Gervase Markham wrote:
Ian G wrote:
Here's my view: we are already in State B.
Can you point to any financial losses caused by someone falsely trusting
certs issued by CAs trusted by Firefox?
In answer to your question, no. But this does not show
we are not in State B. As you've elided the definition
I proposed of State B, here it is again:
State B: we can not (any longer) trust all the CAs all the time.
The reason I suggest we are in that state is because we
can calculate or guess or even test how much it costs to
acquire a false cert.
Enacting the
policy will IMHO make no difference to the state, because
we are already there. I would have thought that was
abundantly clear from the Shmoo example, but I guess we
need more evidence to determine the truth or otherwise.
Everyone got blindsided by the Shmoo thing (although we shouldn't have
been), the CA concerned included. Blaming the CA alone is somewhat unfair.
I'm not blaming the CA. I'm saying that what happened
there was normal. It will happen again, in accordance
with the value of same. It's normal because any
application of agency theory, governance theory, systems
or security theory will show that the systems in place
are only statistical and have well understood holes
in them.
It will happen to *all* CAs. It will happen on a regular,
statistically modellable basis.
In security, the question of whether or not a false cert
can be obtained is meaningless. The questions that we
ask are ones of risks, costs and benefits. The pertinent
question for certs is:
how much does it cost and how much it is worth?
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
