On 02/05/2014 03:06 PM, Werner Koch wrote: > Almost all X.509 certification in public use certify only one of two > things: > > - Someone has pushed a few bucks over to the CA. > > - Someone has convinced the CA to directly or indirectly issue a > certificate.
To further clarify: "Domain Validation" (how the overwhelming majority of cartel-issued X.509 certificates are "verified" today) nominally consists of proving that you can read e-mail sent to any of: * the e-mail addresses associated with the domain in question (as found in whois), or * any of a set of "administrator" e-mail addresses in the domain, including hostmas...@example.org, webmas...@example.org, ad...@example.org, sslad...@example.org, postmas...@example.org, etc. In practice, this means that any of the following can get a certificate issued: * anyone who can spoof whois to the CA * anyone who can spoof DNS to the CA (changing the MX record) * any mail system administrator who has access to any of the above e-mail addresses * any passive sniffer of outbound e-mail traffic from the CA's MTA if the CA doesn't enforce STARTTLS for outbound SMTP. * if the CA enforces STARTTLS for outbound SMTP, but doesn't check certificates: any active attacker in control of the CA's MTA's network connection (or anywhere between the CA and the receiving MTA) * anyone who knows the password to any of these e-mail accounts and so on... Remember also that (barring certificate pinning or TACK), someone who wants a cert does not have to attack a single CA -- they only have to attack the most sloppily-administered CA in all the public root stores. The bar for regular X.509 certification is much much lower than pretty much any common OpenPGP certification guideline. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users