules to allow outbound connections from some 
servers (where previously they did not need to) and/or implement deploy DNS 
resolvers on their servers (where, previously, they might not have needed any), 
and/or upgrade and configure their web server to support OCSP stapling (which 
is a bleeding edge feature and/or not available, depending on the server 
product).

A better (than "favor the Alexa 500") solution may be to do auto-load CRLs for 
the sub-CA that handles EV roots (assuming that CAs that do EV have or could 
create sub-CAs for EV roots for which there would be very few revocations, 
which may require standardizing some of the business-level decision making 
regarding when/why certificates can be revoked), or similar things. This would 
at least reduce the cost for the long tail of websites to a low* fixed yearly 
fee. I am not sure this would be completely realistic or sufficient though.

I am also concerned about the filtering based on reason codes. Is it realistic 
to expect that every site that has a key compromise to publicly state that 
fact? Isn't it pretty likely that after a server's EE certificate has been 
revoked, that people will tend to be less diligent about protecting the private 
key and/or asking for the cert to be revoked with a new reason code?

However, I don't think we should reject Google's improvement here because it 
isn't perfect. OCSP fetching is frankly a stupid idea, and AFAICT, we're all 
doing it mostly because everybody else is doing it and we don't want to look 
less secure. In the end, for anything serious, we have been relying (and 
continue to rely) on browser updates to *really* protect users from 
certificate-related problems. And, often we're making almost arbitrary 
decisions as to which breaches of which websites are worth issuing a browser 
update for. Google is just improving on that. Props to Adam, Ben, Wan-Teh, 
Ryan, and other people involved.

Cheers,
Brian

* Yes, I consider the price of even EV certificates to be almost 
inconsequential, compared to the overall (opportunity) cost of a person needed 
to securely set up and maintain even the most basic HTTPS server.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to