On Thu, Feb 16, 2012 at 3:11 PM, Stephen Kent <[email protected]> wrote:
yes, the Federal bridge CA is a bad idea, as implemented.
Federal Bridge CA is a much better idea than what we have now.
Currently, we have large numbers of absolutely-trusted roots with no controls
on them other than ultimate distrust. Worse, we have no way to protect users
from misbehaving ones other than software update pushes. We have no actual way
to determine negligence except in light of what other people raise to us, and
the people who are supposed to raise things to us don't know what to look for,
what to tell us, or where to tell us. Negligence in private contracts is a
fairly difficult thing to prove, and carries almost no penalty.
FBCA has an ongoing audit and accreditation system (with heightened detection
of failures due to GAO oversight), has a working revocation system, and only
cross-certifies CAs run by people with a contract in place with a Federal
entity. This makes the negligent violation of the terms of the Federal Common
Certificate Policy a highly-detectable 10-20 year felony, with the ability to
shut down the affected root without a software push.
This is a better situation than the current lack of contracts in place with
(e.g.) Mozilla, and is a much better threat than what we've got right now ('go
out of business', not 'go to prison') once it's discovered.
I don't understand. How is FBCA "a bad idea, as implemented"?
I'm not talking about 'state" identities in most cases. Look at the IDs associated with most of the credentials that you hold. They include your name and a number. Your name is not globally unique, but a name plus a number managed by the authority IS unique, relative to that authority. This applies to credit cards, driver's licenses, frequent traveller cards, and passports.
I acknowledge your point. Relative to local authorities (who are authoritative for their own realms of use and utility), the name is not an identifier at all. The name is metadata associated with the locally-authoritative identifier, which is the unique assigned record number you refer to. Local authorites aren't authoritative for legal names, but legal names appear in and on the credentials they issue. This is why a strict binary interpretation of certificates fails: only individual components of the atomic certificate are what the local authority is authoritative for. There is no single authority for everything. Many authorities are authoritative for different parts of a person's gestalt identity. Each individual authority needs to issue credentials that are useful to itself and its served users. And, many times multiple authorities are necessary to really get the job done. In addition, these credentials are often useful for other social things which don't involve the original local authority, like "has an American Express Black card" is often seen as a status symbol. -Kyle H
Verify This Message with Penango.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
