[EMAIL PROTECTED] wrote:
Julien Pierre wrote:
If it was a rogue CA, there should be a process to remove it. Hopefully it should lose its certification and simply be removed. If not, it would be easy to prove by collecting a number of the "proxy" certs under false identities, and contact the owner in the subject certs to see if they actually requested the cert and have the private key.
That would depend if they were acting under some sort of mandate or not. In the US, there is now a thing called a "national security letter" that can request cooperation, no judge or warrant needed. If such were presented to a US CA I'd have no doubt that they would comply. (If you want more, check the boards.)
I think many members of the ACLU including myself, are trying to get these actions, made possible under the Patriot Act, recognized as unconstitutional in the US.
If the CA was served with such an letter, I'm not sure how they would respond. Complying might well be in violation of the CA's terms of service. If made public (and I have already explained how this can happen once a rogue cert is issued, made public and used), this is the sort of stuff that could cost them their certification, and ultimately their business, so I think they would consider the implications very seriously before responding. One course of action might be for them to comply and then sue the government over it ...
OTOH, the various authorities know that the MITM or a rogue CA-signed cert is a rather brutal and dangerous weapon. If they are caught, it wouldn't be prosecution they'd be worried about, but press and exposure, and this might result in limitations being placed on them.
Not only that, but any non-government private (for-profit) CAs that participated somehow in this type of scheme would likely be at risk of losing all their business, once such a story would go public. And it wouldn't matter that they had acted on behalf of the US government - people would just stop trusting their root CAs and take their business somewhere else.
So, I don't think that the CA rogue cert is something to lose much sleep over, but I think we can agree that it's really difficult to protect the user from this!
Well, the more root CAs are trusted in general, the easier the attack becomes, and the more difficult it might become to detect.
If you don't trust the auditors and the built-in roots in Mozilla, you would have to trust only one root, and find a secure mechanism for distributing that root to your users, a mechanism other than the built-in root CAs in the binaries on mozilla.org , and which therefore may be outside of the scope of the Mozilla.org CA policy .
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
