Hi, > And using Jacob's numbers from here: > > http://www.ietf.org/mail-archive/web/therightkey/current/msg00745.html
It is interesting that this rumour, which was started with the EFF's talk at DEFCON years ago, is still perpetuated. It has been disputed numerous times and is most likely inflated by at least a factor of 2. * DFN is not a collection of many CAs, but of one CA whose RAs are identified in intermediate certificates - they do not hold the private keys corresponding to the latter, however. They even document this fact publicly. * The number of organisations in the Mozilla root store holding CA certificates is below 100, although about 60 are waiting for inclusion. The number of root certificates is higher, but that is because many organisations operate under several brand names and use different root certs for different purposes (most notably EV). * That leaves us with an undisclosed number of intermediate certificates issued by CAs. Some of these may indicate subordinate CAs. This is a problem as browsers often cache such certs for later use (once trusted, always trusted). Mozilla has thus made it an obligation for CAs to disclose their subordinate CAs if they are not identical to the "mother organisation". The latter factor gives huge leeway in the number of certs accepted by browsers as root certs. But however you look at it, the number of such certs will be comfortably below 1000 - anything from the 150+ root certs in the Mozilla store up to a few hundred. Applied to CT, these numbers matter even less if gossiping, monitoring and auditing can be used. First, logs only accept a limited number of CAs, as a anti-flooding protection. I'd love to hear what CAs plan here - if their subordinates are eligible for acceptance by a log or not. And second, the gossiping between logs and between clients has an important effect: an attacker would have to compromise quite a few logs to make sure his MITM is effective. Just requiring, say, 3 SCTs in a handshake would already result in considerable work for the attacker (I know the current number is 2, though). There is no need for clients to cooperate with 1000 logs. That's my understanding at least - happy to hear comments. Ralph -- Ralph Holz I8 - Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ Phone +49.89.289.18010 PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
