Duane wrote on Tue, 30 Mar 04, 4:55 PM: > Robert Relyea wrote: > > > If Mozilla starts including these kinds of policies, I would have to recommend > > against using mozilla to these friends. It's not worth trusting their life that > > some unvetted CA "got it right". > > This goes back to my comment to Julien, if a government wants to > intercept traffic issued by a CA they can either get certificates from > an existing CA or setup and have their own CA vetted,
The definition of 'vetted' means the CA has a CPS that restricts this. There are Strong market forces that operation on 'serious' CA's to prevent this from happening. Verisign is highly unlikely to issue an SSL cert to any government (including the US), for any domain name other than the appropriate .gov domain owned by the government. Such action would amount to immediate legal action against Verisign, as well as a loss in trust which is the whole value associated with the company. The 'vetting' process includes checks to make sure that the CPS *IS* followed. The goal of any vetting process would be to make sure such a CA could not be tricked or coerced into violating their CPS. > Basically PKI in this situation is not worth risking your life on and > I'd suggest to your friend to use self signed certificates and verify > the fingerprint by phone to the person that issues it and dump all other > certificates from the browser used for communications... That can be done today, without adding any new CA's into the browser, though it does have a prerequisite of removing *ALL* CA's from the browser to make sure (assuming the ultra-paranoid). I'm just picking up your argument. You said we would be better off and safer if security was more pervasive, but meaningless authentication. I explained that your example would not be more secure, and now you counter that PKI doesn't matter in that situation! > Finally just for kicks we have the US government, who isn't really > pushing it at present but was last decade to collect copies of keys in > escrow... Maybe things will shift for the worst tomorrow and they may > start pushing this agenda again, what does this do for security? They haven't pushed because the encryption genie is a out of the bag. Al-Queda can grab their own versions of security software, build their own trust domains, and communicate securely with its members no matter what the government does in this area. BTW sorry if I tend to rant on this it's because "partial security" is a pet peeve of mine. It's more dangerous than no security because it invites people to 'trust' connections more than they should. 40-bit encryption is another area. 40-bit encryption only tags messages as 'interesting to look at'. What you are proposing is another form of the 40-bit encryption problem. We *CAN* build secure systems. We *SHOULD* build secure systems. We *SHOULD NEVER* build systems that are only partially secure, but broken in fundamental ways. Also, the scenario you just blithely threw out is one that I care deeply about getting right. bob _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
