Nelson B wrote: > In a recent post, someone here attempted to defend the practice of > using insecure email as the sole means of confirming the legitimacy > of a request for an SSL server certificate.��I'm�here�to�challenge > that.��I�think�it's�SO�BAD�a�practice,�in�fact,�that�I�think�mozilla > should specifically say, in the policy, that that's not good enough > for a CA that is admitted to mozilla's trusted root list.��I�am�not > targetting any particular CA here.��I�think�this�is�a�matter�of�policy > for all CAs.
I think the cert-by-email practice could work with suitable safeguards. It all depends on what we're certifying. Are we saying that you are connected to example.com, or that you're connected to a server owned by the human being who bought example.com? The first prevents man-in-the-middle attacks, and the second prevents phishing over SSL (or at least makes it easy to find out who the guilty party is). The first probably can be done via email. The second would probably require an in-person visit with government-issued ID (possibly more than one form). Anything less than visual inspection of ID by a trusted party would make the system unsuitable for prosecuting somebody based on abuse of SSL identity - which is what you need to stop phishing. I'm not under the impression that the mainstream vendors do in-person ID checks. So, we don't have that level of protection currently. I think that domain control can be reliably verified using email. I agree that domains can be hijacked - but there are solutions to this: 1. You sign up via a website. The website sends you an email containing a verification link. All communications are signed, and include a copy of the certificate request. 2. They repeat this at a few intervals over a week or two. At random times. In order to hijack your domain, an attacker would have to be able to intercept your email over a several days. By including the request in the email you might be able to prevent more subtle MITM attacks (I'm not 100% sure this is even necessary - I have a few scenarios in mind but they're probably not possible in practice). While somebody might be able to hijack your domain for an hour to get a cert, I doubt they could maintain this for weeks at a time and avoid detection. I'm all for having controls on the use of email - but I'm not sure that the solution is to ditch it entirely. I guess it really depends on what you want SSL certs to prove. I'd argue that right now they don't meet the standard some people are proposing - so why worry about lowering the standard? The only way we're going to have really strong SSL certs would be if governments issued them and they were kept exclusively on smartcards so that the average member of the public wouldn't let them get out of control. That isn't going to happen soon (although one day it might - it would be a big hurdle against identity theft). You could have your webserver generate a CSR and then sign it yourself using your government-issued ID (that way you don't have to leave your ID card in your computer all the time). You could revoke your webserver at any time, and the government could revoke your ID at any time. Oh well, we can dream at least, can't we? _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
