On Fri, 25 Mar 2016, Stephen Kent wrote:
If the certificates are doppelgangers, wouldn't that mean that they
cannot have AIA's ? Otherwise at least one CA would be using an "unusual"
AIA revocation location that monitors would detect.
The doppelgangers could have AIAs, but they need not, and that is the
assumption I adopted here. In general it is in the interest of the CAs to not put AIAs
in these certs,
if the plan is to revoke one, but not the other. (Unless the CAs can control
which
revocation status info is accessible to targeted browser users, in which case
it doesn't
matter.)
I would hope that the CT ecosystem would see that if a CA always issues
with AIA in the EE-cert, and then it issues a cert where it does not,
that it would get flagged for a human to look at. Part of CT is keeping
an eye out on the CAs, and this clearly shows some unexpected behaviour
on one or two particular CA's for not including AIA's. It might not be
syntactically bogus, but hopefully something the clients and monitors
would keep an eye out for.
So it seems to me this attack is not very likely to succeed - or at
least would be a short-lived one with a guarantee of being detected.
So it comes with a big enigma problem.
Paul
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
