On 21/05/15 13:56, Peter Kurrasch wrote:
Returning to your original post, Gerv
Thank you :-)
So here is where the difference really lies between government and
commercial CAs: control. Governments and, therefore, government CAs
wield a level of control that commercial entities normally do not. They
have the power to control who is allowed access to web sites that talk
about evolution or climate change or plans for citizen uprisings. They
have the ability to send agents to your home and harrass you for
engaging in immoral acts over the internet.
The power is genuinely immense, and since there is so much more at
stake, the security analysis must be considered differently than for
commercial CAs.
Other things governments have the power to do, which are relevant:
1) Mandate that all government websites (which, these days, citizens
often have no option but to use) use a particular CA, such as their
own;
2) Mandate that all websites hosted in their country use a particular
CA, such as their own;
3) Compel a CA within their borders to issue a certificate, and not
tell anyone.
1) and 2) are reasons why commercial pressures do not apply to
government CAs. 1) actually seems a reasonable thing for a government to
do - and it's one big reason why we have governmental CAs in the program
in the first place. 2) is, to my mind, not reasonable.
3) is sometimes given as a reason why government CAs are not all that
different from commercial CAs - if a government CA can't misissue a
cert, they can just compel a CA to do it for them, so what's the
difference?. But I think there are several differences:
* Not all governments have the power to compel silent cert creation
(some governments still have some ideas about civil liberties);
* Most governments do not host a CA within their borders;
* For those which do, there is sometimes a defence of severe hardship;
if the CA knew its business would be blown up were the misissuance
discovered, it could argue against being compelled to do so.
So while it may be possible to find a jurisdiction where there is no
effective difference between a government CA and a commercial CA hosted
there, I would say this is not true for the large majority of jurisdictions.
2) If it is different, does name-constraining government CAs make
things better, or not?
One situation that is addressed by name constraints is that today it's
generally possible for any CA to issue a cert for any domain. In the
context of a security analysis that's problematic which is why name
constraints has its appeal.
Combine that with the power of governments and add a dash of crime show
drama cliché: motive, means, opportunity. The desire--or, perhaps,
need--to institute controls gives governments the motive. The extent to
which governments own/operate/control the internet infrastructure (or
other access to web sites) and are able to issue certs provides the
means. And if any CA can issue any cert the opportunity is always there.
This is a relevant point. Without even considering motive, governments,
as opposed to commercial CAs, generally have both means and opportunity
to do MITM attacks on their citizens. A commercial CA generally does
not, although that's not entirely true, as some organizations which
control significant bits of internet infrastructure are also CAs or subCAs.
So if a decision is made to require name constraints by a government CA
that would have the benefit of limiting the opportunities for bad acts.
Absent that, are there other mechanisms worth considering that would
have a beneficial impact on the motive, means, opportunity formula? One
example that comes to mind is separating cert issuance with control of
the infrastructure.
I can see the superficial attractiveness of this, although I think that
it would have significantly greater definitional issues than what is a
government CA? How do you decide whether a company has enough control
of infrastructure that they can't be a CA? Do you consider local or only
international factors? What if they are a CA, and they grow - do you
have to stop trusting them? And so on.
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy