On Fri, May 24, 2024 at 5:22 PM Aaron Gable <[email protected]> wrote:
> On the whole, I certainly agree with your sentiment here: Subscribers who > cannot replace a certificate in less than 5 days are not protecting the > privacy and the security of their users, and either need to improve their > response time or investigate non-WebPKI solutions. And CAs which knowingly > issue to such Subscribers (perhaps because that Subscriber has failed to > replace a certificate in a prior incident) are asking for trouble. > The problem is this: the “trouble” is being pushed onto the users of WebPKI, because the Subscriber’s unwillingness to accept prompt revocation is used along with what I think is bad faith abuse of the latitude provided to CAs to unilaterally delay revocation and therefore keep misissued certificates in use for an extended period of time (more than a month in some cases!). This represents real risk for the web, not only because in the event of a key compromise, if the pronouncements of the CAs in question are true, we would have to choose between an insecure web and harm to human health or critical infrastructure. Having misissued certificates (of any kind) in circulation harms the ability of WebPKI users to rely on the BRs’ guarantees, and risks interoperability issues for new entrants. Section 1.4.2 of the CPS does not have any requirement that WebPKI certificates not be used in critical contexts, but if we are told that it is disastrous to revoke these certificates in a timely manner, then perhaps there should be some minimum exclusions. (Perhaps there is a CA who genuinely believes that their certificates are reliable enough for such uses, though? A scan of some CPSes sort of indicates that, but I expect it is more omission than deliberate choice.) But I also think that issuing to such a Subscriber is not necessarily > itself a misissuance. The Subscriber has agreed to a legally binding > Subscriber Agreement which includes the necessary warranties. It is not > *necessarily* the CA's fault -- though it is their problem -- that the > Subscriber has failed to understand the full ramifications of that warranty. > I honestly don’t care about whose fault it is, just how to avoid this pattern repeating. Some of these Subscribers have been using a given CA’s certs for longer than the BRs have existed, and—barring *force majeure* use of something like OneCRL—the CAs are the only ones who can keep the risk and harm from being externalized to the users who rely on the WebPKI. CAs are knowingly entering into these arrangements, and if you’re correct that it’s not a misissuance then I don’t understand what point 8 being in the baseline requirements is. Relatedly, what is the purpose of requiring the acknowledgements of that section to be legally binding, if the CAs don’t have a responsibility to use that legal tool and revoke misused certificates? Any CA could themselves add such a clause to their terms if they wanted it themselves, but unfortunately I do not recall the motivation for making such a requirement part of the BRs. Maybe it’s in mailing list archives? Mike -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CADQzZqtoOnz5TXr9vh1tKrka%3DU3SC0vMLPoUhR7ySV4uqZViuw%40mail.gmail.com.
