Julien Pierre wrote:
Ben Bucksch wrote:
Actually, that probably wouldn't even be that hard, I don't need to be a government for that, I'd only need to be able to listen to (and maybe intercept) your mailbox (that's exactly the problem that crypto tries to solve, right?), in that case I could apply for a Class 1 certificate (only validates email mailbox) from any CA, catch and respond to the verification mail to your mailbox, and then use that new certificate to pose as you in email towards your correspondants. Given what you said, they wouldn't notice the certificate change, answer me encrypted with the new key, I would catch the email from your mailbox again, decrypt it using my fake cert and be done. Attack successful.
Correct, that would be a successful attack, and nothing can stop it today.
If you reject the proposal to enforce continuity of certs,
I think in practice one has to reject any enforced limit on ownership of cert signing for a client. From a business perspective, if one comes across a continuity limit like that, one gets very upset. In my experience, companies shy away from such things very quickly, as they see it as a "wedge in the door" attack.
> how about a
Ian Grigg's suggestion of a counter of how much a cert has been used? If the counter for a frequent and critical correspondent suddenly drops, I can at least be alerted and check what's up.
I'd agree with that (and add that it'd work better when there was a branding box that displayed the name of the CA, alongside the count). These added cues would draw the user into the security model, which is really the only way to deal with bypass attacks.
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
