On 15/03/16 14:57, David A. Cooper wrote: <snip>
If there is an attack here, it seems that it would be as follows. Upon detection of the bogus certificate browsers determine that the subordinate CA is malicious and blacklist the cross-certificate from trust anchor 1 to subordinate CA, but don't blacklist any of the EE certificates issued by the subordinate CA (and the subordinate CA doesn't revoke them either). The browsers don't notice that there is a second cross-certificate for subordinate CA, from trust anchor 2, and so there continues to be a valid certification path for certificates issued by subordinate CA.
Yes, that is DKG's attack. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
